last executing test programs:

17.725832391s ago: executing program 4 (id=94):
r0 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

17.474898592s ago: executing program 4 (id=95):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000000280)=""/247, 0xf7}], 0x1, 0x2, 0x0)
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x98, 0x0, &(0x7f0000003200)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xf00f, 0x0, 0x0, 0x0}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1472, 0x0, 0x0, 0x0, 0xff8, 0x0, &(0x7f00000031c0)={0x30, 0x30, 0x1e}}}], 0x0, 0x0, 0x0})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100))
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c0000001b0a01020000000000000000010000000900010073797a3000000000090003"], 0x22b4}}, 0x0)

17.135260506s ago: executing program 4 (id=99):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sysfs$1(0x1, 0x0)
fremovexattr(0xffffffffffffffff, 0x0)
r0 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fcntl$lock(r0, 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
close(0xffffffffffffffff)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x103982, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040))
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x3, @local, 'geneve0\x00'}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000100)=0x1)
ioctl$PPPIOCCONNECT(r3, 0x4004743a, &(0x7f0000000280))
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001500)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
pselect6(0x65, &(0x7f0000000180)={0xfffffffffffffffd, 0x3}, 0x0, 0x0, 0x0, 0x0)

16.747719623s ago: executing program 1 (id=104):
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
preadv2(r1, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/100, 0x64}], 0x1, 0x2b, 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = syz_open_dev$video4linux(&(0x7f0000000280), 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r2, 0xc0305616, &(0x7f0000000040)={0x0, 0x0, @value})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x5, &(0x7f0000000400)=[{0x0, 0x7}, {0x7, 0x0, 0x8, 0x7}, {0x0, 0x0, 0xff}, {}, {}]})
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
set_mempolicy(0x3, &(0x7f0000000100)=0x1, 0x5592)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000500)=0x1, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x34, r4, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7b0}]}]}]}, 0x34}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000000480)=""/255})

16.661875956s ago: executing program 4 (id=105):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00011100000009040000019569", @ANYRES32], 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)}, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/bpf', 0x0, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000040)='io.stat\x00', 0x275a, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x70, 0x0, 0x0, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_DATA_SEQ={0x5}, @L2TP_ATTR_VLAN_ID={0x6}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfffa}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_vlan\x00'}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}]}, 0x70}}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000600", 0x33fe0}], 0x1}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r6, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a24000000000a01010000000000000000050000000900010073797a30000000000400060070000000030a01030000000000000000050000000900010073797a30000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000080001400000000014000300766c616e3000"/167], 0xd0}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x0, 0xa005}, @sack_perm]}}}}}}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

15.625820886s ago: executing program 1 (id=109):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000000280)=""/247, 0xf7}], 0x1, 0x2, 0x0)
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x98, 0x0, &(0x7f0000003200)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xf00f, 0x0, 0x0, 0x0}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1472, 0x0, 0x0, 0x0, 0xff8, 0x0, &(0x7f00000031c0)={0x30, 0x30, 0x1e}}}], 0x0, 0x0, 0x0})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100))
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c0000001b0a01020000000000000000010000000900010073797a3000000000090003"], 0x22b4}}, 0x0)

15.246907332s ago: executing program 0 (id=111):
socket$nl_route(0x10, 0x3, 0x0)
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000000)='./file0\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
shmget(0x3, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000004, 0x10010, r0, 0x0)
io_submit(0x0, 0x11, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
ioctl$TIOCSTI(r1, 0x5423, &(0x7f0000000080)=0x7)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
dup(0xffffffffffffffff)
getpid()
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x8, 0x5, 0x5, 0x6, 0x6296, 0x1ff, 0x8, 0x6}, 0x20)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a0b04000000000000000002000000300004802c000180090001006d657461000000001c00028008000140000000000800014000000008"], 0x84}}, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
ioctl$int_in(r3, 0x5452, &(0x7f0000000100)=0x5)
sendto(r3, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004002000080020"], 0x4c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

15.184879405s ago: executing program 1 (id=112):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x1c8, 0x65, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffe0}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x44, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'batadv_slave_0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0x7}}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_fw={{0x7}, {0x128, 0x2, [@TCA_FW_ACT={0x110, 0x4, [@m_mirred={0x10c, 0xe, 0x0, 0x0, {{0xb}, {0x4}, {0xe0, 0x6, "2eb216699f54d3c2ad9a9e96269e761acd58d65225d4477c3d1f6ccde8349cec38c79f76e25df1be31ba52afaf9629ce466ef7212d6d9a3b13fdc9a74fa856899f3947f992604bf9fa54c6d4cc0fb49aca07a8c99f72ccdf0a9d3bf85260d98becd41ec6c465dffed39d9006d7f2bff18286fca089c3954e303b6e2ff79f73e39ac27364124b48f27c2e88be6c3cb7b45c601d58d770d7f499013d399a1d31ec86e76e20c8b2f3ed1b88f2bed65e8bc52413df8447a1b277d7a10434aa02a9563fceb1f273afe0e9f0e19c833abd4f9066a5b19574aee1f386b0e252"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x7, 0x3}}}}]}, @TCA_FW_INDEV={0x14, 0x3, 'ip6gre0\x00'}]}}, @filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_FROM={0x8}]}}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e", 0xb8}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

15.126166112s ago: executing program 3 (id=113):
r0 = io_uring_setup(0x7813, &(0x7f00000002c0)={0x0, 0x1000002, 0x200, 0x0, 0x101})
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16f601, 0x0)
write$sequencer(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="0293"], 0x9)
ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4)
r3 = socket$inet(0x2, 0x6, 0x0)
getsockopt$inet_pktinfo(r3, 0x10d, 0xa5, 0xfffffffffffffffe, &(0x7f0000000000)=0x300)
r4 = socket$inet(0x2, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0xa0c4)
setsockopt$inet_msfilter(r4, 0x0, 0x23, &(0x7f0000004b00)=ANY=[], 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES32=r6, @ANYBLOB="00006717adcc940145f8876ca7dc7cdfe228f11b79e9dd8c68be531b88677652f2b9b7b8c9ef52e2cbd5c68cd69f33798912dcef6e3a1e32a642d8f04fdd51b91e332ddf59c3f8745aecf4b8906b84e98aa239a7269fd39a2f"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x0, 0x0, 0xfffffffffffffe1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x60080, 0x0)

15.009630492s ago: executing program 1 (id=115):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sysfs$1(0x1, 0x0)
fremovexattr(0xffffffffffffffff, 0x0)
r0 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fcntl$lock(r0, 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
close(0xffffffffffffffff)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x103982, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040))
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x3, @local, 'geneve0\x00'}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000100)=0x1)
ioctl$PPPIOCCONNECT(r3, 0x4004743a, &(0x7f0000000280))
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001500)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
pselect6(0x65, &(0x7f0000000180)={0xfffffffffffffffd, 0x3}, 0x0, 0x0, 0x0, 0x0)

14.910207811s ago: executing program 3 (id=116):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB]}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x20000080)
syz_io_uring_setup(0x10e, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newqdisc={0x24, 0x24, 0x8, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10}, {0x0, 0xd}, {0x0, 0x1}}}, 0x24}}, 0x8044)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@delchain={0x24, 0x66, 0xf31, 0x2, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xfff9}, {0x8}}}, 0x24}}, 0x0)

14.807060852s ago: executing program 4 (id=117):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2f, 0x4, 0x0, 0x0, 0xbc, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x9, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@dev, 0x65c}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote, 0x1}, {@multicast2}, {@private=0xa0100fe}, {@rand_addr=0x64010100}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0x7, 0xdc, [@rand_addr=0x64010102]}, @rr={0x7, 0x13, 0x0, [@remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00'}, 0x10)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

14.643205611s ago: executing program 2 (id=118):
r0 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)}}], 0x2, 0x0)

14.558500257s ago: executing program 1 (id=119):
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
preadv2(r1, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/100, 0x64}], 0x1, 0x2b, 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = syz_open_dev$video4linux(&(0x7f0000000280), 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r2, 0xc0305616, &(0x7f0000000040)={0x0, 0x0, @value})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x5, &(0x7f0000000400)=[{0x0, 0x7}, {0x7, 0x0, 0x8, 0x7}, {0x0, 0x0, 0xff}, {}, {}]})
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
set_mempolicy(0x3, &(0x7f0000000100)=0x1, 0x5592)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000500)=0x1, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x34, r4, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7b0}]}]}]}, 0x34}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000000480)=""/255})

14.431582564s ago: executing program 2 (id=120):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000006c0)=@setlink={0x60, 0x13, 0x100, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2000, 0x2000}, [@IFLA_PROP_LIST={0x40, 0x34, 0x0, 0x1, [{0x14, 0x35, 'team0\x00'}, {0x14, 0x35, 'netpci0\x00'}, {0x14, 0x35, 'ip6gretap0\x00'}]}]}, 0x60}}, 0x8c4)
r2 = socket(0x2a, 0x2, 0x0)
r3 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000080)='./control\x00', 0x88)
close(r3)
r4 = inotify_init1(0x0)
fcntl$setstatus(r3, 0x4, 0x2c00)
lstat(&(0x7f0000000140)='./control\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
quotactl_fd$Q_QUOTAON(r2, 0xffffffff80000200, r5, &(0x7f0000000400)='./control\x00')
r6 = gettid()
fcntl$setown(r3, 0x8, r6)
fcntl$setsig(r4, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x0, 0x0, 0x1, 0x0, 0xb}]}, &(0x7f00000003c0)='syzkaller\x00', 0x2, 0x1005, &(0x7f0000001840)=""/4101, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
inotify_add_watch(r4, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x2, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000440), 0x40100, 0x0)
signalfd4(r3, &(0x7f0000000480)={[0x6]}, 0x8, 0x0)

