last executing test programs:

16.594968731s ago: executing program 2 (id=214):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0))
perf_event_open(0x0, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f0000000180))
ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f00000002c0))

15.845108296s ago: executing program 2 (id=218):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open$cgroup(&(0x7f00000001c0)={0x2, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)

15.761838534s ago: executing program 1 (id=221):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0xd, &(0x7f0000000340)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x29}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000000)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000640)="6a03e63a4905f8e8dc01cf21f8f7", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x18000000000002a0, 0x38, 0x0, &(0x7f0000000140)="b9ff0300600d698cff9e14f086dd", 0x0, 0x63, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)="5c00000014006b03000000d86e6c1d0010ffff0af32c6e021fffffff000000000f00000017d3a705251e6182949a369f3d3b48dfd8cd3f9367c1fa51f60a64c9f4d4938037e786a6d0bdd7000000000000eaffffffb3d59256a5a2fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x200040c0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x7, 0x1}, 0x100c, 0x0, 0x2, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00'}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

15.761397504s ago: executing program 2 (id=223):
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1bee, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0x5}, 0x200, 0x1, 0x0, 0x8}, 0x0, 0xb, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e000000000000000700400009"], 0x50)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000))
r1 = socket$kcm(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a000000020000000200000004"], 0x2d)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000004000000080004000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000300)}, 0x20)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000a17000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x58, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
sendmsg$inet(r1, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0x0)

15.365156825s ago: executing program 0 (id=224):
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@map, 0xb, 0x827ed272583e9fa3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

15.364776516s ago: executing program 0 (id=225):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x400000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x24}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
socketpair(0x26, 0x5, 0x0, &(0x7f0000000000))

15.364553923s ago: executing program 1 (id=226):
r0 = perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x9, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0xc002, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x7, 0x9, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
perf_event_open$cgroup(&(0x7f0000000e40)={0x5, 0x80, 0x8, 0x7, 0x81, 0x75, 0x0, 0x4, 0x40400, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3ff, 0x2, @perf_bp={0x0, 0x8}, 0x0, 0x7, 0x80000000, 0x1, 0x401, 0x3, 0x8, 0x0, 0x8000006, 0x0, 0x8}, 0xffffffffffffffff, 0x0, r0, 0xb)

15.305375048s ago: executing program 2 (id=227):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x7, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000240), &(0x7f0000000340)=""/86}, 0x20)

15.305187657s ago: executing program 1 (id=228):
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x8, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000, 0x400, 0x0, 0x1, 0x8, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
recvmsg(r0, 0x0, 0x40002041)
r1 = socket$kcm(0x25, 0x1, 0x0)
recvmsg(r1, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x40010040)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea608641602f36504001a00381931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb3678a40cb53fc8d8faaafe63e09e8b", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000a00)=""/254, 0xfe}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000003980)=""/4043, 0xfcb}, {&(0x7f0000000380)=""/197, 0xc5}, {&(0x7f0000000f40)=""/213, 0xd5}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/209, 0xd1}, {&(0x7f0000000b00)=""/225, 0xe1}, {&(0x7f0000000540)=""/159, 0x9f}, {&(0x7f0000000c00)=""/208, 0xd0}], 0xa}, 0x40012100)
recvmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

15.30503674s ago: executing program 2 (id=229):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0, 0x7ff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000f8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r2}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000100000004040000fb007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e4845500a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491dc6aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291beea56ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124e16b64a5d1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba515d4cc28d702287fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000633c77fbac141412e000002062079f4b4d2f87e5feca6aab845013f2325f1a3903050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f90931dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c)

15.205027305s ago: executing program 2 (id=230):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x200, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r1, 0x0, 0x600)
socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe129, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_bp={0x0, 0xe}, 0x2018, 0x2, 0x0, 0x8, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x215}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
socket$kcm(0x2, 0x2, 0x0)
r2 = socket$kcm(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$kcm(0x23, 0x2, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000180))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a00)='blkio.throttle.io_serviced\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, 0x0, 0x0)
sendmsg$kcm(r2, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r5 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r5, 0x1, 0x3e, &(0x7f00000002c0)=r4, 0x161)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYRES32=r4, @ANYBLOB="173900"/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB, @ANYRES32=r3, @ANYBLOB='\x00\x00\x00'], 0x50)
sendmsg$inet(r5, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{0x0}], 0x1, &(0x7f0000007880)}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})

15.204865321s ago: executing program 0 (id=231):
socket$kcm(0xa, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x3, &(0x7f0000000000)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
socket$kcm(0x2, 0x1000000000000002, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x183241, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0x2, 0x4, 0x7, 0x80, 0x0, 0x1}, 0x50)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x2, 0x0, 0xfff9, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x161)
sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380), 0xff7a}], 0x1, &(0x7f0000007880)=[@ip_tos_u8={{0x11, 0x34000}}, @ip_pktinfo={{0x1c, 0xfd000f00, 0x8, {0x0, @remote, @multicast1}}}, @ip_pktinfo={{0x1c, 0x28f0700, 0x8, {0x0, @empty=0xa0050000}}}, @ip_retopts={{0x24, 0x0, 0x7, {[@ra={0x94, 0x4}, @timestamp={0x44, 0x10, 0x88, 0x0, 0x0, [0x0, 0x0, 0x0]}]}}}, @ip_tos_u8={{0x11}}], 0x98}, 0x0)

15.085418856s ago: executing program 1 (id=232):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0xc, [@enum={0x1, 0x1, 0x0, 0x6, 0x4, [{0x9, 0x9}]}]}, {0x0, [0x5f, 0x2e, 0x5f, 0x30, 0x30, 0x5f, 0x61, 0x30, 0x2e, 0x5f]}}, 0x0, 0x38, 0x0, 0x1, 0x7}, 0x28)

15.085242694s ago: executing program 1 (id=233):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffda1, &(0x7f0000000080)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9041c1d0800fe007c05e8fe55a109000101ff02142603600e12080005007a010401a80016002000034004020000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x4008010)

15.085085787s ago: executing program 0 (id=234):
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33)

15.084944423s ago: executing program 0 (id=235):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'dummy0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))

15.084887507s ago: executing program 0 (id=236):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)

115.103µs ago: executing program 1 (id=237):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000022003505d25a806f8c6394f90235fc60", 0x14}], 0x1}, 0x0)

