last executing test programs:

7.494768351s ago: executing program 2 (id=3):
socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
setgroups(0x0, 0x0)
socket$inet6(0xa, 0x80002, 0x88)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000007fc0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0x55af)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r4, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x7a, &(0x7f0000000080), &(0x7f0000000000)=0x8)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ioperm(0x0, 0x6e, 0xe)
syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0)

7.101770521s ago: executing program 1 (id=2):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000280), 0x25, 0x40861)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
unshare(0x40400)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r6 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000000)={0x2108, r5}, 0x0)
process_vm_readv(r2, &(0x7f0000008400), 0x57, &(0x7f0000008640)=[{0x0}], 0x1, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0xbf)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CALIPSO_C_REMOVE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010025bd7000ffffdf25020000000800010003000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x8000)
ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'ipvlan0\x00', {0x2, 0x4e20, @loopback}})

7.050543899s ago: executing program 0 (id=1):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket(0x840000000002, 0x3, 0xfa)
getsockname$inet(r2, 0x0, &(0x7f0000002280))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x22)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000fc0), 0x0, 0x5)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000340)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}], 0x1)
ioctl$SG_GET_REQUEST_TABLE(r3, 0x2286, &(0x7f00000000c0))
tgkill(0x0, 0x0, 0x3f)
unshare(0x62040200)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@newlink={0x30, 0x10, 0x1, 0x70bd28, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x8, 0x3}, [@IFLA_TXQLEN={0x8, 0xd, 0x1}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x30, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x40003}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x46801}, 0x4000000)

6.980075944s ago: executing program 3 (id=4):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7f, 0x0, 0x9, 0xffffffffffffffff, 0xfffffe0000000005, 0xfa11, 0xffffffff}, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r2, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000100)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", '\x00', "3f4051c4", "a44a889722b66244"}, 0x28)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f00000001c0)={0x3, 0xfffffffffffffffa}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000740)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, {0x0, 0xa7}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x60, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x3}}}, @TCF_EM_META={0xc, 0x2}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x400c040}, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
recvmmsg(r2, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000b00)=""/81, 0x51}], 0x1}}], 0x1, 0x0, 0x0)

5.29765993s ago: executing program 1 (id=5):
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x301880)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xfffffffffffffea1, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x9}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet(0x2, 0x3, 0x2)
r3 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f00000001c0)={0x1, 0x0, 0x98, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
ioctl$BLKPG(r3, 0x1269, &(0x7f00000001c0)={0x2, 0x0, 0x98, &(0x7f00000000c0)={0x400, 0x1000, 0xd}})
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000400)={0x0, 0x2000}, 0x4)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x24000890}, 0x0)
pipe2$watch_queue(&(0x7f0000000000), 0x80)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000004700)={'team0\x00', <r7=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)={0x60, r6, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r7}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000431}, 0x4040084)

4.861312064s ago: executing program 2 (id=6):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @tid=r0}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
memfd_create(&(0x7f0000000380)='\xaa\xaa\xaa\xaa\xaa\x19\x9f&\xf9\xca(1\xc2\xe3\x1a_\xa8\x1bzj+\xf7U\xf9\x87\xa7\x8b\xec\\\xd3g\xe0h<P1E\xc9\xcdWT:\xbe\xdb\xa9\xba\x17\x86A\xd9\xd7\xad\xdb\x92p\xbfG\xa5\xfc\x9e!\xcd5:\xe9\xd4\xf8w\xa7Z\f\xdb\xe1S\x89Z\xf4%\xb74\x14`\xbc\x0e\xcb\xd6h\x9f\x92w\xd7\xe5S\x05\xe8\xf6\xcd\x9f-\x16j\x8aZ}\x8b4\xf21O=.R\xc8\xd5\x1f\x97\xda\xccw\xc9\x1dug\xa5\x11\x97\x03\x8a\'O\xae\x95\xbd\xfd,1ks\xa2\xb6\x89]\xb6[\xb1\xd2<\x9f\x8d\xecRh\xb7\xb7B\x95\xdb\x7f\xb8|+6\x95\xdb-B\xe5\x17_?\xa2c\xef\xf7c\x9f\x97\x84\xc7\x18\xf9\x9b\x18N\xba\xde\xdbu5\xdf\x85\xdf\x91\x97\xab+O;JpE#_\xf3\xb7\xf1\xfdD\xdd\xab\xb8L\x90\xb6\x1b\xbc6\xb2\xa6\x0f\xf4\x87\xde\x04\x00\x00\x00\x03\x92\xdbH\x88<\xf8\xf3R\xa0\xe3\x0f\x00\x00\x00\x00\x00\x00\x00\b\xa0\x7f^\x90\x85Bg(\xcf\xc7\xb6e\xdbQi\x82\x1d6j\xe1X<R\xb6B\xd8\x81\xff|\xb4\\\x90xTaX\x89\xc7\xb0\xd1 \x03\x15[\xa2)\xd6\v\xe6\x84q\x86;\xa3\\\xcb!\xff\xc7\xba\xa6\xa0\xdb\x99`[\x1fkX\xd5L\xe3\v;\x83E7\xccx,\xf5\a\xc8\x1f{h\x1be\xb0\xa1\x01\\T\xf60\"v\xd3\xf7\xa6{\x96\xc6\x950\x9a\x11\xec\xe8\x17\x1f\x14GC;64\xfb?\xa7\'b\x8aG\xd2\x1f\x99\xf9f<w\x88\x87!BO\x9e2IJ\xff\xe8\xd3\xf3\xed\x19!\t\b-w\x13\xaf\xf1\xaa7\x8b\xc6', 0x4)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x2, 0x4, 0x5, '\x00', 0x1})
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000500)={"34b30f02c5ccf6e3b71cda04b68b6891370cd0a442844b737a7254514f9ff20d0954650127067cd50d8f25db5fc9ccd4dbb2ecc29dc8dc51bcd2291a6a12912a3ce524ba851af6d1366d2b46f9f063dde6bea45fb0f4ab6a35088ea81c8a5ea6d0c3fbc6a89ae582119699a04f2be00b3aa3766c9f658af98e3122b00522a2ee14e3746ec2266e538c13710185ec5a7e4936e212c07483e1798957ffbb6311f2a13a7109d4293b216f78d59d41eb3af775e48d7a82a6c8f6476e2456a1a4288c672fbf1072ae9c51060f80707d1bc48eb1802a805df2ee990bcece5fe8b0ebba31c4d5efa47b3353aa02663aca26e817c88dc094d75330fbe2fea0037d4f92435d2eed5585bfaeddfdb50bb10bed6860313613f4a96d7d0b263cb0930f155ed09f2ff433f90d5065a376d43502ac8f17257c0fe5f448d9805a835286f2ff887e02e8a243902c124d3d52a1057f20a29ca1c012869a6d606e3440cc51cca66021bae0cf8c0a5af7a21c79481b1a31b98fe0c29fb5dfc5737442cdfad6421ec95345bd0165c6f6123e616873d97282e5098add56b95e805782aa67f237269b5b2b3e24edd1dc78f25130926496f5623ae306bc3d72d2b80f8939e60526330f873d00360441d906627f0183607151b1f03602050670984a3640871c2690496bbc8949fb63abd5033e508055dc0dd759913beba87e39e7af72170d622e2ecf9aeb4e479bbff8ad292a3a5bd70f8f433bc4b89be144ace57501f8f016868ed7dd8bab97f4f3feb242f4f620913c478058c036df363abbf7c239d340017c2de6b688e322c9b51c269aa110def3ad16337d197f3c452ac661bac7c0531c4d98618f99d750b0c3d8539051188a0f4583dd3538982e8a84121055cd721571ca98bb0c3ec3e446c4c7bc5c9b800367a859a00ef3a505327f9f2da247ce118a82deeb04ad22eeaf97dbd454518defd5adeb288a7842e9e2839ec587e3275abf3a812154080aa60182e60cb73b2020d2865551141ac1e077a3a3a764fff1b024346594f3a004197673c896069dc253f81dac7ca4e906bf2c0d241f59e4b8dad8549871e94b33755db2526223d1e290e300701a0a926033d515429f751f72a87f2eb0336cc72be75af2b75b82c70807718604aa9c6b3c2bc27551f1a0dcffc5eef025f86c13f1fbb426de372b15e4d6a63c4754cecd5071e25e8d6f5796830e7ef62b65c5c076ad2a9ab0850f97c5765ece5885caf0ca0d63a56c45d09c77553ba254983c05d7c722bd7e2061bb71e8e9a7cc444a24643ff32bb80f95ddf50455ed9b59288df68da87510cc3ff08521b39002fe8ea04ee30135324934c286cebc277a9189ac3322b96e8df8bd2a00a0a3da54b3dbe4e9cd46b762ac7f2c7ded1aa8c9741b675f7fe2dc699ab9a2615924fda6e879fc2ae27030d149ed88482945304447d8d027"})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
r4 = open(&(0x7f0000000080)='.\x00', 0x798202, 0x105)
fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, 0x0, 0x0, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x4]}, 0x8, 0x80000)
ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r6 = userfaultfd(0x1)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x91c6b000)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
readv(r6, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/114, 0x72}], 0x1)
syz_open_procfs(0x0, &(0x7f0000001040)='net/nf_conntrack_expect\x00')
syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff)
ioctl$UFFDIO_UNREGISTER(r6, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000000000/0x800000)=nil, 0x800000})