14.335208873s ago: executing program 4 (id=121):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'vlan1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYBLOB="00000000000000002000128009000100766c616e00000000100002800c0002000b0000001e"], 0x40}}, 0x0)
syz_usb_connect(0x0, 0x3e, &(0x7f0000001100)=ANY=[@ANYBLOB="1201000020dafb2099041010f5050102030109022c00010000000009040000016f2bae000824020100000000092402020000000000090585da20"], 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_mems\x00', 0x275a, 0x0)
read$FUSE(r4, &(0x7f0000001140)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, &(0x7f00000000c0)={{0x7, 0x0, 0x80000001, 0x1000}, 0x6, 0x30, 0x1, r5, 0x3, 0x2, 'syz1\x00', &(0x7f0000000000)=['-\x00', '/dev/snd/controlC#\x00', 'cpuset.effective_mems\x00'], 0x2b})
sync()
socket$can_bcm(0x1d, 0x2, 0x2)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000015c0)="28f5286e3b319abbe7e18d67f62a85ca0e00865dac77e248b15b2c8537fa261323721d731141e40f80dc7ff2070ced323a9065e865b72af5884b8aff6ad723d3e67834170875510ddf40e0b7b95842bd5b397249ed9d44cd6d37181e921f57ff5463a8d2aac2f584b4b790f9f75a312d7f88d94a67674f1621523058e24ba8fb4f717a57df91ed46ad1fc3e9fb02e21fec4d295129c54d0a89a9c2b73e8c485c5883d3597ba329e6ce18dc2c4a323549ba8c696dc297dda4d6ee758f0ef13d2af215f0403bb8f68395f09bd27aff4d54a6faa053427d313b969ce2bada91b8fff2653d3fbd188b5db8fb72cce0d960d829049c0ab160b0c1a034d471ee36826cbf913c62efc152cbde43ebc44e72dde4c1db5ffb23f99f0bae50c21249ff86630b46f4bfa0505c573d85037acda9993a20203f7ff67fa4a6326d2c0bdea30778e8d5a4c412224bae428d1337f3de57b37b7178018ca79cf110154153791fc4602ec3ce0cb87a614bd96ad1fc11137021b339fa97bf2c3b84fc8552612a176e7fe3a77419cb429515cdbfef308d7273e0f6e03b00d29297be1efa8c0067c0bce239d8e80917d0e17fbb6f626f5780d09164d785fdb109e411d6d0ad4cc9132ab90b3269cb61aaee7a1336391f94d53ee80a8eb71deacd4ce5475d717776eece0a6d767facee355764523046b43b1adef8c95e86cd75a3860557373bef9c0df23a2de0cc67c1ed196aa1799d5bf0c76162973e86e0269ce2a67c8bfd683b4395d319e5aba6a9ca4f0ec2f540a080583cee3c5ae81fd3e7ec8f6fa3998f0b206dd1a236e1110a19318c23996304713a7ae421c61d1c0f891a8d26e282f1a49ca77fa8a3e0b433266283d29d7d387dffe9d261b5207b849bc312a705ef09f637279393d1ad0bd8a33cbc617c77596e1849a90f4990d9d1f6371e6157bf5a08b0465a592af8447623a076feffb24658a97e181bac22d6a65b9d4eb7d38df48eae7f24f40ca92fc0a78d98c867c9a5a6fa41aa42e47dd133b1c00fcd438e1b6a3cd18e5a85e596aed813fa050b476d7a580dba5796c8a9713b3fe00d14e784418377377c9cb802719e89541d34648522d157acc7974e8ffe9f91f0591608ac4d2ef15377877fc2991c1f7897175e776788973cceb939ee23da05e6aaa5af1a3239572f547a9aa5375e44a48be2707a696cf996d53e409372bbdbd2c1f70b513af3a63a755e280cde6255f9d112a6d1648280685a089f03aed23111d495b0c7370463f5195575c1cbe0f20198aa80bdb2907248b3d351a38a7d4a6e2a8d8856fd7590317fb40da3fc1da57aac748fb2385f64c1ccd12c84ec1215b08c40522c651d0aaddbeab8da5107a776b888d09e08ffcf335eeea4695cfb2c8a1e1bc8f4bc15792551b6fe4913c9c78ecfbd731b8dde1dc76e9586b829459632f5920caf2e373b479340a0e07952bbfb4f6f833f041115db0e019a690b55b06025cb802d994d8b63df3162af39ec1aa42692359d828b16fbe12ea56a90e50167d6098fd465369304b34d6627237b3e5716f159eb351031208edb470f49bd639cdbc6d10c885ba62677a2a502808b257c4b5f53fc199c563e79fc3e4ea8c109d185ce7ae214f955994e06af48cdfee1f4061435311f74f39f4f017448a8b77062a4323a8bdd1f61147e95e55bbcbc0a6d088e92f990775ab1f89cd11c2c17aacc5d2f66344fdfde0d65ac865fab4f96e74e0978d02b4ff06b63fc653d76141a4f7ca891c6d6309263040bfa7d0c99b88d079574360c06bf896ee290cf3f4be728e58f177bccd33976f266d9fddcc9bc9531a7d86559ac4f57f3b516463b16a173cfdd6412ee84360ae8b8315b1098ee78c7ee712728daf7cd485c029661fafce7e7b5ada0da53197081c7c55343a3df06721e76092d73f0eb9b7bf7d863635b4b6cfe759b6fac47aebd46ddb9add21281d03f4cf4dedf086dbdc531a4a2117c7f93540ba02a0aefcdc6f8bfd76bc739a0e9e346e26bac36245387f4d222d3e48c99b62f686b77a44819e9a6aba6ed5cfb4414aca4f7d7b63753bf285716988ecb6513e0cded37b1cf1021a9af7f81107cdf0400cab6cf48381604b03532dc606b7cfed1b0d48e4509c1d8bd301e6815b3fafc6543574978463755af84fa5707e21b8fec71ac9d383e3e7b858cece5c6939d75414fda309505481febc610f17948d583d43e8263592a41ac90674ee38d59fb9f7c6d12beb894f98c218e573d230c9390e32d3ca100498346a6165f2888cca45ad13b7ff71b8805077fee99d9d5d4987fcda44068ba842b3b5b702a1f5fabbbf03e7aad848856b058b0e90f5d33374c516de5416942e79f20756b91bcb5a211c9f18d2c4006d1fc6b624fbd6c2f10aa78b8ac18ffb1e971b9af184e612bfb7df3a164799d97332361f9ef690a8938c2162134009efd2dd9f9c1a8e33c14da2ab910f96943762acc4f6f51708853964b5ae715c40c69963fc54d7e3313d16780b230f024c82e950a352165e88ecbbae534874362b95ef7db1cb16c4005c51070ad897ce9064f30db0f98b1a397b123c303a9902fb83efbb2cf7f9615a6d8c8524e53ff8e72cfbc26a6e9067c683209028d66539ea421bc9ff3092e270fca2aa208c6ef34fc2b6e2b1316e66246506e5bbbd69e0fb86d0deedf045bb7556f077c71e4265190bfad3a42829787cc922e8920022cffe38f700fe1b3c182fdd6fb25bd7895c038368a44a1b6d6668ea39d57bf6acce146b18798c1bfa5f39d73a22f2082e51f09ea4c656991127ca9ad97faf38f1011c14b5579011aa7c27b8b5a780e0aff14080cbbf20a9e63ba5fbba82f365a3a0359113c238b26da19aa293c7a913c52c2fa31bc1e33986f51179f6b1daf1a9b67c910477eb0e1c852448a10cf91d97f1a19f0b2b60474c804cfd02b23507b76b49ad65f5184be1733b4149128c3ce606078f154006204b173751155c624fe288ed37b9095e3d6076f921b2c0567d1bd9c17eb59124e7804862ff1e6b98e7a738d6c3a69eab0a003cb28daeee39d0bb0cfa5beb62cdaa5144c319e448a50af668aaaba0059caaad07b15268ece058d15eab77788fd30700bfea50a6a8b08ebb537c082bad1eab815feef5a48f728fbe9c3fcceb78f17af587fc9720c21fcc5c24ed98e1688c1dabc32db556888386d3c949917fbae2aeb2905f6b2d8abe5f44c6957efabdb68752f206f01cc7120c3877b092a0da886dbe44748bbd3b4323d555173e4a376cd4ce6d17d131d5fbe149338fffc34a878a04bd2dc7d4c26f0c6d91d1746c9ab77ac570418a9fbe43449e5ba2bc5a2aec1d62fa0864a5feb0fd8926dca0f30194de037c544dd9107f71423f1bc6886c6b749bf963a4c01618dab3477fa0ec775c4bab9094b3f6294430b6379dc9d16798362439a7d4c9df28d2e3a690da17185ab70bbbb24f9f192de503dd95a67e1a743d12738ae1f281b34582cb90c74177c075f981ac9cfad7252f820b1622fadcee7d01a5c4f5db603cdc60ba23109bd96937367aeefd0ee7d052317530e87c8580a596288c40ade898b646c1f230a26dd61eb6d27dbf1d896237bb4859fe1334c913edcbec40c598cdbeda4cd2c90c3cf672cce81baeaeaf436185d5e3cc0490c07e0c9907e150d10eece255584557636c31f63c75e36f65b31f0dae229d239d44adb66b6c0c0d8313f6f4c3ecb67e92ed59cefdac9c3c4f127629a8d9e862d64b1bd324f65b0fa4122927cec0104e737a8809c03204a1b923b0cc54d67acc4cbe98cbe88da7663b20fbac0fe4f3cef9a389b96f8af0e7561c1ed8eb25a61a2d3895de330cd79c0159106de1054eafdc47e4b40b954da2490edf2f543a5658665f40be5c70caf893cecc6858cebcc1a5e6eea9c43363e41530f7e95b061e836973ca8bf984d335b3f2d6caec20d0fe19303dad477ae53d8e417a04e2397ac07574d6de91332467de182d8b275075ab21e04a73dcb190c048287c5b0a19ce41fdb7fc0ab97f3c70ce7b9f96636ec52480ae6c412a5e5e79d457e2b63bf6c7f03a021ed24597a36e1db4f7d5931d1d4aea14a7afbd6b88d32f9f5c6eb5669d9106f0abae338959c78f72f7cb30e7141fdfab1978faf62820fb955b6cb7be936ac5fd7f45378816d710c59142add9331583b784191d732d65b97fcf474ebc3f2eab070673b1d430ff9843a545a58c18b7af0b4c123280e5f81b72ab4f89b78dab1b50e3de17b05553cb23b2169f0516cdb4b20ad1531076e43cd484f3f622a02459dc0b285198fd430ce8149e7a252d26de208f764e4923fc6398f6a450829eeb624642a138296d76e0d3d43595b97ae280eb7e687b2e3dfb9d0daa28914a4b4289aef1f038d28cf10d2499268e2aa5a7ab34ee66e9a68e244110bd14c74beb4ab5264484dd6afc47028a9eb4a87ca935d658b8f15004b53cc05560303f91305213fe02638c0e311190de69a9318e72da8789bd83b9e238090af0f8cdbf0cebb4d05da7a270dc46f93fd887b0b4fd15f6c707e3abbb1af77c8a3fd33f654b0cc05a317def751980b089a0748323f53ac21c04d604204e0070021e6d5e1f9dfefef2baee61088d808a0a34aa6a0f99f5f115a35aa4102c621e877bf016ed19d1537c5d8df36f0a76b205287084d8f9e199c7d3956aa34280535f1bc10fc4204f4a6f740eb28315e525457406e7b9af327b3346fa5e3685dbb675cff3286ffc11e141c1a9dae93626c1ca596602f75e0be1396848b6239