0s ago: executing program 32 (id=236):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:60959' (ED25519) to the list of known hosts.
syzkaller login: [   40.779746][ T5767] cgroup: Unknown subsys name 'net'
[   40.907359][ T5767] cgroup: Unknown subsys name 'cpuset'
[   40.911485][ T5767] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.200976][ T5767] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   45.365689][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   45.368471][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   45.371304][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   45.375009][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   45.377654][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   45.423634][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   45.426452][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   45.429379][ T5220] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   45.432340][ T5220] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   45.436387][ T5220] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   45.438965][ T5220] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   45.441365][ T5220] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   45.444516][ T5220] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   45.465820][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   45.471404][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   45.629225][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   45.672238][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   45.731043][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.733729][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.737440][ T5827] bridge_slave_0: entered allmulticast mode
[   45.740361][ T5827] bridge_slave_0: entered promiscuous mode
[   45.743999][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.746752][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.749361][ T5827] bridge_slave_1: entered allmulticast mode
[   45.752354][ T5827] bridge_slave_1: entered promiscuous mode
[   45.813758][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   45.818754][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   45.824326][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   45.862646][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.865172][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.867429][ T5831] bridge_slave_0: entered allmulticast mode
[   45.870046][ T5831] bridge_slave_0: entered promiscuous mode
[   45.888102][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.890411][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.892725][ T5831] bridge_slave_1: entered allmulticast mode
[   45.895607][ T5831] bridge_slave_1: entered promiscuous mode
[   45.899340][ T5827] team0: Port device team_slave_0 added
[   45.919261][ T5827] team0: Port device team_slave_1 added
[   45.930006][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   45.934346][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   45.957781][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.960429][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.962953][ T5833] bridge_slave_0: entered allmulticast mode
[   45.967096][ T5833] bridge_slave_0: entered promiscuous mode
[   45.970010][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.972345][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.976064][ T5833] bridge_slave_1: entered allmulticast mode
[   45.978875][ T5833] bridge_slave_1: entered promiscuous mode
[   46.001031][ T5831] team0: Port device team_slave_0 added
[   46.023274][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.025883][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.034100][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.039702][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.041923][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.049891][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.054500][ T5831] team0: Port device team_slave_1 added
[   46.065426][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.087806][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.091937][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.094142][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.102534][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.119991][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.122291][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.130871][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.137412][ T5827] hsr_slave_0: entered promiscuous mode
[   46.139784][ T5827] hsr_slave_1: entered promiscuous mode
[   46.154399][ T5833] team0: Port device team_slave_0 added
[   46.158776][ T5833] team0: Port device team_slave_1 added
[   46.209505][ T5831] hsr_slave_0: entered promiscuous mode
[   46.211859][ T5831] hsr_slave_1: entered promiscuous mode
[   46.214009][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   46.217417][ T5831] Cannot create hsr debugfs directory
[   46.230892][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.233129][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.241689][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.262610][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.264984][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.273078][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.332414][ T5833] hsr_slave_0: entered promiscuous mode
[   46.336080][ T5833] hsr_slave_1: entered promiscuous mode
[   46.338197][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   46.340646][ T5833] Cannot create hsr debugfs directory
[   46.421992][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   46.427457][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   46.441757][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   46.456964][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   46.500161][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   46.510150][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   46.529885][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   46.536460][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   46.553218][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.555734][ T5827] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.558359][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.560873][ T5827] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.581448][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   46.588915][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   46.594013][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   46.601104][ T4279] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.604501][ T4279] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.616489][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   46.682654][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.710541][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.723421][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   46.732149][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   46.740738][ T4279] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.742987][ T4279] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.747516][ T4279] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.749725][ T4279] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.765678][ T4279] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.768028][ T4279] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.782068][ T4279] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.784253][ T4279] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.812400][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.833786][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   46.842965][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   46.862649][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.865621][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.876056][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.878463][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.968972][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   46.984401][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.015952][ T5831] veth0_vlan: entered promiscuous mode
[   47.021566][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.034417][ T5831] veth1_vlan: entered promiscuous mode
[   47.040301][ T5827] veth0_vlan: entered promiscuous mode
[   47.047972][ T5827] veth1_vlan: entered promiscuous mode
[   47.080912][ T5831] veth0_macvtap: entered promiscuous mode
[   47.088438][ T5831] veth1_macvtap: entered promiscuous mode
[   47.093842][ T5827] veth0_macvtap: entered promiscuous mode
[   47.097562][ T5833] veth0_vlan: entered promiscuous mode
[   47.102878][ T5833] veth1_vlan: entered promiscuous mode
[   47.112841][ T5827] veth1_macvtap: entered promiscuous mode
[   47.120640][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.129447][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.139806][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.143060][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.146193][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.148930][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.151712][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.161755][ T5833] veth0_macvtap: entered promiscuous mode
[   47.167395][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.176352][ T5833] veth1_macvtap: entered promiscuous mode
[   47.183832][ T5827] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.187696][ T5827] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.190425][ T5827] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.193158][ T5827] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.223489][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.250543][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.258474][ T5833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.258886][ T4279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.262231][ T5833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.270379][ T4279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.271045][ T5833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.279810][ T5833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.318344][ T4279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.321263][ T4279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.350961][ T4279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.353605][ T4279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.390363][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   47.391272][ T4279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.401456][ T4279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.405084][ T5836] Bluetooth: hci0: command tx timeout