4.4610803s ago: executing program 3 (id=7):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000037}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
syz_create_resource$binfmt(0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x18, 0x68, 0x1}, 0x18}, 0x1, 0x0, 0x0, 0x20004880}, 0x0)
socket(0xa, 0x1, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r6)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0)
syz_clone(0x11, 0x0, 0xfffffffffffffede, 0x0, 0x0, 0x0)
read$FUSE(r5, &(0x7f0000003480)={0x2020}, 0x2020)

4.284464715s ago: executing program 0 (id=8):
mq_open(&(0x7f0000000000)='e_1\x00', 0x8c2, 0x30, &(0x7f0000000080)={0x8000000040000000, 0x7, 0x10000, 0x8})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
socket$netlink(0x10, 0x3, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r3, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000040)="1400000052004f030e789e7e27286d000a4149f3", 0x14)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000001bc0), 0x4)

2.747445712s ago: executing program 3 (id=9):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$ARCH_SHSTK_STATUS(0x1e, r0, 0x0, 0x5005)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0xfffffffffffffe5e)
timer_delete(0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
link(&(0x7f0000000940)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x162341, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
setreuid(0x0, 0x0)
fcntl$setlease(r4, 0x400, 0x1)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

2.626023031s ago: executing program 1 (id=10):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x78)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r5, 0x0, 0x0}, 0x10)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1})
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'erspan0\x00'})
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, &(0x7f0000000200)='bridge0\x00')

1.831393422s ago: executing program 2 (id=11):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0xfffffffe, 0x4)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4cff07000000000000bd700080000000021810000000fd0100000000080d0100ac14140018180101021800168014000300fc0000010000000000050000000000000600150002000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000080))
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
r5 = io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x8001002, 0x3d7})
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
r7 = socket(0x1e, 0x4, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r9, 0x201, 0x70bd2c, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
close_range(r5, 0xffffffffffffffff, 0x0)

1.206570132s ago: executing program 0 (id=12):
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000007d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200"], 0x0, 0x2010000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x40010)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='oom_adj\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
read$FUSE(r1, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$kcm(0x10, 0x6, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000280)="e262", 0x2}], 0x2}, 0x48050)
sendmsg(0xffffffffffffffff, 0x0, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0x491, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r4, 0x0, 0x486, 0x0, &(0x7f0000000200)=0x421)

853.080797ms ago: executing program 2 (id=13):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680))
madvise(&(0x7f00006bd000/0x4000)=nil, 0x4000, 0x10)
set_mempolicy(0x4005, &(0x7f0000000080)=0x4, 0x8)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000fff000/0x1000)=nil)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='.\x00', &(0x7f00000001c0)='cramfs\x00', 0x1000080, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x2fe041, 0x0)
preadv2(r2, &(0x7f0000000180), 0x0, 0x0, 0x5, 0x1)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x3b)