cb6a231f51de43c9cae1f2b75c0e7fbccec321717eba935a839f48af2d38c0fb2987a987c8f80fe134d1ebabd275a24746c9344fdd08790a53c62426e61df151cce893a1d3973b30fc0708273847702f652f674aa976c3c84217c534c9ec1f0df562b51128eb3a77cfd5ff8e5da39435e8915317215665c8295e6e4f1d13b5b0deca05fd60f29f9c19641c2b7a3099d7a158ff2f9e9ae3533adde9a0c33d96730be8c2f65915228a304bbfe94e8823c26f372e418ce9df0202f651af0669b769c603021c47fbf4118189ca0de57474ed4322896f451769becd7ee45ab963143691df0a7f0c3809f474a5ddc2715120e9be9a6da37d6922d76b9c6a35ca30ceb502a53964f5d6c25977265cd44809a5f20efc39a4693881959c38c4faafc0f211fb95fcb1dcc3c2bd493ac3acd940bb56d39895e6ca2254a7905ce0a2915a288527ff990ff1671d1dbf7b601346eaab1a21dcbadc333b7ae68b76ba570ea7e1d912a941721bf5eb817dee6a2a7c16c3cfd2658a5efc7373050b2c3a8b1d72a4df88b596aa1b245078ce4a9e4e7556d398c1f8d8ec98f40a86c9c2dcb704b6cebc5831080fbb798ab20e88e2c41beb4a5be29ee54a716465f4e99dbc3e24093ad23a38da2b75833e8fcf0799688efebb4f74ce9d0a657a3b48bea249176e277954f544437044271048adbcaa9241c9ebed3f32835426ad32a85486ff126cb253e70ba6122ca4eb3abfeda36142140120762022f8c16c4365617314a3952bf33ecdf744eef6b5667a868a422f05e6d7f2506450ed3d1f575db6e4fd6e3351bda918113af49419512115c5a479fb3f3fed8bf143a5307020dcfedcd212e59ea824768444fc0cbb770444c87d2e17658d63b09c341bbf2cae506e20c59d97623c12ed577ced52570c55a7d7f6d70d01bfbaeaa8bd0474b3942ea33ef271856c66a89f805599ab84d425068dd2e914fe75e634ecbf7cb1857e41cdc9d4bcacb13bf940bd97b00e36acdc34c9e92b1ae1b83f22648d4ffb82da4b67ee3d57b77c43ae991a79ccfefc051654acdacdc44807ff1badf474e10b287a4b26975d6dcfd83cf7d50128dd6a483763f413704d9b8f75c31e39e89e1683ed3cb53e5368abcc6ae679233f3fbc6155e7ea3e21890a9fe182f081b3340d1e2448046e9de868fa0e84306ecff975284bd25cc1bfe08472a667b27fde72fd3c298db130d9442b0df5ef302ba79b06337a542438a65bef449a3273bee866443d0da07c8d78ddd8579f5f4698e5f783ef6b99a8e37176d81d93e586ec62b874abb3e504b79869672a44e1ea42ccf5dbd0b2ed1f9f05b76f1781c97c3b32cde6febbb07d4829f8bce04ef9de2e3298a77000bebb33fe38c3740acba648f6ad82a9b1e7610375498d8597c7d8fa376b20d2531ab28d8ccc0d4fdc7091f26665f3078be0168892d27b17c4574db5032f5b95da89d3085c79591a331f95bb4b9a41cf3c2000b0519457d662affbf9645d225413bc444fa7e266671cdeb5172da5baf7a91489345690b183f3d6c633f1f85c1e67d205ae01deb254e84db6b3c3f5a6a8d09f595cd42b93d859b10dc5ab835d38fc16301372ee454b84151229ed14df6c94ee68c8cdd14f2d12927661b49dccbfc397e3ac925eb5caa803af33d6054fe1a650961717c3338136a5207a807c0996c0798a7db3d8a855b5362590733d16b8ce8ec03184a460938e050d7947ee44eb42832dac5f8e862091ea2df9ee5f46f7df208358cb6075d5626147939a4eb9d85188de3811760947704085dc6fea004e75910c2312f833b6ef5dc52b9eea39180d19b2009d9047614bb117c96689ae9d63a45d8fb40db4525af1b745ca81461e04060a2ccb334c96f9c73d4bf5e7386dbb01fa9b0624251400365881162aaad04c55ef57f99e98b09fa1cb3a15fc21d6698d6a631cd1b7ef4bbd4fdf902d3ede0bc4b3c9aa70bb089b78eaf663c1074b75b255847b1ebaaf32fd395269a97534537f2c8a51d77030af02132a96c1bcf107c8068094fa59c34fd8727f2d4b2d9bb3031256f79b36dae8e924ffed7eb8332372a963c2dee59d45e662cc2c7970910cf3c7678d73e8fbc601c4f6df8c2c518cbf10a58937e6257fd78313f1714fb2918804f5cfa37e08bbe84daa4c0ffa6cbe554076a178a14d295b8352d24bbbb23c953112db820fb47f6c98f8f884e8f4c98b61dbf85971955b29df49610dfaae5b1ed85bc87882be1d0039aef24c2bf706650a7f7558b8e45ed1c275b615b98b876e8e8668147302849229bee6093136b163dd812974b55c08ec56cf6a7192fc603c95c6dc75ebeb0ee0789a79d2fd7bfe0b75045d01461eb896724f5385161a08b901fd66e185d68ee71567f823a11f49dcb4831a035b640676360522f2df23c30d77075f474e4111058c3675d4f4fe3b0c5fe6818a73908bf6aecf824ab6b44954851b5207296ab3580f4fe10be6047f74bb9438dca1fb8d3c637893ac4cf0e96f6ba2043f028e292f0b59184052f503279f1bb90324b4addc63cd2756a6bbe548d3f34e4acd56844eebf68fe9038941fdc7b6b63b169eba8ce5e0e63d6f2b78f737c1697f7a027f8823cda8a805d9cfdf77a3bc3d4de41f6594d4fcac247c7fe49e1bf67fa02925e3ad315fb7642f1d9491a17e9bca635f4abdc7a920223f5063637b1271d6010e1fb6bd58190ef6a0bdcb4ad390c746dcc626421cbff1018108384037aa973fe5f6e168378cf3d21c025508218cf6860de6692c91a3f4ee743834ad21b2b4fa05d2b14b0244c949b02d7094d816369afe60e41d63b3b2ffc2eed609573d930e0976ec129189962b669fd8013a0db65c68ecaa79f957403984acfe0d6ca90c51fda066f93a509d54b8efef009d5e0351679cae38a545dc05f9157e97b7efdd0c9ed2db504cdf89c92d8eac95d134e8133ce71b1870ff7a107d0864542a9f36dc9f7e82c56d128efbea899dc1f950a4fada039b153ff75b9661d3d547463b4609cc6d10e1e4f718e3d1bf5b409397ccc984a835807c1b6aa1c44ea66c248e4f4ad0f842b64b9115ebcbb23e5cd48306312bee6918cb52c86915791993c2554fe5471674198f47b6f7678b88ae99f08ef510a76b987ef0177b40ab89bd1d958e7b1936a55035c3d9a55152b95e22d70fbce75ca11bbd9540298546f34c09c401457b77fb5df0612fb00b38f3340a9d5c4ca57bc64098a8a39fe5689c3fe2bfe444437d54a39c9a76891638301910c80e13c833a689ec1a7360612ff74e47ec9f1456f3d2240c9943171258fcff222a8069034ca15d9b0294d31eb3aafe9cfb9f9b6b4c36fc235603fa85389d9d31cb9ac31902f71671b903786b552ca101fbdece2ae55cb45691ed5ebe01ef8e4a6bf0f4e62f3b37378ab2fd2ba5b2aa8a61ed5118709fc46980a5ac9e8b045ca83a2c09d6b6d829f3bbbc8de30373a8dc4f8686ba4fbb12c0d02c97498c1cd5d110396f4bdceb71c5b4c336dc06a77e2d3919b4d9bed9cb4fe220340fd24c0859e8f9eec6d7fd4e7058022a09b5cdcbcff9d91ddc9d1afa35cb8be0e65191c6ddd10bde0ba1b9171de163b1b943782adea2dd414287e3fdcc8b7abfa23b71bdcbd946f12baca9e5469189ebc14ae652cbc4c314e5797fa8cdb563248ed1c3cf647e869e753b1136d7be980605e961533db53989dfef5f33e6312efb72f7b4e40b5357078816c53053648f88a784450a463d1c97647ffc31660e0dbb675a56c9ff044d466ad81d01f93297e6743c98a67e27788ec6c27f8717c054e08cd83a84df72752a3833880fc3e49122b402e02efcde16cc88587b453c82b7a61680c46cf88049608a5664fa0a1c668e6b1ed36310171a05dd5cbdcf68de9795f638463a15fa039e5c0e3f56e6b983e583b63f7097a832c9e6088d49df8544cedc4712a24fd62b050b46b5e54dfd34a05a00e4531c2db753f47fbb495fd4d9ca3c42f2111b6d98ede9ad1f61eee407bb6a2bf98e535a545f28d0fcdfa82036da3e7ba8092adb81aa7187953c3d0edee96a821ecd9465c3021570990197076fa43ef81d6cf19902df04a630f7db8ad014630e3697a4f0989b84dcb961cbcaeda5c0d89d55d25551e5cb0a09e84cda6f6eeb5ea89eb69f18a43a3dfd299b3d49aa3f703cbad1fe907bdb671f1b8aab94729436d6d77f7e0ee0766f2fac65c7df175a529f11fa96a12fcf7f6fedff3ffa22fc4221c568d74f7345e60abb8cf77b248f5aad1ecf010b00351893f55a1adbc23aa9e2d09c034b1b0ffbd3a8d68b6522718713e7aac4b2087fbf3281059c1327d150f0eef2d65de654c75876b679957e2d76d5b564559d032fe0f081fd220ab6d0e3c01f4b352171acc2796f440e18178db73452764c481a36261e6d38ab4a408f0b47780303f95d488b81ca07c8efc53afb49fc9fa043cfa4cf88b6e3fab829e8b723fc0fcedb4466e8a3fd83564a734fd4cc0271eae1c3472ec2fff354b5afefa72a691a9669375e4bb3d79eb0fefe40af2e0d1c3d3e8edf4b73d4e834444e93a1c479700a88706b3a9b064cb8a60669491be22bd78597f63b9f8310f54f879ba05de64f172e06afcbb1d6fc0cfb627d530c21cab51dba4c63e804ed23deef6028002b45478fd1c3b59faab5affb689a752dc143122d844e970b968d68ae1a2451b60fc5c1903b61fb046e03bd4329a896bce96e3b36e73cb9c262921c08009c01dae6cd7e5b7a5fedb0595f94b801ee171ed61a4ed37e80eb185f29c8f49bcdcc27cbfba9152f23c46ffef27c792687a1ae964f2e0805a3fd71cec83c6949c51f4f652957f3384e5f18e78abdc5f46bdac93e69a7bbc5f2854a92e18a11b59e49631f5dc64a0994440e6b202a2ef32a98b054459b41dbbef388f0e57c9969805e7dc372e03f53fe794d0adb57d88247b10db51372ea8d169b3177911dcd0a14a0e1bfd2c3720a73b09d6b4dfe9a105f39f62f3ba1fcfa11b9b4feb06b7ae6c125f1c3c1e35958f7498d834136ce1d609ce3d12ad6c36a39e3d02a5649218f9e714dad4051f2a4f47e44705e6c7f086dc363b0a667f15fbbd1e803aefddf406cca5c25c0beaf7cce46744f590e41975a491fa9e7d87f9192f2e20a743b56f3aad1e8bbda6669e37a5394efeb8fea6523e0b4d28faeb295ee5645759a06a44b77788fa06dac145dcdfc7327485dba96bf9bd5b4bbc65a23183fe1150a957396d82cfa14748b1968876bf48ea0f9a19e6cd29bda6ba5e1802fb3b147176a6abeff7111b3573ef989663fbe90b9d442d365c95a1c63b6afe323862f30059481c13a6aad1c83efb75075ba99b5cddb901ddfe1a352aab487b93936b090bf03ad8ab789a310c6a5d85a46c49052aeaf6aba96ef330e00ff7139a