[   47.418387][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.421362][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.456751][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.462208][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.485252][ T5836] Bluetooth: hci1: command tx timeout
[   47.558778][ T5836] Bluetooth: hci2: command tx timeout
[   48.012812][ T5929] warning: `syz.0.14' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   48.059492][ T5933] IPv6: NLM_F_REPLACE set, but no existing node found!
[   48.121508][ T5931] Driver unsupported XDP return value 0 on prog  (id 6) dev N/A, expect packet loss!
[   48.870203][ T5976] netlink: 830 bytes leftover after parsing attributes in process `syz.0.36'.
[   49.474800][ T5836] Bluetooth: hci0: command tx timeout
[   49.554794][ T5836] Bluetooth: hci1: command tx timeout
[   49.634779][ T5836] Bluetooth: hci2: command tx timeout
[   50.078815][ T5982] syz.2.40 (5982) used greatest stack depth: 20528 bytes left
[   50.245607][ T6020] netlink: 14566 bytes leftover after parsing attributes in process `syz.0.56'.
[   50.341085][ T6026] syzkaller0: entered promiscuous mode
[   50.343006][ T6026] syzkaller0: entered allmulticast mode
[   50.676680][ T6046] cgroup: fork rejected by pids controller in /syz1
[   51.184265][ T6051] netlink: 'syz.0.70': attribute type 1 has an invalid length.
[   51.191980][ T6051] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.70'.
[   51.555674][ T5836] Bluetooth: hci0: command tx timeout
[   51.714825][ T5836] Bluetooth: hci2: command tx timeout
[   52.635799][ T5844] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.676532][ T5844] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.745618][ T5844] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.813253][ T5844] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.930664][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   52.933529][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   52.937672][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   52.942693][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   52.948630][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   52.962664][ T6086] openvswitch: netlink: Flow key attr not present in new flow.
[   52.971097][ T6088] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   53.049055][ T5844] bridge_slave_1: left allmulticast mode
[   53.050949][ T5844] bridge_slave_1: left promiscuous mode
[   53.053104][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.087455][ T5844] bridge_slave_0: left allmulticast mode
[   53.089324][ T5844] bridge_slave_0: left promiscuous mode
[   53.091193][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.274160][ T6103] netlink: 'syz.0.91': attribute type 2 has an invalid length.
[   53.277787][ T6103] netlink: 'syz.0.91': attribute type 8 has an invalid length.
[   53.280253][ T6103] netlink: 132 bytes leftover after parsing attributes in process `syz.0.91'.
[   53.324298][ T5844] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   53.329832][ T5844] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   53.333381][ T5844] bond0 (unregistering): Released all slaves
[   53.512288][ T6097] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   53.546188][ T6097] syz.2.88 (6097) used greatest stack depth: 19320 bytes left
[   53.634800][   T54] Bluetooth: hci0: command tx timeout
[   53.794810][   T54] Bluetooth: hci2: command tx timeout
[   53.869430][ T5844] hsr_slave_0: left promiscuous mode
[   53.875642][ T5844] hsr_slave_1: left promiscuous mode
[   53.878324][ T5844] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   53.880890][ T5844] batman_adv: batadv0: Removing interface: batadv_slave_0
[   53.896645][ T5844] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   53.899048][ T5844] batman_adv: batadv0: Removing interface: batadv_slave_1
[   53.917829][ T5844] veth1_macvtap: left promiscuous mode
[   53.919799][ T5844] veth0_macvtap: left promiscuous mode
[   53.921628][ T5844] veth1_vlan: left promiscuous mode
[   53.923363][ T5844] veth0_vlan: left promiscuous mode
[   54.022630][    C1] hrtimer: interrupt took 52590 ns
[   54.994713][   T54] Bluetooth: hci1: command tx timeout
[   55.200045][ T5844] team0 (unregistering): Port device team_slave_1 removed
[   55.216326][ T5844] team0 (unregistering): Port device team_slave_0 removed
[   55.386709][ T6126] netlink: 128 bytes leftover after parsing attributes in process `syz.0.97'.
[   55.391337][ T6126] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   55.408133][ T6131] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   55.420542][ T6083] chnl_net:caif_netlink_parms(): no params data found
[   55.507237][ T6083] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.509657][ T6083] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.511977][ T6083] bridge_slave_0: entered allmulticast mode
[   55.518193][ T6083] bridge_slave_0: entered promiscuous mode
[   55.521813][ T6083] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.524127][ T6083] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.528856][ T6083] bridge_slave_1: entered allmulticast mode
[   55.531472][ T6083] bridge_slave_1: entered promiscuous mode
[   55.535109][ T6146] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.101'.
[   55.610983][ T6083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.627622][ T6083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.762146][ T6083] team0: Port device team_slave_0 added
[   55.782736][ T6083] team0: Port device team_slave_1 added
[   55.911366][ T6083] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.913729][ T6083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.926475][ T6083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.949795][ T6083] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.952203][ T6083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.974906][ T6083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.307091][ T6083] hsr_slave_0: entered promiscuous mode
[   56.310800][ T6083] hsr_slave_1: entered promiscuous mode
[   56.313475][ T6083] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.334843][ T6083] Cannot create hsr debugfs directory
[   56.809516][ T6083] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.813910][ T6083] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.818893][ T6083] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.822794][ T6083] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.879724][ T6083] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.889453][ T6083] 8021q: adding VLAN 0 to HW filter on device team0
[   56.894522][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.896894][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.905680][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.907972][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.000630][ T6083] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.040063][ T6083] veth0_vlan: entered promiscuous mode
[   57.056625][ T6083] veth1_vlan: entered promiscuous mode
[   57.072909][ T6083] veth0_macvtap: entered promiscuous mode
[   57.075259][   T54] Bluetooth: hci1: command tx timeout
[   57.080188][ T6083] veth1_macvtap: entered promiscuous mode
[   57.089434][ T6083] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.096174][ T6083] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.103044][ T6083] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.107121][ T6083] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.110009][ T6083] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.112784][ T6083] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.178206][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.182631][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.200709][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.203304][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.408771][ T6240] netlink: 60 bytes leftover after parsing attributes in process `syz.2.118'.
[   57.558246][ T6246] sctp: [Deprecated]: syz.1.121 (pid 6246) Use of int in maxseg socket option.
[   57.558246][ T6246] Use struct sctp_assoc_value instead
[   58.197669][ T6267] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.130'.
[   59.155186][   T54] Bluetooth: hci1: command tx timeout
[   61.244809][   T54] Bluetooth: hci1: command tx timeout
[   61.679880][ T6300] netlink: 196 bytes leftover after parsing attributes in process `syz.1.146'.
[   62.145839][ T6315] netlink: 16166 bytes leftover after parsing attributes in process `syz.1.153'.
[   62.510906][ T6334] Dead loop on virtual device ip6_vti0, fix it urgently!
[   62.963129][ T6349] syzkaller0: entered promiscuous mode
[   63.309528][    T9] cfg80211: failed to load regulatory.db
[   63.688567][ T6358] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.170'.
[   63.839471][ T6370] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.173'.
[   63.842853][ T6370] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[   63.852656][ T6370] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   63.866300][ T6373] netlink: 'syz.1.177': attribute type 6 has an invalid length.
[   63.869004][ T6373] netlink: 'syz.1.177': attribute type 1 has an invalid length.
[   63.871607][ T6373] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.177'.
[   64.241890][ T6392] netlink: 156 bytes leftover after parsing attributes in process `syz.0.186'.
[   64.913012][ T6420] sit0: entered allmulticast mode
[   64.920739][ T6420] sit0: entered promiscuous mode
[   64.948701][ T6416] Zero length message leads to an empty skb
[   65.710433][ T6437] netlink: 68 bytes leftover after parsing attributes in process `syz.1.203'.
[   66.878880][   T54] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[   67.672507][ T6478] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   67.675749][ T6478] batman_adv: batadv0: Removing interface: batadv_slave_0