144.788145ms ago: executing program 3 (id=14):
r0 = socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, &(0x7f0000000280)={0x0, &(0x7f0000000380)})
syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
socket$phonet_pipe(0x23, 0x5, 0x2)
chdir(0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x4, 0x3}, 0x4)

33.38112ms ago: executing program 0 (id=15):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r0, 0x60}], 0x1, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xff, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x24040812)
sendmsg$nl_route(r1, 0x0, 0x0)
r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r7, 0x0, 0x240048a4)
openat$pmem0(0xffffffffffffff9c, &(0x7f0000001100), 0x80200, 0x0)
socket$inet6(0xa, 0x2, 0xf85d)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r8, 0x0, 0x0)
r9 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_SET_STRING(r9, 0x1, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=16):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r0, 0x0, 0xc114)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64=r1], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
fsopen(0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
unshare(0x6a040000)
r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x1f, 0x7ffdd000, 0x8000}], 0x320000)
kexec_load(0x2, 0x1, &(0x7f0000000140)=[{&(0x7f0000000080)="4c2a9e5fdbbd6e10d17cae3b91d35d734a99bc6074fb67a79fbdcb93ec0c7a03c7d6f538e40ee641013705c91365cb8a8e2da00766d6417883cab2493185e9a69c488747e20a6c377387c3223f906091c88dca43d7a411499dd0a227a1cd89882e9ac2206832b884c8684edc1d19693da78b49aa82d1749b89889d8bbc950d8ba4ef9d694141a5f2aa8a8c3ebe9f0d434ee5ec3354d99ff87422614e48c8d1b9f78f63e6203ad18ea2bb0721b3084e3dcd6ce355313c00", 0xb7, 0x3, 0x2}], 0x80000)
writev(r5, &(0x7f0000000540)=[{&(0x7f0000001680)='0', 0x1}, {&(0x7f00000007c0)="89", 0x1}], 0x2)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:14529' (ED25519) to the list of known hosts.
[   48.153300][ T5850] cgroup: Unknown subsys name 'net'
[   48.312212][ T5850] cgroup: Unknown subsys name 'cpuset'
[   48.319196][ T5850] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.535587][ T5850] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.408560][ T5940] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.432247][ T5950] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.435269][ T5950] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.438251][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.440757][ T5950] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   53.443868][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.447704][ T5950] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.452019][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.454814][ T5951] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.456133][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.459684][ T5951] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.461800][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.465101][ T5951] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.465820][ T5953] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   53.467338][ T5953] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   53.468042][ T5953] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   53.472280][ T5951] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.472597][ T5950] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.474220][ T5953] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   53.479411][ T5951] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.823352][ T5938] chnl_net:caif_netlink_parms(): no params data found
[   53.845564][ T5944] chnl_net:caif_netlink_parms(): no params data found
[   53.912760][ T5943] chnl_net:caif_netlink_parms(): no params data found
[   54.007616][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.011949][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.015497][ T5938] bridge_slave_0: entered allmulticast mode
[   54.021190][ T5938] bridge_slave_0: entered promiscuous mode
[   54.029856][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.033071][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.036563][ T5938] bridge_slave_1: entered allmulticast mode
[   54.040286][ T5938] bridge_slave_1: entered promiscuous mode
[   54.054260][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.056869][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.059425][ T5944] bridge_slave_0: entered allmulticast mode
[   54.062403][ T5944] bridge_slave_0: entered promiscuous mode
[   54.066480][ T5942] chnl_net:caif_netlink_parms(): no params data found
[   54.072515][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.074880][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.077737][ T5944] bridge_slave_1: entered allmulticast mode
[   54.080565][ T5944] bridge_slave_1: entered promiscuous mode
[   54.140086][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.170633][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.197839][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.202040][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.204905][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.207998][ T5943] bridge_slave_0: entered allmulticast mode
[   54.210936][ T5943] bridge_slave_0: entered promiscuous mode
[   54.215843][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.234371][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.237345][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.239954][ T5943] bridge_slave_1: entered allmulticast mode
[   54.242960][ T5943] bridge_slave_1: entered promiscuous mode
[   54.289814][ T5938] team0: Port device team_slave_0 added
[   54.294756][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.310815][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.316483][ T5944] team0: Port device team_slave_0 added
[   54.320608][ T5938] team0: Port device team_slave_1 added
[   54.325500][ T5944] team0: Port device team_slave_1 added
[   54.328460][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.331659][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.336384][ T5942] bridge_slave_0: entered allmulticast mode
[   54.340715][ T5942] bridge_slave_0: entered promiscuous mode
[   54.345794][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.349202][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.352385][ T5942] bridge_slave_1: entered allmulticast mode
[   54.356465][ T5942] bridge_slave_1: entered promiscuous mode