36b1e75b8868562be241654dcb3472fa5d4e91de2fd508bd9b9547884c5e8e9df94015466aef41aa8caaab3c8d46ea12b6da7e410a9605c9379eb26dade78fce0b64b617238fea1c05a7565f177aa4246329d98b96fa3f169d8922bcd07eab87a85e9215799a90eb7daef79941fea1390f3c54832de2f4ce13361fedca49451178f5e0643505d57979a82a2321641b910c89840a9c29662adf703146247099953a0cb1e5694956f6b949e978381d505459fb1a4c39191f260ad0860e260449c86d80e86cd231d08f2b52e837356effe433c6dbaeeca88ec9b03a916c43fb4a9d6bf4c7a3fdf912f6643000019f4be1bfe47a1d0baeef7d82368dde8ab0780964eceb575cf4718ea1913b3a5ee3f536fb2f176facd9008cd13ccda29c7c6405ecad74c7b3ab007652cba79273bf6cf5c997dff4f5200be53549ffae554c4cf7f5adf6b57508b902182843cad09343670466d3a8d9841565f3ea42ba03cb4e2e325175cf3e2dbff4263b686d27dc0abde36bff6488ed7a217d21a8b95e1857fa5e578f77346121e9c163d5922bd8c2062988bdeb81585e8b7a1b7436a7ab2a8d3acf3d30c7c00b6413395b3dd7acc2a84ece78fb6ad41fab94f1f672d463516c35b8a154caa68dc086aef4d750df7be1199faff57e388badda3c769ea4ace7a073e245178506261611996181da2dea73b15cb4eed74e17efe02021d6ca6fa75eeceb08eb83a24acf649341b3527a590e7d60c5f6f4a111b7eb47330165c9e2376f6e2227b8e4e514337c0e95d187e16b518648c1a57cbcde746cf0d23dbc3b00992490dbe53008b75dcf7afc08b2d1f1544eb311a06ba452611b5923dac7a6ddadb65e3f2131ea3148355f8075383e387b80f343ff13267d9fcb72e0a9866a98b7237135cf682f24be17cce536a5027aa138c5d071da66fb1160263340135880119e3ed51f01327a911161c34e125f5ee054a8b8d7c20f21f1ac6c181e56584a50ad609e7505750b1943f99fb4d3049a6b620d2472bdab5bd3cccee2a19a148d5a1f70043a841df5277266a9c008b888bd0d665fb3be7c40e591cab7b65ac78fbdbe0e9a5820a50e992a099a1ed7bffba8d80555249cc160ca45295fe956b4217c0e4932c93681a0e33e2f7a46d4b9c66b2649c1046173bed47e1d7ae9ccc28ec7565decbf9e8fa332a46cf26179adeaf503419c8ad4ad8aeddbae05bc80cc36de4fa6001621fa55f39c45b817dffea1fcb5160b0831cebb6e15e7ebfce93e2ae5e048b6feff897949375df6a0168c343087287665db5d646eadc6223183acf81897ee4ae92adc8f13653af6c6838a6cf6f537086924672654d3db758e9c4081b06623e6e697c6255d6a0983e419144ba64011f98bef26e23cb1fd57b81ccd52f1fad9419594977ccfa95eeabb63a03e0607faf16c891f88009bb90e54e", 0x2000, &(0x7f0000003f00)={&(0x7f00000035c0)={0x50, 0x0, 0x7, {0x7, 0x28, 0x4, 0x2012, 0x8, 0x1, 0x6, 0x2}}, 0x0, 0x0, &(0x7f00000036c0)={0x18, 0x0, 0x8, {0x3}}, 0x0, &(0x7f0000003780)={0x28, 0xffffffffffffffda, 0xffffffffffffffff, {{0x80, 0x0, 0x1}}}, &(0x7f00000037c0)={0x60, 0x0, 0x9, {{0xe972, 0x100000000, 0x1, 0x76, 0x2, 0x3ff, 0x4d, 0x839}}}, 0x0, 0x0, &(0x7f00000038c0)={0x20, 0x0, 0x6}, &(0x7f0000003900)={0x78, 0x0, 0x8000000000000000, {0x3, 0x1, 0x0, {0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x6, 0x7, 0x10, 0xffffffff, 0x4000, 0x0, 0x0, 0x0, 0x3ff, 0x9}}}, &(0x7f0000003ac0)={0x90, 0xfffffffffffffffe, 0x0, {0x4, 0x0, 0xa6b6, 0x5, 0x0, 0xe0e, {0x3, 0x0, 0x0, 0xa, 0x3, 0x1, 0x0, 0xd9, 0xfa2, 0xe000, 0x8, 0x0, 0x0, 0x8, 0x5}}}, &(0x7f0000000400)=ANY=[@ANYBLOB="90000000000000000001000000000000050000000000000200000009000000790000000000000001200000000000000000000000b7000001000000000000002d000000000000000600000000000000960d00000000000001000000000001000000000000000000020000000000000000000000000000000115000000004647fd2a74bfb21800000000000000000000000d832280f339c7b708648ccaaa61e9e31fb4aacb0006995edd9f767c8de5d803afa9feba08826ec0f622f2a348bb480016"], &(0x7f0000003d40)=ANY=[@ANYBLOB="b000000000000000030000000000000004000000000000000200000000000000810b000000000000e000000000000000755d000002000000040000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0080000000000000000000000500000000000000080000000000000003000000050000005c2623000000"], 0x0, &(0x7f0000003ec0)={0x20, 0x0, 0x9, {0x3}}})
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0))
r8 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000100)=<r9=>0x0)
r10 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0)
r11 = memfd_create(&(0x7f0000001980)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f\x02\xc1v\x98\xd6\xfexW\x11\x84\xa1\x9e\xc6\f\x9f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xffr9%\x97!\x97.A\x84\x1d\xc2\x86\x89{\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e/\x85c\xae\x9c\xe9\xc4\xd2\xf3\x9f\n-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\x12\x00\x00\x00\x00\x00\x00\x00[\xf9\r\t\xef{h\xb0\xc0\x00\x00\x00\x00\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8Fb\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5O\x8fI\x00\xf0\xc9%\n\xa7\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=j\x8a\xa4\x97;\bNl\x81\x9bx\xa1\x02\xb8M\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\xb7\xbc\xc3\xad\xf1\x92\xaf(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\x9d\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x00\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f\x00\x01\x00\x00_H\xd4\xe3\xb2,oj\xac\xd7\xbd\xd0\xadW\x1f<\xd0s\xa8\x1f(\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\xb3\xeb\x81\xb9\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x84\xe38\xac>\xbbqJ\x8f\x8cmu\x12\x1d\x9a\xd7\x1c}\x8a]1\x8a\x84\xedo\t*77\xbb0\x8b\xe5R\xc8\t\x94\xbc\x95\xc0\x92\xfc^e\x15\x10\x96\x18\'\xfa\x8e\x81\x03)3\xbf\xa6|\x88\x1f\xfb\xf0\xa3\xd2\x99\x06\xb1\x15\xc4\xe9\x80\xfb\xcfD\xe3\xff\xc1V\x00\xc4\xd1\xa1\xa6\xba\x9a\x91\xdb\x0f\xb6\xb9&\xf5\x05\x9b_\xde\xc6\xc4P\xf9,\xab\x13\xd0+*\xa3\x002\x19Z\x0e\xa7\xb9\xf2\xed\xd7#\b0\xba\xaa\x93\xf6\xef-\x1fL\xc6\xdc\xa7?\xf9\xbcdI\xca_\xa3\xbd\xe6,\xe6\x87$\xe8W8\xa6Zb\x1a7\xd7\x86\xe5\v\xa5\xaf\x8b\xd8t\x9fk\xee#\"\xa4\x96\xd5m\xdb\xb0\xdf\xa8\xb9{\xca\xea\nD|+;\x14\xc4\xe5\x9c\xebDJ\xf4\x19PFi\xce\xd6E9\x18\x1d~\x17\x06\xe9iDu:ou\a<\xaf\x8f0v\x81\xb1HC\xf3\x96\x96]bp\a\xdf7\xcb\x10x\xff\x17L\xde\xff\b\fm\a\x1b\x13\xe2[\xea,\xfc\x8ep<\xa4gq\xf4\xb4\xd7\x1d\'\xd6\xb5\xa3\x90\xf9\xf2\x1a\xaa\xb0\b\x7f\x89\xf7\x9e\x89\x85O\xe6U\x9fO\xa5\x8dfO\x11S\x00\xb6\x809\r\x96\xf2\xb8,\xe1N\xa1\xfd\xaa\x99\xe9\xb4\t\xf1(>\xf8fLBQ\xcf\x9c\xd4\x88\x96\xbc\xf0\xa4\xeb\x92\xd7\xc1\xef\x13\xc7U\x9b\xa8r\xc1_\x11<\x19?)\xb3\xfdf\xc3\xba\x1e\xbaY\xea|~^\x00\x1e\xea/\x1e\xd2&1Z@\xa50\x06s\xf2PP\xf9\xdcv\xc6\xaf\x12M\x8b\x12\xdbf\xb2r\x1a\x84\b\xde\b5\xdb[ruJ\xa0\xa9Nj\xd5<\xcc\xdeA4|1Ye\xd7\xf3\x1b\xedq)\xab_\xc1\aR\xef%\xfb\x9c\x18<\xa3\x133T\x89\xff\x99S\xb7n\xe3%\x05g*X\xe5\xfc\x97\x01\xec\xeb\xd6\rf\xbdl\xee\xca\x1c\xa2{\x98v\xcc\x8a\xcc\xa1\xf1\xb4\xf6\xe1\xc0\x96\xc8\x1c\x05C\x93\x1c\x89e\xc1~\xf3\xc8\xe8\xe6]S\xbd\xbe\xb3M\xc1\x9b\x05\x12\xe9C\x11\xbb\x03U\x80KRd\x14c3I\xa0\xc7\x8a\xba9\xfeH\x94\xb2\xe7h\xb1\x02\xf6\x0f\x02\xb0\xc3\xd8\x02\r\v\xfa\xc7\xbdE\xf6b\xde\xbeJ\x9509\xe8\x18\x05\x15zi\xba\tf7\x9b,\xa3\xa5\xa1\xc1|\xd2:D3z\x8f\x19\xa8\xe1d\xedk\xe8\xa2/\x95`$\x81\xc2g\x04u\x16\xbc{\xb7\x90\xbe\xeb\x85 \f ^I\xd5\x0e\r\xdf4\xd0\x95d\xe4\xaf\x83\x88\xd8l\xae\"\xef\xe5\xfc\x01\x15\xb5\x99U\x1c\xb1\x9c \xe7\xa6\x8fv\xfe\xea\x9a\x11\xe2-\xeb$\x1e&gQxv4\xad\xaf\xad.ev\xf3x\xeb\xb6\xac\x8b\xdb;j%\xcb:\x98\b<d\xf3\xc4\xba\x16\x17>\xc7\x90-\\\v\x91\\\xb9\x9b\x932\x0f}>\xbc\xf6\b\x8ca\xcb\xd5\xe7\x97\xc6;$\xab\xcc\x884js\rF9\x8d\x86\x8e\xfb\xba\xb0\xe97\xb3kZ\xc1\xcf\xa3>\xe5\xe9G\xcb\xc5\xff\xf0+Rx\xb5\xb8`\xab\xcd*\xfd\x92\b\xf6\x9a\xf0Nx\xf8\xd7\x8e\xfd\xe4\xa2\x00\xadb\xce\xd0\xcc\t%\xbd\n\xc1\xaa\x89~\xf5\n\x1b\x9b', 0x4)
fallocate(r11, 0x10, 0x0, 0x400001)
ioctl$CEC_ADAP_S_LOG_ADDRS(r10, 0xc05c6104, &(0x7f0000000380)={'\v\x00', 0x0, 0x5, 0x1, 0x0, 0x0, "f759e10000001000000000fc6300", '\x00\x00\a\x00', "0300", "e859ad13", ["8bada940edff000a00", "c2fed6bf0400000000000040", "200000001a00", "0000000000000000000100"]})
syz_io_uring_submit(0x0, r9, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r7, 0x0, 0x0})
io_uring_enter(r8, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc10c5541, &(0x7f0000000080))