[   67.696256][ T6478] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   67.699607][ T6478] batman_adv: batadv0: Removing interface: batadv_slave_1
[   68.177445][ T6494] netlink: 56 bytes leftover after parsing attributes in process `syz.1.228'.
[   68.196563][ T6491] netlink: 56 bytes leftover after parsing attributes in process `syz.1.228'.
[   68.203542][ T6491] netlink: 56 bytes leftover after parsing attributes in process `syz.1.228'.
[   68.299039][ T6504] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.234'.
[   88.658244][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 19882791570 wd_nsec: 19882792006
[  170.195556][ T5830] Bluetooth: hci0: command 0x0406 tx timeout
[  173.274615][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  173.274657][    C1] rcu: 	1-....: (10499 ticks this GP) idle=dd8c/1/0x4000000000000000 softirq=16931/16941 fqs=4684
[  173.274987][    C1] rcu: 	         hardirqs   softirqs   csw/system
[  173.274992][    C1] rcu: 	 number:  1041891          0            0
[  173.274998][    C1] rcu: 	cputime:    25344      27145          104   ==> 52490(ms)
[  173.275004][    C1] rcu: 	(t=10500 jiffies g=8329 q=2482 ncpus=2)
[  173.275015][    C1] CPU: 1 UID: 0 PID: 6496 Comm: syz.2.230 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  173.275024][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  173.275029][    C1] RIP: 0010:kasan_check_range+0x9f/0x2c0
[  173.275044][    C1] Code: 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 <0f> 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd
[  173.275050][    C1] RSP: 0018:ffffc900001e0220 EFLAGS: 00000246
[  173.275058][    C1] RAX: 0000000000000801 RBX: fffffffffffffff3 RCX: ffffffff81a25839
[  173.275063][    C1] RDX: 0000000000000000 RSI: 0000000000000066 RDI: ffffffff99adfe10
[  173.275068][    C1] RBP: ffffc900001e0400 R08: ffffffff99adfe75 R09: 1ffffffff335bfce
[  173.275073][    C1] R10: dffffc0000000000 R11: fffffbfff335bfc2 R12: 000000000000000d
[  173.275077][    C1] R13: 00000000ffffe9fb R14: fffffbfff335bfcf R15: 1ffffffff335bfc2
[  173.275082][    C1] FS:  00007fe0f2f6f6c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  173.275088][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  173.275092][    C1] CR2: 00002000000054c0 CR3: 000000002a3ba000 CR4: 00000000000006f0
[  173.275121][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  173.275127][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  173.275131][    C1] Call Trace:
[  173.275135][    C1]  <IRQ>
[  173.275138][    C1]  ? _prb_read_valid+0x7c9/0xa90
[  173.275149][    C1]  __asan_memcpy+0x29/0x70
[  173.275159][    C1]  _prb_read_valid+0x7c9/0xa90
[  173.275175][    C1]  ? __pfx__prb_read_valid+0x10/0x10
[  173.275192][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  173.275202][    C1]  ? sched_clock+0x3f/0x60
[  173.275212][    C1]  ? sched_clock_cpu+0x74/0x430
[  173.275220][    C1]  ? lapic_next_event+0x11/0x20
[  173.275227][    C1]  ? clockevents_program_event+0x24d/0x360
[  173.275239][    C1]  prb_read_valid+0x3c/0x60
[  173.275248][    C1]  printk_get_next_message+0x15c/0x7b0
[  173.275257][    C1]  ? irq_work_single+0x1ac/0x240
[  173.275268][    C1]  ? __pfx_printk_get_next_message+0x10/0x10
[  173.275276][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  173.275285][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  173.275302][    C1]  ? console_flush_all+0x476/0xc40
[  173.275313][    C1]  console_flush_all+0x4ca/0xc40
[  173.275326][    C1]  ? console_flush_all+0x861/0xc40
[  173.275335][    C1]  ? console_flush_all+0x13a/0xc40
[  173.275346][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  173.275360][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  173.275371][    C1]  console_unlock+0xc4/0x270
[  173.275381][    C1]  ? __pfx_console_unlock+0x10/0x10
[  173.275390][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  173.275402][    C1]  vprintk_emit+0x5b7/0x7a0
[  173.275411][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  173.275418][    C1]  ? irq_work_single+0x1ac/0x240
[  173.275427][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  173.275440][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  173.275450][    C1]  _printk+0xcf/0x120
[  173.275462][    C1]  ? __pfx__printk+0x10/0x10
[  173.275476][    C1]  clocksource_watchdog+0xdca/0x11c0
[  173.275485][    C1]  ? __lock_acquire+0xab9/0xd20
[  173.275498][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  173.275506][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  173.275516][    C1]  call_timer_fn+0x17e/0x5f0
[  173.275523][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  173.275529][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.275537][    C1]  ? call_timer_fn+0xbe/0x5f0
[  173.275543][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  173.275555][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  173.275562][    C1]  __run_timer_base+0x61a/0x860
[  173.275572][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  173.275587][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  173.275603][    C1]  run_timer_softirq+0x67/0x180
[  173.275613][    C1]  handle_softirqs+0x286/0x870
[  173.275622][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  173.275665][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  173.275674][    C1]  ? irq_work_single+0x1ac/0x240
[  173.275682][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  173.275692][    C1]  __irq_exit_rcu+0xca/0x1f0
[  173.275700][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  173.275709][    C1]  ? rcu_is_watching+0x15/0xb0
[  173.275719][    C1]  irq_exit_rcu+0x9/0x30
[  173.275726][    C1]  sysvec_irq_work+0xa3/0xc0
[  173.275732][    C1]  </IRQ>
[  173.275735][    C1]  <TASK>
[  173.275738][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  173.275746][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  173.275756][    C1] Code: 74 05 e8 cb 8e 56 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 13 bd 1f f6 65 8b 05 bc e9 2e 07 85 c0 74 40 48 c7 04 24 0e 36
[  173.275761][    C1] RSP: 0018:ffffc90002c3f520 EFLAGS: 00000206
[  173.275768][    C1] RAX: 1d9e7967e323ce00 RBX: 0000000000000a02 RCX: 1d9e7967e323ce00
[  173.275772][    C1] RDX: 0000000000000006 RSI: ffffffff8d99883e RDI: 0000000000000001
[  173.275776][    C1] RBP: ffffc90002c3f5b0 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  173.275781][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: dffffc0000000000
[  173.275786][    C1] R13: 1ffff92000587ebc R14: ffff888028700170 R15: 1ffff92000587ea4
[  173.275798][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  173.275807][    C1]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  173.275818][    C1]  ref_tracker_alloc+0x2ae/0x460
[  173.275830][    C1]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  173.275838][    C1]  ? sk_alloc+0x1b1/0x370
[  173.275846][    C1]  ? tun_chr_open+0x7a/0x510
[  173.275857][    C1]  ? misc_open+0x2bc/0x330
[  173.275866][    C1]  ? chrdev_open+0x4cc/0x5e0
[  173.275874][    C1]  ? do_dentry_open+0xdf3/0x1970
[  173.275882][    C1]  ? vfs_open+0x3b/0x340
[  173.275889][    C1]  ? path_openat+0x2ee5/0x3830
[  173.275898][    C1]  ? do_filp_open+0x1fa/0x410
[  173.275906][    C1]  ? do_sys_openat2+0x121/0x1c0
[  173.275913][    C1]  ? __x64_sys_openat+0x138/0x170
[  173.275921][    C1]  ? do_syscall_64+0xfa/0x3b0
[  173.275929][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.275937][    C1]  ? sock_lock_init+0x41c/0x870
[  173.275944][    C1]  ? sk_prot_alloc+0x161/0x220
[  173.275953][    C1]  sk_alloc+0x1b1/0x370
[  173.275962][    C1]  tun_chr_open+0x7a/0x510
[  173.275972][    C1]  ? __pfx_tun_chr_open+0x10/0x10
[  173.275980][    C1]  misc_open+0x2bc/0x330
[  173.275990][    C1]  chrdev_open+0x4cc/0x5e0
[  173.275999][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  173.276010][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  173.276017][    C1]  do_dentry_open+0xdf3/0x1970
[  173.276033][    C1]  vfs_open+0x3b/0x340
[  173.276039][    C1]  ? path_openat+0x2ecd/0x3830
[  173.276050][    C1]  path_openat+0x2ee5/0x3830
[  173.276060][    C1]  ? trace_call_bpf+0xb7/0x850
[  173.276081][    C1]  ? __pfx_path_openat+0x10/0x10
[  173.276089][    C1]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  173.276100][    C1]  ? perf_trace_preemptirq_template+0x280/0x340
[  173.276111][    C1]  ? irqentry_enter+0x3d/0x60
[  173.276123][    C1]  do_filp_open+0x1fa/0x410
[  173.276131][    C1]  ? __lock_acquire+0xab9/0xd20
[  173.276138][    C1]  ? __pfx_do_filp_open+0x10/0x10
[  173.276157][    C1]  ? _raw_spin_unlock+0x28/0x50
[  173.276164][    C1]  ? alloc_fd+0x64c/0x6c0
[  173.276177][    C1]  do_sys_openat2+0x121/0x1c0
[  173.276187][    C1]  ? __pfx_do_sys_openat2+0x10/0x10
[  173.276197][    C1]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  173.276207][    C1]  ? rcu_is_watching+0x15/0xb0
[  173.276216][    C1]  __x64_sys_openat+0x138/0x170
[  173.276227][    C1]  do_syscall_64+0xfa/0x3b0
[  173.276236][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.276242][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  173.276251][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.276257][    C1] RIP: 0033:0x7fe0f218e9a9
[  173.276265][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.276270][    C1] RSP: 002b:00007fe0f2f6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  173.276277][    C1] RAX: ffffffffffffffda RBX: 00007fe0f23b5fa0 RCX: 00007fe0f218e9a9
[  173.276282][    C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  173.276286][    C1] RBP: 00007fe0f2210d69 R08: 0000000000000000 R09: 0000000000000000
[  173.276290][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  173.276294][    C1] R13: 0000000000000000 R14: 00007fe0f23b5fa0 R15: 00007ffd274597d8
[  173.276305][    C1]  </TASK>
[  175.314858][ T5220] Bluetooth: hci1: command 0x0406 tx timeout
[  203.956432][   T18] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 13568 jiffies s: 5725 root: 0x2/.
[  203.956469][   T18] rcu: blocking rcu_node structures (internal RCU debug):
[  203.956483][   T18] Sending NMI from CPU 0 to CPUs 1:
[  203.956542][    C1] NMI backtrace for cpu 1