[   54.423311][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.426071][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.434588][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.441465][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.444344][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.465342][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.473778][ T5943] team0: Port device team_slave_0 added
[   54.479168][ T5943] team0: Port device team_slave_1 added
[   54.498048][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.502984][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.506311][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.518517][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.524448][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.527716][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.538992][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.556990][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.585147][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.588422][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.597765][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.603455][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.606268][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.615851][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.639625][ T5942] team0: Port device team_slave_0 added
[   54.645306][ T5942] team0: Port device team_slave_1 added
[   54.675465][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.678573][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.690102][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.701951][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.705121][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.716778][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.769065][ T5938] hsr_slave_0: entered promiscuous mode
[   54.771575][ T5938] hsr_slave_1: entered promiscuous mode
[   54.776978][ T5944] hsr_slave_0: entered promiscuous mode
[   54.779243][ T5944] hsr_slave_1: entered promiscuous mode
[   54.781440][ T5944] debugfs: 'hsr0' already exists in 'hsr'
[   54.783462][ T5944] Cannot create hsr debugfs directory
[   54.795438][ T5943] hsr_slave_0: entered promiscuous mode
[   54.798795][ T5943] hsr_slave_1: entered promiscuous mode
[   54.801650][ T5943] debugfs: 'hsr0' already exists in 'hsr'
[   54.803698][ T5943] Cannot create hsr debugfs directory
[   54.809637][ T5942] hsr_slave_0: entered promiscuous mode
[   54.812890][ T5942] hsr_slave_1: entered promiscuous mode
[   54.815371][ T5942] debugfs: 'hsr0' already exists in 'hsr'
[   54.817446][ T5942] Cannot create hsr debugfs directory
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x133000)
[   55.177364][ T5938] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.187175][ T5938] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.199883][ T5938] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.204988][ T5938] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.216528][ T1112] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[   55.218843][ T1112] ata1: failed to read log page 10h (errno=-5)
[   55.220964][ T1112] ata1.00: exception Emask 0x1 SAct 0x4002 SErr 0x0 action 0x0
[   55.223712][ T1112] ata1.00: irq_stat 0x41000000
[   55.225566][ T1112] ata1.00: failed command: WRITE FPDMA QUEUED
[   55.228010][ T1112] ata1.00: cmd 61/08:08:36:41:08/00:00:00:00:00/40 tag 1 ncq dma 4096 out
[   55.228010][ T1112]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   55.233647][ T1112] ata1.00: status: { DRDY }
[   55.235279][ T1112] ata1.00: error: { ABRT }
[   55.238138][ T1112] ata1.00: failed command: WRITE FPDMA QUEUED
[   55.240430][ T1112] ata1.00: cmd 61/98:70:9e:19:08/09:00:00:00:00/40 tag 14 ncq dma 1257472 ou
[   55.240430][ T1112]          res 50/04:01:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   55.246314][ T1112] ata1.00: status: { DRDY }
[   55.247960][ T1112] ata1.00: error: { ABRT }
[   55.249995][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.251640][ T1112] ata1.00: configured for UDMA/100
[   55.254945][ T1112] ata1: EH complete
[   55.257438][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.277631][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.282700][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.330754][ T5943] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.341878][ T5943] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.352429][ T5943] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.359363][ T5943] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.415513][ T5942] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   55.425598][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.429687][ T5942] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   55.435170][ T5942] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   55.444283][ T5942] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   55.473668][ T5938] 8021q: adding VLAN 0 to HW filter on device team0
[   55.489980][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.492800][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.507827][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.510190][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.540455][   T63] Bluetooth: hci3: command tx timeout
[   55.545933][   T63] Bluetooth: hci1: command tx timeout
[   55.545941][ T5946] Bluetooth: hci0: command tx timeout
[   55.546226][ T5946] Bluetooth: hci2: command tx timeout
[   55.558339][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.580453][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.612969][ T5943] 8021q: adding VLAN 0 to HW filter on device team0
[   55.617365][ T5944] 8021q: adding VLAN 0 to HW filter on device team0
[   55.631627][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.633954][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.639416][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.642134][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.646188][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.648616][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.654869][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.657532][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.662062][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.681141][ T5942] 8021q: adding VLAN 0 to HW filter on device team0
[   55.688371][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.691165][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.714491][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.717604][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.870738][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.900971][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.919520][ T5938] veth0_vlan: entered promiscuous mode