14.241566185s ago: executing program 0 (id=122):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
inotify_init()
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_VDPA_GET_STATUS(r1, 0x8001af71, 0x0)

14.216613529s ago: executing program 3 (id=123):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000000280)=""/247, 0xf7}], 0x1, 0x2, 0x0)
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x98, 0x0, &(0x7f0000003200)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xf00f, 0x0, 0x0, 0x0}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1472, 0x0, 0x0, 0x0, 0xff8, 0x0, &(0x7f00000031c0)={0x30, 0x30, 0x1e}}}], 0x0, 0x0, 0x0})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100))
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c0000001b0a01020000000000000000010000000900010073797a3000000000090003"], 0x22b4}}, 0x0)

14.21384969s ago: executing program 2 (id=124):
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x319, 0x8000)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000000))
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0))
r2 = dup(r1)
read$dsp(r2, &(0x7f0000000100)=""/167, 0xa7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
fsetxattr$security_capability(r0, 0x0, &(0x7f0000000080)=@v2={0x2000000, [{0x5, 0x200}, {0x5794, 0x800000}]}, 0x14, 0x3)
r3 = socket(0xa, 0x40000000002, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x2, 0x208, [0x20000690, 0x0, 0x0, 0x20000630, 0x20000660], 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000005000000000000000000766574683098c76f5f7465616d00000064756d6d79300800000000000000000064756d0004300000000000000000000073797a6b616c6c8279a7e00000000000ffffffffffff000000000000ffffffff7fff00000000000000087000000070000000a000000072656469726563740000000000000000000000000000000000000000000000000800000000000000ffffffff000000000b00000000000000000073797a6b616c6c65723100000000000067726574617030000000000000000000766c616e30000000000000000000000064756d6d7930000000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000001b700000000000010000000000000000000000000000000ffffffff00000000"]}, 0x280)
openat$cgroup_ro(r0, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
r5 = mq_open(&(0x7f0000001100)='*a%\xff\x00\xf1\fNC\x84\xe0\x99\x1e-\x9a\x0f\x1a\x90\xee\x10\xfeARsO\xae\xd6\x05K\xe2D\x8d\xa4H8\xcf:\a;\xd8\xc7\xc8\\C\xcf\xa7\xcb\xb4\xe4\x8dY\xe3\xa5K&\xe5\xc4\x84v\xfa\xe7\x11\xc4\x99\x10,\xe3M\x80\xd3\xc2\x1c\xb0\x84\xb83', 0x41, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = accept4$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @initdev}, &(0x7f00000001c0)=0x1c, 0x80800)
syz_io_uring_complete(0x0)
accept(r7, &(0x7f0000000200)=@ethernet={0x0, @multicast}, &(0x7f0000000300)=0x80)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x38, &(0x7f0000000040)=[@in6={0xa, 0x4e20, 0x0, @loopback={0x0, 0xac14140b}}, @in6={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4a6}]}, &(0x7f00000002c0)=0x10)
mq_timedreceive(r5, 0x0, 0x0, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r4, 0x0, 0x42, &(0x7f0000000100)={'icmp\x00'}, &(0x7f0000000140)=0x1e)