[  203.956557][    C1] CPU: 1 UID: 0 PID: 6496 Comm: syz.2.230 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  203.956567][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  203.956572][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70
[  203.956589][    C1] Code: 8b 3d 44 cb fb 0b 48 89 de 5b e9 23 5d 58 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 10 a0 92 65 8b 15 28 e7 df 10 81 e2 00 01 ff 00
[  203.956595][    C1] RSP: 0018:ffffc900001dffa8 EFLAGS: 00000082
[  203.956603][    C1] RAX: ffffffff81ae65d0 RBX: 0000000000000000 RCX: dffffc0000000000
[  203.956608][    C1] RDX: 0000000000010100 RSI: 0000000000000000 RDI: 0000000000000009
[  203.956612][    C1] RBP: ffff888136627b40 R08: ffff88801e66ebbf R09: 0000000000000000
[  203.956617][    C1] R10: ffff88801e66ebb0 R11: ffffed1003ccdd78 R12: 7fffffffffffffff
[  203.956622][    C1] R13: 7fffffffffffffff R14: 0000000000000000 R15: ffff88801e66eba8
[  203.956631][    C1] FS:  00007fe0f2f6f6c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  203.956637][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  203.956641][    C1] CR2: 00002000000054c0 CR3: 000000002a3ba000 CR4: 00000000000006f0
[  203.956689][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  203.956695][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  203.956699][    C1] Call Trace:
[  203.956703][    C1]  <IRQ>
[  203.956706][    C1]  __hrtimer_next_event_base+0xd0/0x2d0
[  203.956718][    C1]  hrtimer_interrupt+0x568/0xaa0
[  203.956730][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  203.956741][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  203.956750][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  203.956757][    C1] RIP: 0010:kasan_check_range+0x9f/0x2c0
[  203.956766][    C1] Code: 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 <0f> 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd
[  203.956771][    C1] RSP: 0018:ffffc900001e0220 EFLAGS: 00000246
[  203.956777][    C1] RAX: 0000000000000801 RBX: fffffffffffffff3 RCX: ffffffff81a25839
[  203.956782][    C1] RDX: 0000000000000000 RSI: 0000000000000066 RDI: ffffffff99adfe10
[  203.956786][    C1] RBP: ffffc900001e0400 R08: ffffffff99adfe75 R09: 1ffffffff335bfce
[  203.956791][    C1] R10: dffffc0000000000 R11: fffffbfff335bfc2 R12: 000000000000000d
[  203.956795][    C1] R13: 00000000ffffe9fb R14: fffffbfff335bfcf R15: 1ffffffff335bfc2
[  203.956802][    C1]  ? _prb_read_valid+0x7c9/0xa90
[  203.956812][    C1]  ? _prb_read_valid+0x7c9/0xa90
[  203.956820][    C1]  __asan_memcpy+0x29/0x70
[  203.956829][    C1]  _prb_read_valid+0x7c9/0xa90
[  203.956839][    C1]  ? __pfx__prb_read_valid+0x10/0x10
[  203.956847][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  203.956854][    C1]  ? sched_clock+0x3f/0x60
[  203.956864][    C1]  ? sched_clock_cpu+0x74/0x430
[  203.956872][    C1]  ? lapic_next_event+0x11/0x20
[  203.956878][    C1]  ? clockevents_program_event+0x24d/0x360
[  203.956889][    C1]  prb_read_valid+0x3c/0x60
[  203.956897][    C1]  printk_get_next_message+0x15c/0x7b0
[  203.956906][    C1]  ? irq_work_single+0x1ac/0x240
[  203.956915][    C1]  ? __pfx_printk_get_next_message+0x10/0x10
[  203.956923][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  203.956931][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  203.956942][    C1]  ? console_flush_all+0x476/0xc40
[  203.956951][    C1]  console_flush_all+0x4ca/0xc40
[  203.956959][    C1]  ? console_flush_all+0x861/0xc40
[  203.956967][    C1]  ? console_flush_all+0x13a/0xc40
[  203.956976][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  203.956986][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  203.956996][    C1]  console_unlock+0xc4/0x270
[  203.957004][    C1]  ? __pfx_console_unlock+0x10/0x10
[  203.957012][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  203.957021][    C1]  vprintk_emit+0x5b7/0x7a0
[  203.957029][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  203.957036][    C1]  ? irq_work_single+0x1ac/0x240
[  203.957043][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  203.957053][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  203.957061][    C1]  _printk+0xcf/0x120
[  203.957072][    C1]  ? __pfx__printk+0x10/0x10
[  203.957081][    C1]  clocksource_watchdog+0xdca/0x11c0
[  203.957089][    C1]  ? __lock_acquire+0xab9/0xd20
[  203.957099][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  203.957105][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  203.957113][    C1]  call_timer_fn+0x17e/0x5f0
[  203.957119][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  203.957125][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.957133][    C1]  ? call_timer_fn+0xbe/0x5f0
[  203.957138][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  203.957147][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  203.957154][    C1]  __run_timer_base+0x61a/0x860
[  203.957163][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  203.957174][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  203.957185][    C1]  run_timer_softirq+0x67/0x180
[  203.957194][    C1]  handle_softirqs+0x286/0x870
[  203.957202][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  203.957209][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  203.957216][    C1]  ? irq_work_single+0x1ac/0x240
[  203.957222][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  203.957231][    C1]  __irq_exit_rcu+0xca/0x1f0
[  203.957238][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  203.957246][    C1]  ? rcu_is_watching+0x15/0xb0
[  203.957254][    C1]  irq_exit_rcu+0x9/0x30
[  203.957260][    C1]  sysvec_irq_work+0xa3/0xc0
[  203.957267][    C1]  </IRQ>
[  203.957270][    C1]  <TASK>
[  203.957272][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  203.957279][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  203.957288][    C1] Code: 74 05 e8 cb 8e 56 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 13 bd 1f f6 65 8b 05 bc e9 2e 07 85 c0 74 40 48 c7 04 24 0e 36
[  203.957294][    C1] RSP: 0018:ffffc90002c3f520 EFLAGS: 00000206
[  203.957299][    C1] RAX: 1d9e7967e323ce00 RBX: 0000000000000a02 RCX: 1d9e7967e323ce00
[  203.957303][    C1] RDX: 0000000000000006 RSI: ffffffff8d99883e RDI: 0000000000000001
[  203.957307][    C1] RBP: ffffc90002c3f5b0 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  203.957312][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: dffffc0000000000
[  203.957316][    C1] R13: 1ffff92000587ebc R14: ffff888028700170 R15: 1ffff92000587ea4
[  203.957325][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  203.957333][    C1]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  203.957342][    C1]  ref_tracker_alloc+0x2ae/0x460
[  203.957352][    C1]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  203.957360][    C1]  ? sk_alloc+0x1b1/0x370
[  203.957368][    C1]  ? tun_chr_open+0x7a/0x510
[  203.957378][    C1]  ? misc_open+0x2bc/0x330
[  203.957387][    C1]  ? chrdev_open+0x4cc/0x5e0
[  203.957395][    C1]  ? do_dentry_open+0xdf3/0x1970
[  203.957403][    C1]  ? vfs_open+0x3b/0x340
[  203.957410][    C1]  ? path_openat+0x2ee5/0x3830
[  203.957419][    C1]  ? do_filp_open+0x1fa/0x410
[  203.957426][    C1]  ? do_sys_openat2+0x121/0x1c0
[  203.957434][    C1]  ? __x64_sys_openat+0x138/0x170
[  203.957441][    C1]  ? do_syscall_64+0xfa/0x3b0
[  203.957450][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.957457][    C1]  ? sock_lock_init+0x41c/0x870
[  203.957464][    C1]  ? sk_prot_alloc+0x161/0x220
[  203.957471][    C1]  sk_alloc+0x1b1/0x370
[  203.957478][    C1]  tun_chr_open+0x7a/0x510
[  203.957487][    C1]  ? __pfx_tun_chr_open+0x10/0x10
[  203.957496][    C1]  misc_open+0x2bc/0x330
[  203.957505][    C1]  chrdev_open+0x4cc/0x5e0
[  203.957513][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  203.957521][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  203.957529][    C1]  do_dentry_open+0xdf3/0x1970
[  203.957539][    C1]  vfs_open+0x3b/0x340
[  203.957546][    C1]  ? path_openat+0x2ecd/0x3830
[  203.957556][    C1]  path_openat+0x2ee5/0x3830
[  203.957565][    C1]  ? trace_call_bpf+0xb7/0x850
[  203.957578][    C1]  ? __pfx_path_openat+0x10/0x10
[  203.957586][    C1]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  203.957595][    C1]  ? perf_trace_preemptirq_template+0x280/0x340
[  203.957605][    C1]  ? irqentry_enter+0x3d/0x60
[  203.957614][    C1]  do_filp_open+0x1fa/0x410
[  203.957622][    C1]  ? __lock_acquire+0xab9/0xd20
[  203.957633][    C1]  ? __pfx_do_filp_open+0x10/0x10
[  203.957677][    C1]  ? _raw_spin_unlock+0x28/0x50
[  203.957686][    C1]  ? alloc_fd+0x64c/0x6c0
[  203.957696][    C1]  do_sys_openat2+0x121/0x1c0
[  203.957705][    C1]  ? __pfx_do_sys_openat2+0x10/0x10
[  203.957713][    C1]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  203.957722][    C1]  ? rcu_is_watching+0x15/0xb0
[  203.957730][    C1]  __x64_sys_openat+0x138/0x170
[  203.957739][    C1]  do_syscall_64+0xfa/0x3b0
[  203.957748][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.957754][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  203.957761][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.957768][    C1] RIP: 0033:0x7fe0f218e9a9
[  203.957776][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  203.957781][    C1] RSP: 002b:00007fe0f2f6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  203.957789][    C1] RAX: ffffffffffffffda RBX: 00007fe0f23b5fa0 RCX: 00007fe0f218e9a9
[  203.957793][    C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  203.957797][    C1] RBP: 00007fe0f2210d69 R08: 0000000000000000 R09: 0000000000000000
[  203.957801][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  203.957805][    C1] R13: 0000000000000000 R14: 00007fe0f23b5fa0 R15: 00007ffd274597d8
[  203.957813][    C1]  </TASK>
[  353.740841][    C1] watchdog: BUG: soft lockup - CPU#1 stuck for 266s! [syz.2.230:6496]
[  353.740862][    C1] Modules linked in:
[  353.740869][    C1] irq event stamp: 11379513
[  353.740873][    C1] hardirqs last  enabled at (11379512): [<ffffffff8b6ea424>] irqentry_exit+0x74/0x90
[  353.740890][    C1] hardirqs last disabled at (11379513): [<ffffffff8b6e8f6e>] sysvec_apic_timer_interrupt+0xe/0xc0
[  353.740900][    C1] softirqs last  enabled at (815742): [<ffffffff8185bdba>] __irq_exit_rcu+0xca/0x1f0
[  353.740911][    C1] softirqs last disabled at (815745): [<ffffffff8185bdba>] __irq_exit_rcu+0xca/0x1f0