[   55.931281][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.951994][ T5938] veth1_vlan: entered promiscuous mode
[   55.986372][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.002698][ T5944] veth0_vlan: entered promiscuous mode
[   56.031802][ T5938] veth0_macvtap: entered promiscuous mode
[   56.039697][ T5944] veth1_vlan: entered promiscuous mode
[   56.044902][ T5943] veth0_vlan: entered promiscuous mode
[   56.054734][ T5938] veth1_macvtap: entered promiscuous mode
[   56.066561][ T5943] veth1_vlan: entered promiscuous mode
[   56.094554][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.103714][ T5942] veth0_vlan: entered promiscuous mode
[   56.113412][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.138034][   T46] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.141302][   T46] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.149484][ T5942] veth1_vlan: entered promiscuous mode
[   56.153380][ T5944] veth0_macvtap: entered promiscuous mode
[   56.157593][   T46] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.161970][   T46] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.185019][ T5943] veth0_macvtap: entered promiscuous mode
[   56.191534][ T5943] veth1_macvtap: entered promiscuous mode
[   56.197058][ T5944] veth1_macvtap: entered promiscuous mode
[   56.233174][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.233618][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.236343][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.255303][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.264460][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.268396][ T5942] veth0_macvtap: entered promiscuous mode
[   56.282276][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.286603][ T5942] veth1_macvtap: entered promiscuous mode
[   56.300581][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.303871][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.308449][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.312617][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.317434][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.337049][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.344629][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.349749][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.353542][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.362967][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.368127][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.368404][ T5938] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.391484][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.395239][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.414114][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.419348][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.446696][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.462498][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.478121][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.516912][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.522715][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.560440][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.563944][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.616098][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.618932][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.703606][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.718728][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.795573][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.801835][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.947078][ T6030] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[   56.950276][ T6030] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   56.960921][ T6030] vhci_hcd vhci_hcd.0: Device attached
[   57.148237][ T6030] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   57.376053][  T829] usb 42-1: SetAddress Request (2) to port 0
[   57.379091][  T829] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[   57.875868][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   58.026005][ T5940] Bluetooth: hci2: command tx timeout
[   58.029057][ T5940] Bluetooth: hci1: command tx timeout
[   58.031401][ T5940] Bluetooth: hci0: command tx timeout
[   58.033890][ T5940] Bluetooth: hci3: command tx timeout
[   58.322338][ T6031] vhci_hcd: connection reset by peer
[   58.327048][   T13] vhci_hcd vhci_hcd.2: stop threads
[   58.329561][   T13] vhci_hcd vhci_hcd.2: release socket
[   58.335725][   T13] vhci_hcd vhci_hcd.2: disconnect device
[   58.392528][ T6048] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'.
[   58.442654][ T6046] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.445853][ T6046] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.517351][ T6046] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   58.531449][ T6046] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   58.922277][ T5939] udevd[5939]: inotify_add_watch(7, /dev/pmem0p13, 10) failed: No such file or directory
[   59.008722][ T6047] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.013287][ T6047] 8021q: adding VLAN 0 to HW filter on device team0
[   59.030786][ T6047] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   59.063113][   T46] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   59.071671][   T46] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   59.100543][ T6053] bridge_slave_0: left allmulticast mode
[   59.103315][ T6053] bridge_slave_0: left promiscuous mode
[   59.107926][ T6053] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.146950][ T6053] bridge_slave_1: left allmulticast mode
[   59.149895][ T6053] bridge_slave_1: left promiscuous mode
[   59.153188][ T6053] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.174212][ T6053] bond0: (slave bond_slave_0): Releasing backup interface
[   59.188850][ T6057] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1415315873 (2830631746 ns) > initial count (1854604918 ns). Using initial count to start timer.
[   59.198956][ T6053] bond0: (slave bond_slave_1): Releasing backup interface
[   59.204701][ T6057] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3089888063 (3089888063 ns) > initial count (2126324423 ns). Using initial count to start timer.
[   59.229103][ T6053] team0: Port device team_slave_0 removed
[   59.244726][ T6053] team0: Port device team_slave_1 removed
[   59.250237][ T6053] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   59.252934][ T6053] batman_adv: batadv0: Removing interface: batadv_slave_0
[   59.262011][ T6053] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   59.264685][ T6053] batman_adv: batadv0: Removing interface: batadv_slave_1