14.077294268s ago: executing program 0 (id=125):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="020300000f00000011000000de000000010018000000000005000600000000000a00000000000000fc02000000000000000000000000000000000000000000000200010000000000000002000000000005000500000000000a00000000000000ff0100000000000000000000000000010000000000000000"], 0x78}, 0x1, 0x7}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x4a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
bind$inet(r2, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r2, &(0x7f00000040c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=""/142, 0x8e}}], 0x1, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x48001, 0x0)
preadv(r3, &(0x7f0000001880)=[{&(0x7f000001a8c0)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
socket$inet6_dccp(0xa, 0x6, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x220, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000500], 0x7, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006e2a30456b880000145b41fe6900000079616d3000000000000000000000000079616d3000000000000000000000000076657468315f742f5f626f6e640000000180c20000000000000000000180c200000000faffffffffffffff000000670100009001000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000646e61740000000000000000ff0300000000000000000000000000000000000010000000000000ffffffff000000006e666c010000000000000000000000000000000000000000000000000000ff0050000000121b6eb244d4f0fffbf04a000000007e4b000022d4e27ebdf3b9dc569e338e2c551c2fc4a19597ba4c501c8b1f16fb7809c40aee86f4fe16383d2afb577ed2bb6dd99f024b3f54ba00000000415544495400000000000000000000000000000000000000000000000000000008000000000000200000000000000000000200"/544]}, 0x298)

13.973393295s ago: executing program 3 (id=126):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x1cc, 0x65, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffe0}}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x48, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_INDEV={0x14, 0x8, 'batadv_slave_0\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8, 0x1, {0x7}}, @TCA_U32_POLICE={0x4}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_fw={{0x7}, {0x128, 0x2, [@TCA_FW_ACT={0x110, 0x4, [@m_mirred={0x10c, 0xe, 0x0, 0x0, {{0xb}, {0x4}, {0xe0, 0x6, "2eb216699f54d3c2ad9a9e96269e761acd58d65225d4477c3d1f6ccde8349cec38c79f76e25df1be31ba52afaf9629ce466ef7212d6d9a3b13fdc9a74fa856899f3947f992604bf9fa54c6d4cc0fb49aca07a8c99f72ccdf0a9d3bf85260d98becd41ec6c465dffed39d9006d7f2bff18286fca089c3954e303b6e2ff79f73e39ac27364124b48f27c2e88be6c3cb7b45c601d58d770d7f499013d399a1d31ec86e76e20c8b2f3ed1b88f2bed65e8bc52413df8447a1b277d7a10434aa02a9563fceb1f273afe0e9f0e19c833abd4f9066a5b19574aee1f386b0e252"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x7, 0x3}}}}]}, @TCA_FW_INDEV={0x14, 0x3, 'ip6gre0\x00'}]}}, @filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_FROM={0x8}]}}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e", 0xb8}], 0x1}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

13.669336254s ago: executing program 3 (id=127):
r0 = io_uring_setup(0x7813, &(0x7f00000002c0)={0x0, 0x1000002, 0x200, 0x0, 0x101})
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16f601, 0x0)
write$sequencer(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="0293"], 0x9)
ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4)
r3 = socket$inet(0x2, 0x6, 0x0)
getsockopt$inet_pktinfo(r3, 0x10d, 0xa5, 0xfffffffffffffffe, &(0x7f0000000000)=0x300)
r4 = socket$inet(0x2, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0xa0c4)
setsockopt$inet_msfilter(r4, 0x0, 0x23, &(0x7f0000004b00)=ANY=[], 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES32=r6, @ANYBLOB="00006717adcc940145f8876ca7dc7cdfe228f11b79e9dd8c68be531b88677652f2b9b7b8c9ef52e2cbd5c68cd69f33798912dcef6e3a1e32a642d8f04fdd51b91e332ddf59c3f8745aecf4b8906b84e98aa239a7269fd39a2f"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x0, 0x0, 0xfffffffffffffe1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x60080, 0x0)

13.566496185s ago: executing program 1 (id=128):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00011100000009040000019569", @ANYRES32], 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)}, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/bpf', 0x0, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000040)='io.stat\x00', 0x275a, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x38}}, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x70, 0x0, 0x0, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_DATA_SEQ={0x5}, @L2TP_ATTR_VLAN_ID={0x6}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfffa}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_vlan\x00'}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}]}, 0x70}}, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000600", 0x33fe0}], 0x1}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r6, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a24000000000a01010000000000000000050000000900010073797a30000000000400060070000000030a01030000000000000000050000000900010073797a30000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000080001400000000014000300766c616e3000"/167], 0xd0}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x0, 0xa005}, @sack_perm]}}}}}}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

13.345271933s ago: executing program 3 (id=129):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sysfs$1(0x1, 0x0)
fremovexattr(0xffffffffffffffff, 0x0)
r0 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fcntl$lock(r0, 0x0, 0x0)
socket$inet(0x2, 0x0, 0x0)
close(0xffffffffffffffff)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x103982, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040))
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x3, @local, 'geneve0\x00'}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000100)=0x1)
ioctl$PPPIOCCONNECT(r3, 0x4004743a, &(0x7f0000000280))
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001500)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

13.196726845s ago: executing program 2 (id=130):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'erspan0\x00', &(0x7f00000005c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x24, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x0, 0x3f]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private, 0xffffff14}, {@remote}, {@remote}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private}]}, @noop, @noop, @generic={0x82, 0x8, "6c414d6f42bd"}, @lsrr={0x83, 0x7, 0x0, [@multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @local, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x0, 0xfdfdffff, 0xffffffff})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'veth1_virt_wifi\x00', <r2=>0x0})
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000200)=0x39d0, 0xf)
bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x16, r2, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="913dcf3296db5d6d52d2f3b42d66", 0xe, 0x0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendto$inet(r3, &(0x7f0000000080)='m', 0x1, 0x0, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000440)={'#! ', '', [], 0xa, "1f709a341bf370fdcc0da2b2ec6ec0fcf87fecb8c5aa56b04cd4bd2bf7d6bd46dc8edb5b6c6cbaf9d3602dc837baeb42aac331139e093d84c2b7817ce1902e0c779ad0000000000000008e5b4c7d7b119d3267c3f45f42c8e564bbd307f7f28debe1350a01f23670d3cef1fe0107ac66d5433d2c46684039c0afe62f33144fa234b04c4121c03bff63c005c71323a45412b3caf10047e5ee33ba34f28cb760cc010600000090b54a189b6220f0b107501626"}, 0xb6)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r5, 0xae9a)

12.743678491s ago: executing program 2 (id=131):
r0 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)}}], 0x2, 0x0)

12.666066881s ago: executing program 2 (id=132):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2f, 0x4, 0x0, 0x0, 0xbc, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x9, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@dev, 0x65c}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote, 0x1}, {@multicast2}, {@private=0xa0100fe}, {@rand_addr=0x64010100}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0x7, 0xdc, [@rand_addr=0x64010102]}, @rr={0x7, 0x13, 0x0, [@remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00'}, 0x10)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

12.509679385s ago: executing program 0 (id=133):
socket$nl_route(0x10, 0x3, 0x0)
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000000)='./file0\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
shmget(0x3, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000004, 0x10010, r0, 0x0)
io_submit(0x0, 0x11, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
dup(0xffffffffffffffff)
getpid()
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x8, 0x5, 0x5, 0x6, 0x6296, 0x1ff, 0x8, 0x6}, 0x20)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a0b04000000000000000002000000300004802c000180090001006d657461000000001c00028008000140000000000800014000000008"], 0x84}}, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
ioctl$int_in(r3, 0x5452, &(0x7f0000000100)=0x5)
sendto(r3, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004002000080020"], 0x4c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

7.869516331s ago: executing program 0 (id=134):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000006c0)=@setlink={0x60, 0x13, 0x100, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2000, 0x2000}, [@IFLA_PROP_LIST={0x40, 0x34, 0x0, 0x1, [{0x14, 0x35, 'team0\x00'}, {0x14, 0x35, 'netpci0\x00'}, {0x14, 0x35, 'ip6gretap0\x00'}]}]}, 0x60}}, 0x8c4)
r2 = socket(0x2a, 0x2, 0x0)
r3 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000080)='./control\x00', 0x88)
close(r3)
r4 = inotify_init1(0x0)
fcntl$setstatus(r3, 0x4, 0x2c00)
lstat(&(0x7f0000000140)='./control\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
quotactl_fd$Q_QUOTAON(r2, 0xffffffff80000200, r5, &(0x7f0000000400)='./control\x00')
r6 = gettid()
fcntl$setown(r3, 0x8, r6)
fcntl$setsig(r4, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x0, 0x0, 0x1, 0x0, 0xb}]}, &(0x7f00000003c0)='syzkaller\x00', 0x2, 0x1005, &(0x7f0000001840)=""/4101, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
inotify_add_watch(r4, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x2, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000440), 0x40100, 0x0)
signalfd4(r3, &(0x7f0000000480)={[0x6]}, 0x8, 0x0)