[  353.740924][    C1] CPU: 1 UID: 0 PID: 6496 Comm: syz.2.230 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  353.740933][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  353.740938][    C1] RIP: 0010:kasan_check_range+0x9f/0x2c0
[  353.740948][    C1] Code: 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 <0f> 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd
[  353.740955][    C1] RSP: 0018:ffffc900001e0220 EFLAGS: 00000246
[  353.740961][    C1] RAX: 0000000000000801 RBX: fffffffffffffff3 RCX: ffffffff81a25839
[  353.740966][    C1] RDX: 0000000000000000 RSI: 0000000000000066 RDI: ffffffff99adfe10
[  353.740971][    C1] RBP: ffffc900001e0400 R08: ffffffff99adfe75 R09: 1ffffffff335bfce
[  353.740976][    C1] R10: dffffc0000000000 R11: fffffbfff335bfc2 R12: 000000000000000d
[  353.740980][    C1] R13: 00000000ffffe9fb R14: fffffbfff335bfcf R15: 1ffffffff335bfc2
[  353.740985][    C1] FS:  00007fe0f2f6f6c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  353.740991][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  353.740995][    C1] CR2: 00002000000054c0 CR3: 000000002a3ba000 CR4: 00000000000006f0
[  353.741023][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  353.741029][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  353.741033][    C1] Call Trace:
[  353.741039][    C1]  <IRQ>
[  353.741045][    C1]  ? _prb_read_valid+0x7c9/0xa90
[  353.741056][    C1]  __asan_memcpy+0x29/0x70
[  353.741066][    C1]  _prb_read_valid+0x7c9/0xa90
[  353.741082][    C1]  ? __pfx__prb_read_valid+0x10/0x10
[  353.741091][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  353.741098][    C1]  ? sched_clock+0x3f/0x60
[  353.741109][    C1]  ? sched_clock_cpu+0x74/0x430
[  353.741118][    C1]  ? lapic_next_event+0x11/0x20
[  353.741126][    C1]  ? clockevents_program_event+0x24d/0x360
[  353.741139][    C1]  prb_read_valid+0x3c/0x60
[  353.741148][    C1]  printk_get_next_message+0x15c/0x7b0
[  353.741157][    C1]  ? irq_work_single+0x1ac/0x240
[  353.741168][    C1]  ? __pfx_printk_get_next_message+0x10/0x10
[  353.741176][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  353.741184][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  353.741200][    C1]  ? console_flush_all+0x476/0xc40
[  353.741211][    C1]  console_flush_all+0x4ca/0xc40
[  353.741219][    C1]  ? console_flush_all+0x861/0xc40
[  353.741228][    C1]  ? console_flush_all+0x13a/0xc40
[  353.741239][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  353.741253][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  353.741264][    C1]  console_unlock+0xc4/0x270
[  353.741274][    C1]  ? __pfx_console_unlock+0x10/0x10
[  353.741283][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  353.741294][    C1]  vprintk_emit+0x5b7/0x7a0
[  353.741304][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  353.741311][    C1]  ? irq_work_single+0x1ac/0x240
[  353.741319][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  353.741332][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  353.741341][    C1]  _printk+0xcf/0x120
[  353.741354][    C1]  ? __pfx__printk+0x10/0x10
[  353.741368][    C1]  clocksource_watchdog+0xdca/0x11c0
[  353.741376][    C1]  ? __lock_acquire+0xab9/0xd20
[  353.741390][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  353.741397][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  353.741407][    C1]  call_timer_fn+0x17e/0x5f0
[  353.741415][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  353.741421][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  353.741428][    C1]  ? call_timer_fn+0xbe/0x5f0
[  353.741434][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  353.741446][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  353.741454][    C1]  __run_timer_base+0x61a/0x860
[  353.741469][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  353.741484][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  353.741500][    C1]  run_timer_softirq+0x67/0x180
[  353.741510][    C1]  handle_softirqs+0x286/0x870
[  353.741519][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  353.741529][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  353.741536][    C1]  ? irq_work_single+0x1ac/0x240
[  353.741544][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  353.741554][    C1]  __irq_exit_rcu+0xca/0x1f0
[  353.741561][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  353.741571][    C1]  ? rcu_is_watching+0x15/0xb0
[  353.741580][    C1]  irq_exit_rcu+0x9/0x30
[  353.741586][    C1]  sysvec_irq_work+0xa3/0xc0
[  353.741594][    C1]  </IRQ>
[  353.741597][    C1]  <TASK>
[  353.741600][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  353.741608][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  353.741618][    C1] Code: 74 05 e8 cb 8e 56 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 13 bd 1f f6 65 8b 05 bc e9 2e 07 85 c0 74 40 48 c7 04 24 0e 36
[  353.741623][    C1] RSP: 0018:ffffc90002c3f520 EFLAGS: 00000206
[  353.741630][    C1] RAX: 1d9e7967e323ce00 RBX: 0000000000000a02 RCX: 1d9e7967e323ce00
[  353.741634][    C1] RDX: 0000000000000006 RSI: ffffffff8d99883e RDI: 0000000000000001
[  353.741638][    C1] RBP: ffffc90002c3f5b0 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  353.741643][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: dffffc0000000000
[  353.741647][    C1] R13: 1ffff92000587ebc R14: ffff888028700170 R15: 1ffff92000587ea4
[  353.741660][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  353.741669][    C1]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  353.741680][    C1]  ref_tracker_alloc+0x2ae/0x460
[  353.741693][    C1]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  353.741701][    C1]  ? sk_alloc+0x1b1/0x370
[  353.741749][    C1]  ? tun_chr_open+0x7a/0x510
[  353.741761][    C1]  ? misc_open+0x2bc/0x330
[  353.741771][    C1]  ? chrdev_open+0x4cc/0x5e0
[  353.741778][    C1]  ? do_dentry_open+0xdf3/0x1970
[  353.741786][    C1]  ? vfs_open+0x3b/0x340
[  353.741793][    C1]  ? path_openat+0x2ee5/0x3830
[  353.741803][    C1]  ? do_filp_open+0x1fa/0x410
[  353.741811][    C1]  ? do_sys_openat2+0x121/0x1c0
[  353.741818][    C1]  ? __x64_sys_openat+0x138/0x170
[  353.741825][    C1]  ? do_syscall_64+0xfa/0x3b0
[  353.741834][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.741843][    C1]  ? sock_lock_init+0x41c/0x870
[  353.741850][    C1]  ? sk_prot_alloc+0x161/0x220
[  353.741859][    C1]  sk_alloc+0x1b1/0x370
[  353.741868][    C1]  tun_chr_open+0x7a/0x510
[  353.741879][    C1]  ? __pfx_tun_chr_open+0x10/0x10
[  353.741887][    C1]  misc_open+0x2bc/0x330
[  353.741898][    C1]  chrdev_open+0x4cc/0x5e0
[  353.741908][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  353.741919][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  353.741926][    C1]  do_dentry_open+0xdf3/0x1970
[  353.741941][    C1]  vfs_open+0x3b/0x340
[  353.741949][    C1]  ? path_openat+0x2ecd/0x3830
[  353.741959][    C1]  path_openat+0x2ee5/0x3830
[  353.741969][    C1]  ? trace_call_bpf+0xb7/0x850
[  353.741989][    C1]  ? __pfx_path_openat+0x10/0x10
[  353.741998][    C1]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  353.742008][    C1]  ? perf_trace_preemptirq_template+0x280/0x340
[  353.742019][    C1]  ? irqentry_enter+0x3d/0x60
[  353.742030][    C1]  do_filp_open+0x1fa/0x410
[  353.742039][    C1]  ? __lock_acquire+0xab9/0xd20
[  353.742046][    C1]  ? __pfx_do_filp_open+0x10/0x10
[  353.742065][    C1]  ? _raw_spin_unlock+0x28/0x50
[  353.742072][    C1]  ? alloc_fd+0x64c/0x6c0
[  353.742084][    C1]  do_sys_openat2+0x121/0x1c0
[  353.742094][    C1]  ? __pfx_do_sys_openat2+0x10/0x10
[  353.742104][    C1]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  353.742114][    C1]  ? rcu_is_watching+0x15/0xb0
[  353.742123][    C1]  __x64_sys_openat+0x138/0x170
[  353.742134][    C1]  do_syscall_64+0xfa/0x3b0
[  353.742143][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.742149][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  353.742158][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.742165][    C1] RIP: 0033:0x7fe0f218e9a9
[  353.742173][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.742178][    C1] RSP: 002b:00007fe0f2f6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  353.742185][    C1] RAX: ffffffffffffffda RBX: 00007fe0f23b5fa0 RCX: 00007fe0f218e9a9
[  353.742190][    C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  353.742194][    C1] RBP: 00007fe0f2210d69 R08: 0000000000000000 R09: 0000000000000000
[  353.742198][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  353.742202][    C1] R13: 0000000000000000 R14: 00007fe0f23b5fa0 R15: 00007ffd274597d8
[  353.742213][    C1]  </TASK>
[  353.742216][    C1] Sending NMI from CPU 1 to CPUs 0:
[  353.742295][    C0] NMI backtrace for cpu 0
[  353.742309][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  353.742321][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  353.742327][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  353.742344][    C0] Code: d3 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d d3 9d 19 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  353.742352][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 00000282
[  353.742362][    C0] RAX: 832d46c32965d800 RBX: ffffffff81976a48 RCX: 832d46c32965d800
[  353.742369][    C0] RDX: 0000000000000001 RSI: ffffffff8d99883e RDI: ffffffff8be29f40
[  353.742376][    C0] RBP: ffffffff8de07ea8 R08: ffff88804b032f9b R09: 1ffff110096065f3
[  353.742382][    C0] R10: dffffc0000000000 R11: ffffed10096065f4 R12: ffffffff8fa1e8f0
[  353.742391][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[  353.742397][    C0] FS:  0000000000000000(0000) GS:ffff8880b861f000(0000) knlGS:0000000000000000
[  353.742405][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  353.742412][    C0] CR2: 00007ffc94fb3c1c CR3: 000000000df38000 CR4: 00000000000006f0
[  353.742444][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  353.742452][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  353.742458][    C0] Call Trace:
[  353.742463][    C0]  <TASK>
[  353.742467][    C0]  default_idle+0x13/0x20
[  353.742482][    C0]  default_idle_call+0x74/0xb0
[  353.742493][    C0]  do_idle+0x1e8/0x510
[  353.742502][    C0]  ? __pfx_do_idle+0x10/0x10