[   59.269583][ T6053] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   59.309076][ T6055] team0: Mode changed to "loadbalance"
[   59.374569][   T46] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   59.384743][   T46] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   60.105809][ T5946] Bluetooth: hci3: command tx timeout
[   60.105824][ T5940] Bluetooth: hci0: command tx timeout
[   60.107820][ T5946] Bluetooth: hci1: command tx timeout
[   60.109707][ T5940] Bluetooth: hci2: command tx timeout
[   61.058335][ T6071] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[   61.060607][ T6071] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   61.091577][ T6071] vhci_hcd vhci_hcd.0: Device attached
[   61.414984][ T6074] random: crng reseeded on system resumption
[   61.417531][   T29] usb 38-1: SetAddress Request (2) to port 0
[   61.420082][   T29] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[   61.740275][ T6072] vhci_hcd: connection reset by peer
[   61.748917][   T13] vhci_hcd vhci_hcd.0: stop threads
[   61.754601][   T13] vhci_hcd vhci_hcd.0: release socket
[   61.777581][   T13] vhci_hcd vhci_hcd.0: disconnect device
[   61.785464][ T6084] random: crng reseeded on system resumption
[   62.175870][   T63] Bluetooth: hci2: command tx timeout
[   62.175990][ T5940] Bluetooth: hci1: command tx timeout
[   62.178639][ T5946] Bluetooth: hci0: command tx timeout
[   62.180615][ T5940] Bluetooth: hci3: command tx timeout
[   62.465764][ T6090] tipc: Started in network mode
[   62.470283][ T6090] tipc: Node identity 4, cluster identity 4711
[   62.488254][ T6090] tipc: Node number set to 4
[   62.576697][  T829] usb 42-1: device descriptor read/8, error -110
[   62.665805][   T40] audit: type=1326 audit(1775660135.799:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.0.12" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700ef6c code=0x0
[   62.998062][  T829] usb usb42-port1: attempt power cycle
[   63.145934][ T6101] MTD: Attempt to mount non-MTD device "/dev/loop2"
[   63.150863][ T6101] cramfs: wrong magic
[   63.931977][ T5940] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[   63.936151][ T5940] CPU: 0 UID: 0 PID: 5940 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) 
[   63.936169][ T5940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   63.936228][ T5940] Workqueue: hci3 hci_rx_work
[   63.936289][ T5940] Call Trace:
[   63.936294][ T5940]  <TASK>
[   63.936300][ T5940]  dump_stack_lvl+0x100/0x190
[   63.936333][ T5940]  sysfs_warn_dup.cold+0x1c/0x28
[   63.936353][ T5940]  sysfs_create_dir_ns+0x24b/0x2b0
[   63.936375][ T5940]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   63.936391][ T5940]  ? find_held_lock+0x2b/0x80
[   63.936403][ T5940]  ? kobject_add_internal+0x25f/0x930
[   63.936420][ T5940]  ? kobject_add_internal+0x25f/0x930
[   63.936436][ T5940]  ? do_raw_spin_unlock+0x145/0x1e0
[   63.936454][ T5940]  kobject_add_internal+0x2c8/0x930
[   63.936470][ T5940]  kobject_add+0x16a/0x1e0
[   63.936484][ T5940]  ? __pfx_kobject_add+0x10/0x10
[   63.936497][ T5940]  ? class_to_subsys+0x10f/0x150
[   63.936519][ T5940]  ? kobject_put+0xb9/0x640
[   63.936531][ T5940]  ? _raw_spin_unlock+0x28/0x50
[   63.936552][ T5940]  device_add+0x294/0x1950
[   63.936567][ T5940]  ? __pfx_dev_set_name+0x10/0x10
[   63.936584][ T5940]  ? __pfx_device_add+0x10/0x10
[   63.936599][ T5940]  ? mgmt_send_event_skb+0x2fb/0x460
[   63.936620][ T5940]  hci_conn_add_sysfs+0x1a3/0x260
[   63.936633][ T5940]  le_conn_complete_evt+0x11eb/0x1f60
[   63.936654][ T5940]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   63.936674][ T5940]  hci_le_conn_complete_evt+0x23c/0x3a0
[   63.936691][ T5940]  ? skb_pull_data+0x15f/0x1e0
[   63.936709][ T5940]  hci_le_meta_evt+0x34a/0x5f0
[   63.936727][ T5940]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[   63.936746][ T5940]  hci_event_packet+0x51c/0xcd0
[   63.936762][ T5940]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   63.936780][ T5940]  ? __pfx_hci_event_packet+0x10/0x10
[   63.936798][ T5940]  ? kcov_remote_start+0x374/0x660
[   63.936812][ T5940]  ? lockdep_hardirqs_on+0x78/0x100
[   63.936829][ T5940]  hci_rx_work+0x451/0xfc0
[   63.936850][ T5940]  process_one_work+0xa23/0x19a0
[   63.936873][ T5940]  ? __pfx_process_one_work+0x10/0x10
[   63.936893][ T5940]  ? __pfx_hci_rx_work+0x10/0x10
[   63.936910][ T5940]  worker_thread+0x5ef/0xe50
[   63.936930][ T5940]  ? __pfx_worker_thread+0x10/0x10
[   63.936947][ T5940]  ? kthread+0x13a/0x450
[   63.936961][ T5940]  ? __pfx_worker_thread+0x10/0x10
[   63.936977][ T5940]  kthread+0x370/0x450
[   63.936991][ T5940]  ? __pfx_kthread+0x10/0x10
[   63.937007][ T5940]  ret_from_fork+0x754/0xd80
[   63.937026][ T5940]  ? __pfx_ret_from_fork+0x10/0x10
[   63.937045][ T5940]  ? __switch_to+0x7b4/0x1120
[   63.937098][ T5940]  ? __pfx_kthread+0x10/0x10
[   63.937116][ T5940]  ret_from_fork_asm+0x1a/0x30
[   63.937138][ T5940]  </TASK>
[   63.937156][ T5940] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   63.956607][  T829] usb usb42-port1: unable to enumerate USB device
[   63.957139][ T5940] Bluetooth: hci3: failed to register connection device
[   64.039462][ T5940] ==================================================================
[   64.042059][ T5940] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xde7/0xf80
[   64.044678][ T5940] Read of size 8 at addr ffff888020ac4480 by task kworker/u33:2/5940
[   64.049652][ T5940] 
[   64.050507][ T5940] CPU: 0 UID: 0 PID: 5940 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) 
[   64.050523][ T5940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   64.050534][ T5940] Workqueue: hci3 hci_rx_work
[   64.050556][ T5940] Call Trace:
[   64.050562][ T5940]  <TASK>
[   64.050567][ T5940]  dump_stack_lvl+0x100/0x190
[   64.050587][ T5940]  print_report+0x156/0x4c9
[   64.050605][ T5940]  ? __virt_addr_valid+0x239/0x430
[   64.050623][ T5940]  ? l2cap_connect_cfm+0xde7/0xf80
[   64.050641][ T5940]  kasan_report+0xdf/0x1e0
[   64.050654][ T5940]  ? l2cap_connect_cfm+0xde7/0xf80
[   64.050671][ T5940]  l2cap_connect_cfm+0xde7/0xf80
[   64.050689][ T5940]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[   64.050705][ T5940]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[   64.050721][ T5940]  le_conn_complete_evt+0x197c/0x1f60
[   64.050739][ T5940]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   64.050756][ T5940]  hci_le_conn_complete_evt+0x23c/0x3a0
[   64.050772][ T5940]  ? skb_pull_data+0x15f/0x1e0
[   64.050787][ T5940]  hci_le_meta_evt+0x34a/0x5f0
[   64.050804][ T5940]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[   64.050821][ T5940]  hci_event_packet+0x51c/0xcd0