0s ago: executing program 0 (id=139):
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
preadv2(r1, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/100, 0x64}], 0x1, 0x2b, 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = syz_open_dev$video4linux(&(0x7f0000000280), 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r2, 0xc0305616, &(0x7f0000000040)={0x0, 0x0, @value})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x5, &(0x7f0000000400)=[{0x0, 0x7}, {0x7, 0x0, 0x8, 0x7}, {0x0, 0x0, 0xff}, {}, {}]})
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
set_mempolicy(0x3, &(0x7f0000000100)=0x1, 0x5592)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000500)=0x1, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x34, r4, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7b0}]}]}]}, 0x34}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000000480)=""/255})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.241' (ED25519) to the list of known hosts.
[   59.539402][ T5213] cgroup: Unknown subsys name 'net'
[   59.675734][ T5213] cgroup: Unknown subsys name 'cpuset'
[   59.683843][ T5213] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   61.108542][ T5213] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.622887][ T5228] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.633024][ T5234] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.643152][ T5234] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   64.668965][ T5232] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.671410][ T5234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.678172][ T5232] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   64.692218][ T5237] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.701176][ T5235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.709303][ T5235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.709898][ T5237] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.717276][ T5235] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.731820][ T5235] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   64.739185][ T5235] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.741927][ T5237] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   64.760787][ T5236] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.768047][ T5237] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   64.768047][ T5235] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   64.768655][ T5235] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   64.776174][ T5237] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.782988][ T4619] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   64.804266][ T5235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   64.811980][ T5235] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   64.820425][ T4619] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   64.827657][ T5235] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   64.832298][ T5227] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.835799][ T4619] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   64.843306][ T5227] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.850078][ T4619] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   64.857131][ T5227] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   64.870714][ T5227] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   65.269382][ T5239] chnl_net:caif_netlink_parms(): no params data found
[   65.330756][ T5238] chnl_net:caif_netlink_parms(): no params data found
[   65.477566][ T5241] chnl_net:caif_netlink_parms(): no params data found
[   65.488304][ T5245] chnl_net:caif_netlink_parms(): no params data found
[   65.501513][ T5243] chnl_net:caif_netlink_parms(): no params data found
[   65.520109][ T5239] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.528096][ T5239] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.535677][ T5239] bridge_slave_0: entered allmulticast mode
[   65.543038][ T5239] bridge_slave_0: entered promiscuous mode
[   65.575869][ T5239] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.583159][ T5239] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.590303][ T5239] bridge_slave_1: entered allmulticast mode
[   65.597276][ T5239] bridge_slave_1: entered promiscuous mode
[   65.629654][ T5238] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.639591][ T5238] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.647002][ T5238] bridge_slave_0: entered allmulticast mode
[   65.654733][ T5238] bridge_slave_0: entered promiscuous mode
[   65.687710][ T5238] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.695502][ T5238] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.702834][ T5238] bridge_slave_1: entered allmulticast mode
[   65.709469][ T5238] bridge_slave_1: entered promiscuous mode
[   65.722075][ T5239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.754857][ T5239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.814274][ T5245] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.821799][ T5245] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.829259][ T5245] bridge_slave_0: entered allmulticast mode
[   65.836362][ T5245] bridge_slave_0: entered promiscuous mode
[   65.848770][ T5238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.879377][ T5239] team0: Port device team_slave_0 added
[   65.895316][ T5245] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.902648][ T5245] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.909898][ T5245] bridge_slave_1: entered allmulticast mode
[   65.917759][ T5245] bridge_slave_1: entered promiscuous mode
[   65.933243][ T5238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.961875][ T5239] team0: Port device team_slave_1 added
[   65.968036][ T5243] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.975374][ T5243] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.986466][ T5243] bridge_slave_0: entered allmulticast mode
[   65.993425][ T5243] bridge_slave_0: entered promiscuous mode
[   66.016758][ T5241] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.024278][ T5241] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.031614][ T5241] bridge_slave_0: entered allmulticast mode
[   66.038330][ T5241] bridge_slave_0: entered promiscuous mode
[   66.060843][ T5243] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.068303][ T5243] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.076007][ T5243] bridge_slave_1: entered allmulticast mode
[   66.082807][ T5243] bridge_slave_1: entered promiscuous mode
[   66.092408][ T5245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.104201][ T5238] team0: Port device team_slave_0 added
[   66.113584][ T5245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.122854][ T5241] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.130022][ T5241] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.137433][ T5241] bridge_slave_1: entered allmulticast mode
[   66.144300][ T5241] bridge_slave_1: entered promiscuous mode
[   66.152185][ T5239] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.159159][ T5239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.185261][ T5239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.209292][ T5238] team0: Port device team_slave_1 added
[   66.239371][ T5239] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.246530][ T5239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.272960][ T5239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.296652][ T5243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.323585][ T5245] team0: Port device team_slave_0 added
[   66.351245][ T5243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.364696][ T5245] team0: Port device team_slave_1 added
[   66.371541][ T5238] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.378863][ T5238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.405249][ T5238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.418772][ T5241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.433450][ T5241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.477595][ T5238] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.484747][ T5238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.511262][ T5238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.542023][ T5243] team0: Port device team_slave_0 added
[   66.571769][ T5241] team0: Port device team_slave_0 added
[   66.579338][ T5243] team0: Port device team_slave_1 added
[   66.595592][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.602878][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.632664][ T5245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.645905][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.653294][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.679904][ T5245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.708160][ T5241] team0: Port device team_slave_1 added
[   66.726144][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.733519][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.760003][ T5243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.771826][   T54] Bluetooth: hci1: command tx timeout
[   66.781338][ T5239] hsr_slave_0: entered promiscuous mode
[   66.788113][ T5239] hsr_slave_1: entered promiscuous mode
[   66.823587][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.830570][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.857055][ T5243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.867941][   T54] Bluetooth: hci2: command tx timeout
[   66.902663][ T5241] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.909666][ T5241] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.936188][ T5227] Bluetooth: hci3: command tx timeout
[   66.941757][ T4619] Bluetooth: hci0: command tx timeout
[   66.942015][   T54] Bluetooth: hci4: command tx timeout
[   66.953280][ T5241] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.969149][ T5238] hsr_slave_0: entered promiscuous mode
[   66.976034][ T5238] hsr_slave_1: entered promiscuous mode
[   66.982509][ T5238] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   66.990274][ T5238] Cannot create hsr debugfs directory
[   67.010177][ T5245] hsr_slave_0: entered promiscuous mode
[   67.017055][ T5245] hsr_slave_1: entered promiscuous mode
[   67.023913][ T5245] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   67.031799][ T5245] Cannot create hsr debugfs directory
[   67.038001][ T5241] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.045498][ T5241] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.071564][ T5241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.158479][ T5243] hsr_slave_0: entered promiscuous mode
[   67.167482][ T5243] hsr_slave_1: entered promiscuous mode
[   67.174751][ T5243] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   67.182875][ T5243] Cannot create hsr debugfs directory
[   67.241098][ T5241] hsr_slave_0: entered promiscuous mode
[   67.247409][ T5241] hsr_slave_1: entered promiscuous mode
[   67.254514][ T5241] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   67.262413][ T5241] Cannot create hsr debugfs directory
[   67.567023][ T5239] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.579281][ T5239] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.589357][ T5239] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.599487][ T5239] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.664401][ T5238] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   67.683314][ T5238] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   67.694836][ T5238] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   67.724466][ T5238] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   67.771842][ T5243] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   67.804919][ T5243] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   67.829054][ T5243] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   67.838509][ T5243] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   67.873075][ T5245] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   67.903675][ T5239] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.919164][ T5245] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   67.945776][ T5245] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   67.973147][ T5239] 8021q: adding VLAN 0 to HW filter on device team0
[   67.986311][ T5245] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   68.029609][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.036982][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.046716][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.053860][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.085621][ T5241] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   68.096716][ T5241] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   68.107265][ T5241] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   68.132221][ T5241] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   68.156211][ T5238] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.225982][ T5238] 8021q: adding VLAN 0 to HW filter on device team0
[   68.287947][ T5243] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.298841][ T2947] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.306042][ T2947] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.319369][ T2947] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.326513][ T2947] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.400498][ T5239] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.419172][ T5243] 8021q: adding VLAN 0 to HW filter on device team0
[   68.459039][ T5245] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.475139][ T5241] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.486329][ T2947] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.493612][ T2947] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.517405][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.524558][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.548329][ T5241] 8021q: adding VLAN 0 to HW filter on device team0
[   68.579444][ T5238] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.623496][ T5245] 8021q: adding VLAN 0 to HW filter on device team0
[   68.637702][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.645140][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.670754][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.677932][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.689146][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.696323][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.713877][ T5239] veth0_vlan: entered promiscuous mode
[   68.735030][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.742363][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.754744][ T5239] veth1_vlan: entered promiscuous mode
[   68.818201][ T5238] veth0_vlan: entered promiscuous mode
[   68.836787][ T5243] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.851285][   T54] Bluetooth: hci1: command tx timeout
[   68.880773][ T5239] veth0_macvtap: entered promiscuous mode
[   68.888923][ T5238] veth1_vlan: entered promiscuous mode
[   68.906950][ T5239] veth1_macvtap: entered promiscuous mode
[   68.941815][   T54] Bluetooth: hci2: command tx timeout
[   68.975703][ T5239] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.008311][ T5239] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.016002][   T54] Bluetooth: hci0: command tx timeout
[   69.021195][   T54] Bluetooth: hci4: command tx timeout
[   69.027267][   T54] Bluetooth: hci3: command tx timeout
[   69.056178][ T5239] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.065103][ T5239] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.074722][ T5239] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.083733][ T5239] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.102504][ T5238] veth0_macvtap: entered promiscuous mode
[   69.119622][ T5245] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.133884][ T5238] veth1_macvtap: entered promiscuous mode
[   69.153982][ T5241] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.176332][ T5243] veth0_vlan: entered promiscuous mode
[   69.200801][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.213805][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.226367][ T5238] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.257249][ T5243] veth1_vlan: entered promiscuous mode
[   69.282109][ T5238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.294112][ T5238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.305909][ T5238] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.367426][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.370116][ T5238] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.379295][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.392371][ T5238] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.401416][ T5238] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.410139][ T5238] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.449276][ T5243] veth0_macvtap: entered promiscuous mode