[  353.742509][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  353.742516][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  353.742524][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  353.742532][    C0]  cpu_startup_entry+0x44/0x60
[  353.742539][    C0]  rest_init+0x2de/0x300
[  353.742545][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  353.742553][    C0]  start_kernel+0x47d/0x500
[  353.742564][    C0]  x86_64_start_reservations+0x24/0x30
[  353.742575][    C0]  x86_64_start_kernel+0x143/0x1c0
[  353.742584][    C0]  common_startup_64+0x13e/0x147
[  353.742596][    C0]  </TASK>
[  353.743247][    C1] Kernel panic - not syncing: softlockup: hung tasks
[  353.743257][    C1] CPU: 1 UID: 0 PID: 6496 Comm: syz.2.230 Tainted: G             L      6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  353.743267][    C1] Tainted: [L]=SOFTLOCKUP
[  353.743270][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  353.743274][    C1] Call Trace:
[  353.743279][    C1]  <IRQ>
[  353.743282][    C1]  dump_stack_lvl+0x99/0x250
[  353.743293][    C1]  ? __asan_memcpy+0x40/0x70
[  353.743302][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  353.743311][    C1]  ? __pfx__printk+0x10/0x10
[  353.743325][    C1]  panic+0x2db/0x790
[  353.743336][    C1]  ? __pfx_panic+0x10/0x10
[  353.743344][    C1]  ? nmi_backtrace_stall_check+0x433/0x440
[  353.743360][    C1]  watchdog_timer_fn+0x862/0x870
[  353.743371][    C1]  ? __pfx_watchdog_timer_fn+0x10/0x10
[  353.743378][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  353.743387][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  353.743397][    C1]  ? __pfx_watchdog_timer_fn+0x10/0x10
[  353.743404][    C1]  ? __pfx_watchdog_timer_fn+0x10/0x10
[  353.743411][    C1]  __hrtimer_run_queues+0x4e0/0xc60
[  353.743419][    C1]  ? ktime_get_update_offsets_now+0x60/0x3d0
[  353.743437][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  353.743444][    C1]  ? ktime_get_update_offsets_now+0x3ab/0x3d0
[  353.743454][    C1]  ? sched_clock_cpu+0x74/0x430
[  353.743469][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  353.743488][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  353.743499][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  353.743508][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  353.743515][    C1] RIP: 0010:kasan_check_range+0x9f/0x2c0
[  353.743523][    C1] Code: 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 <0f> 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd
[  353.743528][    C1] RSP: 0018:ffffc900001e0220 EFLAGS: 00000246
[  353.743535][    C1] RAX: 0000000000000801 RBX: fffffffffffffff3 RCX: ffffffff81a25839
[  353.743540][    C1] RDX: 0000000000000000 RSI: 0000000000000066 RDI: ffffffff99adfe10
[  353.743545][    C1] RBP: ffffc900001e0400 R08: ffffffff99adfe75 R09: 1ffffffff335bfce
[  353.743550][    C1] R10: dffffc0000000000 R11: fffffbfff335bfc2 R12: 000000000000000d
[  353.743554][    C1] R13: 00000000ffffe9fb R14: fffffbfff335bfcf R15: 1ffffffff335bfc2
[  353.743564][    C1]  ? _prb_read_valid+0x7c9/0xa90
[  353.743574][    C1]  ? _prb_read_valid+0x7c9/0xa90
[  353.743582][    C1]  __asan_memcpy+0x29/0x70
[  353.743592][    C1]  _prb_read_valid+0x7c9/0xa90
[  353.743608][    C1]  ? __pfx__prb_read_valid+0x10/0x10
[  353.743616][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  353.743624][    C1]  ? sched_clock+0x3f/0x60
[  353.743634][    C1]  ? sched_clock_cpu+0x74/0x430
[  353.743641][    C1]  ? lapic_next_event+0x11/0x20
[  353.743648][    C1]  ? clockevents_program_event+0x24d/0x360
[  353.743660][    C1]  prb_read_valid+0x3c/0x60
[  353.743669][    C1]  printk_get_next_message+0x15c/0x7b0
[  353.743678][    C1]  ? irq_work_single+0x1ac/0x240
[  353.743689][    C1]  ? __pfx_printk_get_next_message+0x10/0x10
[  353.743697][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  353.743704][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  353.743743][    C1]  ? console_flush_all+0x476/0xc40
[  353.743756][    C1]  console_flush_all+0x4ca/0xc40
[  353.743764][    C1]  ? console_flush_all+0x861/0xc40
[  353.743774][    C1]  ? console_flush_all+0x13a/0xc40
[  353.743785][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  353.743799][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  353.743810][    C1]  console_unlock+0xc4/0x270
[  353.743820][    C1]  ? __pfx_console_unlock+0x10/0x10
[  353.743830][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  353.743841][    C1]  vprintk_emit+0x5b7/0x7a0
[  353.743851][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  353.743859][    C1]  ? irq_work_single+0x1ac/0x240
[  353.743867][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  353.743878][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  353.743888][    C1]  _printk+0xcf/0x120
[  353.743899][    C1]  ? __pfx__printk+0x10/0x10
[  353.743914][    C1]  clocksource_watchdog+0xdca/0x11c0
[  353.743921][    C1]  ? __lock_acquire+0xab9/0xd20
[  353.743934][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  353.743942][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  353.743953][    C1]  call_timer_fn+0x17e/0x5f0
[  353.743959][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  353.743966][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  353.743974][    C1]  ? call_timer_fn+0xbe/0x5f0
[  353.743981][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  353.743993][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  353.744002][    C1]  __run_timer_base+0x61a/0x860
[  353.744011][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  353.744026][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  353.744042][    C1]  run_timer_softirq+0x67/0x180
[  353.744052][    C1]  handle_softirqs+0x286/0x870
[  353.744062][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  353.744072][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  353.744079][    C1]  ? irq_work_single+0x1ac/0x240
[  353.744087][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  353.744098][    C1]  __irq_exit_rcu+0xca/0x1f0
[  353.744105][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  353.744115][    C1]  ? rcu_is_watching+0x15/0xb0
[  353.744124][    C1]  irq_exit_rcu+0x9/0x30
[  353.744131][    C1]  sysvec_irq_work+0xa3/0xc0
[  353.744138][    C1]  </IRQ>
[  353.744141][    C1]  <TASK>
[  353.744144][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  353.744151][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  353.744159][    C1] Code: 74 05 e8 cb 8e 56 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 13 bd 1f f6 65 8b 05 bc e9 2e 07 85 c0 74 40 48 c7 04 24 0e 36
[  353.744165][    C1] RSP: 0018:ffffc90002c3f520 EFLAGS: 00000206
[  353.744171][    C1] RAX: 1d9e7967e323ce00 RBX: 0000000000000a02 RCX: 1d9e7967e323ce00
[  353.744176][    C1] RDX: 0000000000000006 RSI: ffffffff8d99883e RDI: 0000000000000001
[  353.744181][    C1] RBP: ffffc90002c3f5b0 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  353.744186][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: dffffc0000000000
[  353.744191][    C1] R13: 1ffff92000587ebc R14: ffff888028700170 R15: 1ffff92000587ea4
[  353.744204][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  353.744213][    C1]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  353.744223][    C1]  ref_tracker_alloc+0x2ae/0x460
[  353.744234][    C1]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  353.744242][    C1]  ? sk_alloc+0x1b1/0x370
[  353.744248][    C1]  ? tun_chr_open+0x7a/0x510
[  353.744257][    C1]  ? misc_open+0x2bc/0x330
[  353.744264][    C1]  ? chrdev_open+0x4cc/0x5e0
[  353.744271][    C1]  ? do_dentry_open+0xdf3/0x1970
[  353.744278][    C1]  ? vfs_open+0x3b/0x340
[  353.744286][    C1]  ? path_openat+0x2ee5/0x3830
[  353.744294][    C1]  ? do_filp_open+0x1fa/0x410
[  353.744302][    C1]  ? do_sys_openat2+0x121/0x1c0
[  353.744310][    C1]  ? __x64_sys_openat+0x138/0x170
[  353.744318][    C1]  ? do_syscall_64+0xfa/0x3b0
[  353.744326][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.744334][    C1]  ? sock_lock_init+0x41c/0x870
[  353.744342][    C1]  ? sk_prot_alloc+0x161/0x220
[  353.744350][    C1]  sk_alloc+0x1b1/0x370
[  353.744360][    C1]  tun_chr_open+0x7a/0x510
[  353.744370][    C1]  ? __pfx_tun_chr_open+0x10/0x10
[  353.744379][    C1]  misc_open+0x2bc/0x330
[  353.744390][    C1]  chrdev_open+0x4cc/0x5e0
[  353.744399][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  353.744410][    C1]  ? __pfx_chrdev_open+0x10/0x10
[  353.744417][    C1]  do_dentry_open+0xdf3/0x1970
[  353.744433][    C1]  vfs_open+0x3b/0x340
[  353.744440][    C1]  ? path_openat+0x2ecd/0x3830
[  353.744451][    C1]  path_openat+0x2ee5/0x3830
[  353.744465][    C1]  ? trace_call_bpf+0xb7/0x850
[  353.744485][    C1]  ? __pfx_path_openat+0x10/0x10
[  353.744494][    C1]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  353.744504][    C1]  ? perf_trace_preemptirq_template+0x280/0x340
[  353.744515][    C1]  ? irqentry_enter+0x3d/0x60
[  353.744527][    C1]  do_filp_open+0x1fa/0x410
[  353.744536][    C1]  ? __lock_acquire+0xab9/0xd20
[  353.744544][    C1]  ? __pfx_do_filp_open+0x10/0x10
[  353.744563][    C1]  ? _raw_spin_unlock+0x28/0x50
[  353.744570][    C1]  ? alloc_fd+0x64c/0x6c0
[  353.744583][    C1]  do_sys_openat2+0x121/0x1c0
[  353.744594][    C1]  ? __pfx_do_sys_openat2+0x10/0x10
[  353.744604][    C1]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  353.744614][    C1]  ? rcu_is_watching+0x15/0xb0
[  353.744624][    C1]  __x64_sys_openat+0x138/0x170
[  353.744635][    C1]  do_syscall_64+0xfa/0x3b0
[  353.744644][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.744651][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  353.744660][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.744667][    C1] RIP: 0033:0x7fe0f218e9a9
[  353.744673][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.744679][    C1] RSP: 002b:00007fe0f2f6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  353.744687][    C1] RAX: ffffffffffffffda RBX: 00007fe0f23b5fa0 RCX: 00007fe0f218e9a9
[  353.744692][    C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  353.744696][    C1] RBP: 00007fe0f2210d69 R08: 0000000000000000 R09: 0000000000000000
[  353.744701][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  353.744705][    C1] R13: 0000000000000000 R14: 00007fe0f23b5fa0 R15: 00007ffd274597d8
[  353.744737][    C1]  </TASK>
[  353.745457][    C1] Kernel Offset: disabled