[   64.050836][ T5940]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   64.050853][ T5940]  ? __pfx_hci_event_packet+0x10/0x10
[   64.050869][ T5940]  ? kcov_remote_start+0x374/0x660
[   64.050880][ T5940]  ? lockdep_hardirqs_on+0x78/0x100
[   64.050892][ T5940]  hci_rx_work+0x451/0xfc0
[   64.050909][ T5940]  process_one_work+0xa23/0x19a0
[   64.050927][ T5940]  ? __pfx_process_one_work+0x10/0x10
[   64.050944][ T5940]  ? __pfx_hci_rx_work+0x10/0x10
[   64.051000][ T5940]  worker_thread+0x5ef/0xe50
[   64.051020][ T5940]  ? __pfx_worker_thread+0x10/0x10
[   64.051036][ T5940]  ? kthread+0x13a/0x450
[   64.051051][ T5940]  ? __pfx_worker_thread+0x10/0x10
[   64.051067][ T5940]  kthread+0x370/0x450
[   64.051082][ T5940]  ? __pfx_kthread+0x10/0x10
[   64.051098][ T5940]  ret_from_fork+0x754/0xd80
[   64.051116][ T5940]  ? __pfx_ret_from_fork+0x10/0x10
[   64.051132][ T5940]  ? __switch_to+0x7b4/0x1120
[   64.051145][ T5940]  ? __pfx_kthread+0x10/0x10
[   64.051159][ T5940]  ret_from_fork_asm+0x1a/0x30
[   64.051174][ T5940]  </TASK>
[   64.051178][ T5940] 
[   64.130684][ T5940] Allocated by task 5940:
[   64.132107][ T5940]  kasan_save_stack+0x30/0x50
[   64.133658][ T5940]  kasan_save_track+0x14/0x30
[   64.135239][ T5940]  __kasan_kmalloc+0xaa/0xb0
[   64.136749][ T5940]  l2cap_chan_create+0x44/0x940
[   64.138475][ T5940]  l2cap_sock_alloc.constprop.0+0xf5/0x1e0
[   64.140573][ T5940]  l2cap_sock_new_connection_cb+0x101/0x260
[   64.142590][ T5940]  l2cap_connect_cfm+0x4e2/0xf80
[   64.144234][ T5940]  le_conn_complete_evt+0x197c/0x1f60
[   64.145942][ T5940]  hci_le_conn_complete_evt+0x23c/0x3a0
[   64.147775][ T5940]  hci_le_meta_evt+0x34a/0x5f0
[   64.149401][ T5940]  hci_event_packet+0x51c/0xcd0
[   64.151077][ T5940]  hci_rx_work+0x451/0xfc0
[   64.152740][ T5940]  process_one_work+0xa23/0x19a0
[   64.154551][ T5940]  worker_thread+0x5ef/0xe50
[   64.156270][ T5940]  kthread+0x370/0x450
[   64.157672][ T5940]  ret_from_fork+0x754/0xd80
[   64.159200][ T5940]  ret_from_fork_asm+0x1a/0x30
[   64.160732][ T5940] 
[   64.161507][ T5940] Freed by task 6108:
[   64.162792][ T5940]  kasan_save_stack+0x30/0x50
[   64.164305][ T5940]  kasan_save_track+0x14/0x30
[   64.165817][ T5940]  kasan_save_free_info+0x3b/0x70
[   64.167598][ T5940]  __kasan_slab_free+0x5f/0x80
[   64.169488][ T5940]  kfree+0x1f6/0x6b0
[   64.171042][ T5940]  l2cap_chan_put+0x235/0x300
[   64.172642][ T5940]  l2cap_sock_cleanup_listen+0x4d/0x2d0
[   64.174430][ T5940]  l2cap_sock_release+0x69/0x280
[   64.176088][ T5940]  __sock_release+0xb3/0x260
[   64.177573][ T5940]  sock_close+0x1c/0x30
[   64.178983][ T5940]  __fput+0x3ff/0xb40
[   64.180276][ T5940]  task_work_run+0x150/0x240
[   64.181782][ T5940]  exit_to_user_mode_loop+0x100/0x4a0
[   64.183542][ T5940]  __do_fast_syscall_32+0x578/0x8c0
[   64.185263][ T5940]  do_fast_syscall_32+0x32/0x70
[   64.186901][ T5940]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   64.189228][ T5940] 
[   64.190066][ T5940] The buggy address belongs to the object at ffff888020ac4000
[   64.190066][ T5940]  which belongs to the cache kmalloc-2k of size 2048
[   64.194561][ T5940] The buggy address is located 1152 bytes inside of
[   64.194561][ T5940]  freed 2048-byte region [ffff888020ac4000, ffff888020ac4800)
[   64.198985][ T5940] 
[   64.199831][ T5940] The buggy address belongs to the physical page:
[   64.202154][ T5940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888020ac7000 pfn:0x20ac0
[   64.205395][ T5940] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   64.208037][ T5940] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[   64.210679][ T5940] page_type: f5(slab)
[   64.212184][ T5940] raw: 00fff00000000240 ffff88801b842f00 ffff88801b840948 ffffea000095a210
[   64.215379][ T5940] raw: ffff888020ac7000 0000000800080007 00000000f5000000 0000000000000000
[   64.218356][ T5940] head: 00fff00000000240 ffff88801b842f00 ffff88801b840948 ffffea000095a210
[   64.221104][ T5940] head: ffff888020ac7000 0000000800080007 00000000f5000000 0000000000000000
[   64.223879][ T5940] head: 00fff00000000003 ffffea000082b001 00000000ffffffff 00000000ffffffff
[   64.227067][ T5940] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   64.230141][ T5940] page dumped because: kasan: bad access detected
[   64.232212][ T5940] page_owner tracks the page as allocated
[   64.233978][ T5940] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5943, tgid 5943 (syz-executor), ts 54659135991, free_ts 23769647355
[   64.241110][ T5940]  post_alloc_hook+0x153/0x170
[   64.242823][ T5940]  get_page_from_freelist+0x111d/0x3140
[   64.244616][ T5940]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[   64.246444][ T5940]  new_slab+0xa6/0x6b0
[   64.247745][ T5940]  refill_objects+0x26b/0x400
[   64.249275][ T5940]  __pcs_replace_empty_main+0x1ab/0x660
[   64.251150][ T5940]  __kmalloc_cache_noprof+0x493/0x6f0
[   64.253052][ T5940]  rtnl_newlink+0x126/0x2380
[   64.254663][ T5940]  rtnetlink_rcv_msg+0x95e/0xe90
[   64.256371][ T5940]  netlink_rcv_skb+0x159/0x420
[   64.257970][ T5940]  netlink_unicast+0x5aa/0x870
[   64.259550][ T5940]  netlink_sendmsg+0x8b0/0xda0
[   64.261057][ T5940]  __sys_sendto+0x468/0x4b0
[   64.262544][ T5940]  __ia32_compat_sys_socketcall+0x59a/0x770
[   64.264502][ T5940]  do_int80_emulation+0x141/0x6b0
[   64.266293][ T5940]  asm_int80_emulation+0x1a/0x20
[   64.268191][ T5940] page last free pid 829 tgid 829 stack trace:
[   64.270689][ T5940]  __free_frozen_pages+0x7e1/0x10d0
[   64.272358][ T5940]  vfree.part.0+0x12b/0x9d0
[   64.273827][ T5940]  delayed_vfree_work+0x8e/0xd0
[   64.275380][ T5940]  process_one_work+0xa23/0x19a0
[   64.276929][ T5940]  worker_thread+0x5ef/0xe50
[   64.278391][ T5940]  kthread+0x370/0x450
[   64.279747][ T5940]  ret_from_fork+0x754/0xd80
[   64.281286][ T5940]  ret_from_fork_asm+0x1a/0x30
[   64.283072][ T5940] 
[   64.284042][ T5940] Memory state around the buggy address:
[   64.286062][ T5940]  ffff888020ac4380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.288656][ T5940]  ffff888020ac4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.291175][ T5940] >ffff888020ac4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.293703][ T5940]                    ^
[   64.295040][ T5940]  ffff888020ac4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.297691][ T5940]  ffff888020ac4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.300677][ T5940] ==================================================================
[   64.304259][ T5940] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   64.306588][ T5940] CPU: 0 UID: 0 PID: 5940 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) 
[   64.309655][ T5940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   64.313320][ T5940] Workqueue: hci3 hci_rx_work
[   64.315248][ T5940] Call Trace:
[   64.316491][ T5940]  <TASK>
[   64.317479][ T5940]  dump_stack_lvl+0x100/0x190
[   64.319103][ T5940]  vpanic+0x552/0x970
[   64.320701][ T5940]  ? __pfx_vpanic+0x10/0x10
[   64.322335][ T5940]  ? l2cap_connect_cfm+0xde7/0xf80
[   64.324035][ T5940]  panic+0xd1/0xe0
[   64.325245][ T5940]  ? __pfx_panic+0x10/0x10
[   64.326669][ T5940]  ? l2cap_connect_cfm+0xde7/0xf80
[   64.328423][ T5940]  ? preempt_schedule_common+0x42/0xc0
[   64.330515][ T5940]  check_panic_on_warn.cold+0x19/0x34
[   64.332681][ T5940]  end_report.part.0+0x3a/0x90
[   64.334337][ T5940]  kasan_report.cold+0xe/0x18
[   64.335892][ T5940]  ? l2cap_connect_cfm+0xde7/0xf80
[   64.337528][ T5940]  l2cap_connect_cfm+0xde7/0xf80
[   64.339171][ T5940]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[   64.340892][ T5940]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[   64.343324][ T5940]  le_conn_complete_evt+0x197c/0x1f60
[   64.345714][ T5940]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   64.348077][ T5940]  hci_le_conn_complete_evt+0x23c/0x3a0
[   64.350301][ T5940]  ? skb_pull_data+0x15f/0x1e0
[   64.352172][ T5940]  hci_le_meta_evt+0x34a/0x5f0
[   64.353936][ T5940]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[   64.356061][ T5940]  hci_event_packet+0x51c/0xcd0
[   64.357789][ T5940]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   64.359560][ T5940]  ? __pfx_hci_event_packet+0x10/0x10
[   64.361266][ T5940]  ? kcov_remote_start+0x374/0x660
[   64.362910][ T5940]  ? lockdep_hardirqs_on+0x78/0x100
[   64.364592][ T5940]  hci_rx_work+0x451/0xfc0
[   64.366198][ T5940]  process_one_work+0xa23/0x19a0
[   64.368266][ T5940]  ? __pfx_process_one_work+0x10/0x10
[   64.370265][ T5940]  ? __pfx_hci_rx_work+0x10/0x10
[   64.371895][ T5940]  worker_thread+0x5ef/0xe50
[   64.373384][ T5940]  ? __pfx_worker_thread+0x10/0x10
[   64.375099][ T5940]  ? kthread+0x13a/0x450
[   64.376474][ T5940]  ? __pfx_worker_thread+0x10/0x10
[   64.378162][ T5940]  kthread+0x370/0x450
[   64.379534][ T5940]  ? __pfx_kthread+0x10/0x10
[   64.381188][ T5940]  ret_from_fork+0x754/0xd80
[   64.382930][ T5940]  ? __pfx_ret_from_fork+0x10/0x10
[   64.384930][ T5940]  ? __switch_to+0x7b4/0x1120
[   64.386584][ T5940]  ? __pfx_kthread+0x10/0x10
[   64.388111][ T5940]  ret_from_fork_asm+0x1a/0x30
[   64.389677][ T5940]  </TASK>
[   64.391377][ T5940] Kernel Offset: disabled
[   64.392825][ T5940] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:55:37  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85783fb5 RDI=ffffffff9b498680 RBP=ffffffff9b498640 RSP=ffffc90004e2f250
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6130323038386552
R12=0000000000000000 R13=0000000000000064 R14=0000000000000010 R15=ffffffff85783f50
RIP=ffffffff85783fdf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097140000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000000c36a5c6 CR3=000000006c25a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000009800000000 0000000200000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000011c00000000 0000000700000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=dffffc0000000000 RBX=ffffffff940f3ce8 RCX=ffffffff827d2eae RDX=1ffffffff1c2631d
RSI=ffffffff8c1b1da0 RDI=ffffffff8e1318e8 RBP=0000000000000001 RSP=ffffc90006a272d0
R8 =0000000000000000 R9 =fffffbfff21b4002 R10=ffffffff90da0017 R11=0000000000000000
R12=ffff88802b07a000 R13=ffffe8ffac17cd00 R14=ffffe8ffac17cd10 R15=0000607f14f3cd00
RIP=ffffffff81ecdf71 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097240000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=000000006aef3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000003 RBX=000000001e51a246 RCX=ffffffff84f57914 RDX=00000000000007d4
RSI=0000000000000000 RDI=0000000000000007 RBP=ffff88806de1782c RSP=ffffc90003ef7190
R8 =0000000000000007 R9 =0000000000000000 R10=00000000000007d5 R11=0000000000000000
R12=dffffc0000000000 R13=00000000000007d4 R14=00000000000007d3 R15=0000000000000000
RIP=ffffffff82083c30 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fe8c29f4300 ffffffff 00c00000
GS =0000 ffff888097340000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000056185c6b2ec8 CR3=0000000027215000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=2f0784e9d3075928 fb49b63a0040aa61 2f0784e9d3075928 fb49b63a0040aa61 2f0784e9d3075928 fb49b63a0040aa61 2f0784e9d3075928 fb49b63a0040aa61
ZMM18=d1365c740e00b472 f1b325faee46a7ff d1365c740e00b472 f1b325faee46a7ff d1365c740e00b472 f1b325faee46a7ff d1365c740e00b472 f1b325faee46a7ff
ZMM19=ce01000000000000 0000000000000004 ce01000000000000 0000000000000003 ce01000000000000 0000000000000002 ce01000000000000 0000000000000001
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8a0c00e3 ffffffff84dfa328 ffffffff828c7f55 ffffffff81d04dec
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8a2c6701 ffffffff829cf27e ffffffff82433116 ffffffff828c7bfe
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8893c20b ffffffff81ce5fb2 ffffffff8ad5e076 ffffffff8a59a65f
ZMM24=ee46a7ffee46a7ff ee46a7ffee46a7ff ee46a7ffee46a7ff ee46a7ffee46a7ff ee46a7ffee46a7ff ee46a7ffee46a7ff ee46a7ffee46a7ff ee46a7ffee46a7ff
ZMM25=f1b325faf1b325fa f1b325faf1b325fa f1b325faf1b325fa f1b325faf1b325fa f1b325faf1b325fa f1b325faf1b325fa f1b325faf1b325fa f1b325faf1b325fa
ZMM26=0e00b4720e00b472 0e00b4720e00b472 0e00b4720e00b472 0e00b4720e00b472 0e00b4720e00b472 0e00b4720e00b472 0e00b4720e00b472 0e00b4720e00b472
ZMM27=d1365c74d1365c74 d1365c74d1365c74 d1365c74d1365c74 d1365c74d1365c74 d1365c74d1365c74 d1365c74d1365c74 d1365c74d1365c74 d1365c74d1365c74
ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=cc010000cc010000 cc010000cc010000 cc010000cc010000 cc010000cc010000 cc010000cc010000 cc010000cc010000 cc010000cc010000 cc010000cc010000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffffea0001550300 RCX=ffffffff824ed2b5 RDX=0000000000000000
RSI=00000000000000f5 RDI=ffff888029e20000 RBP=0000000000000000 RSP=ffffc900069d74c0
R8 =0000000000000005 R9 =00000000000000f5 R10=0000000000000000 R11=0000000000000000
R12=ffffea0001550300 R13=ffffea0001550300 R14=ffff88806c257090 R15=800000005540c067
RIP=ffffffff82083c70 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097440000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000030007ff8 CR3=000000006c25a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000009800000000 0000000200000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000011c00000000 0000000700000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000