VM DIAGNOSIS:
20:34:20  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff81680ea6 RBX=0000000000000000 RCX=ffff888021c73980 RDX=0000000000010000
RSI=0000000000000008 RDI=ffffffff92a52460 RBP=ffffc90000007fe0 RSP=ffffc90000007f60
R8 =ffffffff92a52467 R9 =1ffffffff254a48c R10=dffffc0000000000 R11=fffffbfff254a48d
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff81680ea7 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f048ddac380 ffffffff 00c00000
GS =0000 ffff8880b861f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc94fb3c1c CR3=000000010e0bc000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 00007f1590186d00
XMM02=030011d800000075 d003001100000000 XMM03=11e880900014d003 0011e080900014d0
XMM04=0000000000000000 000000000000000e XMM05=12a880900014d003 0012a080900014d0
XMM06=0300129880900014 d003001200000077 XMM07=14d0030000000000 0014d00300128080
XMM08=900014d0030011f8 8090001400000076 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffffffff33bf460 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=0000000000000000 RDI=0000000000000020 RBP=ffffffff99dfa470 RSP=ffffc900001df7f0
R8 =ffff888107200237 R9 =1ffff11020e40046 R10=dffffc0000000000 R11=ffffffff85472a90
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99dfa1e0 R15=0000000000000000
RIP=ffffffff85472b07 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fe0f2f6f6c0 ffffffff 00c00000
GS =0000 ffff8881a3c1f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00002000000054c0 CR3=000000002a3ba000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fe0f2386478 00007fe0f2386450 XMM03=00007fe0f2386488 00007fe0f2386480
XMM04=00007fe0f2eed100 00007fe0f2386440 XMM05=00007fe0f2386458 00007fe0f23864a0
XMM06=00007fe0f2386498 00007fe0f2386490 XMM07=00007fe0f2386488 00007fe0f2386480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007fe0f2211ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