[   69.498243][ T5243] veth1_macvtap: entered promiscuous mode
[   69.507891][   T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.516430][   T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.535941][ T5245] veth0_vlan: entered promiscuous mode
[   69.563481][ T5241] veth0_vlan: entered promiscuous mode
[   69.596676][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.607881][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.619216][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   69.630503][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.643380][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.664527][   T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.678402][ T5239] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   69.680593][   T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.705797][ T5241] veth1_vlan: entered promiscuous mode
[   69.714926][ T5245] veth1_vlan: entered promiscuous mode
[   69.746451][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.758832][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.768839][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   69.779713][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   69.792683][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.843357][ T5243] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.860348][ T5243] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.870086][ T5243] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.880770][ T5243] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.905727][ T2947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.924567][ T5241] veth0_macvtap: entered promiscuous mode
[   69.930855][ T2947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.976150][ T5241] veth1_macvtap: entered promiscuous mode
[   70.016602][ T5245] veth0_macvtap: entered promiscuous mode
[   70.127043][ T5245] veth1_macvtap: entered promiscuous mode
[   70.167404][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   70.198527][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.209765][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   70.227515][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.244062][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   70.258739][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.287479][ T5241] batman_adv: batadv0: Interface activated: batadv_slave_0
[   70.323237][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   70.345229][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.356230][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   70.367540][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.386773][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   70.411303][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.437811][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   70.461055][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.483154][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_0
[   70.531497][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   70.559279][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   70.575775][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.590633][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   70.603221][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.613724][ T5241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   70.627272][ T5241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.650171][ T5241] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.693331][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   70.706129][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.716426][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   70.738002][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.768520][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   70.788535][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.814491][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   70.835902][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.872117][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.918621][ T5241] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.932281][   T54] Bluetooth: hci1: command tx timeout
[   70.960570][ T5241] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.983129][ T5241] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.995633][   T30] audit: type=1326 audit(1727109524.258:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.018504][ T5241] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.021479][   T54] Bluetooth: hci2: command tx timeout
[   71.059364][ T5245] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.087121][   T30] audit: type=1326 audit(1727109524.258:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.109675][   T54] Bluetooth: hci4: command tx timeout
[   71.109916][ T4619] Bluetooth: hci3: command tx timeout
[   71.115144][   T54] Bluetooth: hci0: command tx timeout
[   71.116036][   T30] audit: type=1326 audit(1727109524.258:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.131019][ T5245] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.150073][   T30] audit: type=1326 audit(1727109524.258:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.179538][ T5245] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.193926][ T5245] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.209203][   T30] audit: type=1326 audit(1727109524.258:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.210168][ T5300] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   71.239136][   T30] audit: type=1326 audit(1727109524.258:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.274355][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   71.285665][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   71.302757][   T30] audit: type=1326 audit(1727109524.258:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.332296][ T5298] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8'.
[   71.336378][   T30] audit: type=1326 audit(1727109524.258:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.364103][   T30] audit: type=1326 audit(1727109524.258:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.388847][ T5301] netlink: 'syz.0.8': attribute type 10 has an invalid length.
[   71.389683][   T30] audit: type=1326 audit(1727109524.258:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5293 comm="syz.0.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3e817def9 code=0x7ffc0000
[   71.421739][ T5301] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.431736][ T5301] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.465980][ T5301] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.473436][ T5301] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.483206][ T5301] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.490435][ T5301] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.503754][ T5301] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   71.569138][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   71.584009][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[   71.597303][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[   71.624191][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   71.759358][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   71.797864][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   71.967804][   T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.007195][   T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.024913][  T790] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.065101][  T790] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.196263][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.254519][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.614454][ T5324] netlink: 'syz.3.4': attribute type 3 has an invalid length.
[   73.012139][ T4619] Bluetooth: hci1: command tx timeout
[   73.104739][ T4619] Bluetooth: hci2: command tx timeout
[   73.173248][ T4619] Bluetooth: hci0: command tx timeout
[   73.178708][ T4619] Bluetooth: hci4: command tx timeout
[   73.184208][ T5227] Bluetooth: hci3: command tx timeout
[   73.319518][ T5322] kvm: emulating exchange as write
[   74.018051][ T5346] Zero length message leads to an empty skb
[   74.691198][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   74.996205][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   75.005041][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   75.041225][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   75.051391][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   75.171824][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   75.200824][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   75.209312][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   75.292036][ T5353] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   75.433755][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   75.503323][   T51] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   75.690995][   T51] usb 1-1: Using ep0 maxpacket: 16
[   75.711997][   T51] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   75.733376][   T51] usb 1-1: New USB device found, idVendor=046d, idProduct=0821, bcdDevice=57.47
[   75.735905][   T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.745067][   T51] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.764938][   T51] usb 1-1: Product: syz
[   75.769339][   T51] usb 1-1: Manufacturer: syz
[   75.776388][   T51] usb 1-1: SerialNumber: syz
[   75.797350][   T51] usb 1-1: config 0 descriptor??
[   75.844078][ T5354] syz.1.14 (5354) used greatest stack depth: 18288 bytes left
[   75.933608][   T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.051915][ T5277] usb 1-1: USB disconnect, device number 2
[   76.073437][   T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.211503][   T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.504457][ T5227] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   76.513724][ T5227] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   76.521485][ T5227] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   76.530515][ T5227] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   76.540514][ T5227] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   76.549303][ T5227] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   76.752045][   T52] bridge_slave_1: left allmulticast mode
[   76.762564][   T52] bridge_slave_1: left promiscuous mode
[   76.769982][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.797401][   T52] bridge_slave_0: left allmulticast mode
[   76.804898][   T52] bridge_slave_0: left promiscuous mode
[   76.810672][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.104342][ T5394] mmap: syz.0.28 (5394) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   77.551333][   T51] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   77.714170][   T51] usb 2-1: Using ep0 maxpacket: 32
[   77.748692][   T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   77.804824][   T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   77.816379][   T51] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   77.825887][   T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.862675][   T51] usb 2-1: config 0 descriptor??
[   77.893262][   T51] hub 2-1:0.0: USB hub found
[   77.911783][   T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   77.987055][   T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   78.037744][   T52] bond0 (unregistering): Released all slaves
[   78.083900][ T5399] netlink: 'syz.0.28': attribute type 32 has an invalid length.
[   78.097053][ T5399] netlink: 8 bytes leftover after parsing attributes in process `syz.0.28'.
[   78.106694][ T5399] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[   78.136389][ T5399] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[   78.137520][ T5398] netlink: 'syz.4.29': attribute type 32 has an invalid length.
[   78.154570][ T5398] netlink: 8 bytes leftover after parsing attributes in process `syz.4.29'.
[   78.172405][ T5398] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[   78.196818][ T5398] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[   78.525991][ T5278] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   78.608929][ T5284] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   78.612569][ T5227] Bluetooth: hci3: command tx timeout
[   78.711157][   T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   78.742291][ T5278] usb 5-1: Using ep0 maxpacket: 32
[   78.754573][ T5278] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   78.772511][ T5278] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   78.781145][ T5284] usb 4-1: Using ep0 maxpacket: 32
[   78.793318][ T5278] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   78.816814][ T5384] chnl_net:caif_netlink_parms(): no params data found
[   78.825500][ T5284] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   78.831153][ T5278] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.843696][ T5284] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   78.861543][ T5284] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   78.870903][ T5284] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.877594][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   78.899885][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   78.913199][ T5278] usb 5-1: config 0 descriptor??
[   78.922787][ T5278] hub 5-1:0.0: USB hub found
[   78.930489][   T25] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[   78.967951][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.971645][ T5284] usb 4-1: config 0 descriptor??
[   79.000844][   T25] usb 1-1: config 0 descriptor??
[   79.017532][ T5284] hub 4-1:0.0: USB hub found
[   79.059424][    C1] hrtimer: interrupt took 162544 ns
[   79.250328][ T5384] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.306295][ T5384] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.355198][ T5384] bridge_slave_0: entered allmulticast mode
[   79.373190][ T5384] bridge_slave_0: entered promiscuous mode
[   79.387544][ T5433] FAULT_INJECTION: forcing a failure.
[   79.387544][ T5433] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   79.410299][ T5384] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.418045][ T5433] CPU: 1 UID: 0 PID: 5433 Comm: syz.4.33 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[   79.428235][ T5433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   79.438315][ T5433] Call Trace:
[   79.441595][ T5433]  <TASK>
[   79.444622][ T5433]  dump_stack_lvl+0x241/0x360
[   79.449417][ T5433]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.454632][ T5433]  ? __pfx__printk+0x10/0x10
[   79.459245][ T5433]  ? __pfx_lock_release+0x10/0x10
[   79.464285][ T5433]  should_fail_ex+0x3b0/0x4e0
[   79.468974][ T5433]  _copy_from_user+0x2f/0xe0
[   79.473569][ T5433]  copy_msghdr_from_user+0xae/0x680
[   79.478775][ T5433]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   79.484688][ T5433]  __sys_sendmsg+0x237/0x390
[   79.489286][ T5433]  ? __pfx___sys_sendmsg+0x10/0x10
[   79.494401][ T5433]  ? vfs_write+0x7bf/0xc90
[   79.498854][ T5433]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   79.505193][ T5433]  ? do_syscall_64+0x100/0x230
[   79.509970][ T5433]  ? do_syscall_64+0xb6/0x230
[   79.514652][ T5433]  do_syscall_64+0xf3/0x230
[   79.519173][ T5433]  ? clear_bhb_loop+0x35/0x90
[   79.523873][ T5433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.529776][ T5433] RIP: 0033:0x7fb2b217def9
[   79.534201][ T5433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.553811][ T5433] RSP: 002b:00007fb2b2e9a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   79.562324][ T5433] RAX: ffffffffffffffda RBX: 00007fb2b2336130 RCX: 00007fb2b217def9
[   79.570312][ T5433] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 000000000000000c
[   79.578314][ T5433] RBP: 00007fb2b2e9a090 R08: 0000000000000000 R09: 0000000000000000
[   79.586290][ T5433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   79.594277][ T5433] R13: 0000000000000000 R14: 00007fb2b2336130 R15: 00007fb2b245fa28
[   79.602276][ T5433]  </TASK>
[   79.660420][ T5384] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.705296][ T5384] bridge_slave_1: entered allmulticast mode
[   79.716098][ T5384] bridge_slave_1: entered promiscuous mode
[   79.869988][ T5415] process 'syz.0.32' launched './file1' with NULL argv: empty string added
[   79.992452][ T5384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.025301][   T25] usbhid 1-1:0.0: can't add hid device: -32
[   80.043354][   T25] usbhid 1-1:0.0: probe with driver usbhid failed with error -32
[   80.045386][ T5384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.165445][ T5384] team0: Port device team_slave_0 added
[   80.205190][ T5384] team0: Port device team_slave_1 added
[   80.290478][ T5384] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.299300][ T5384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.330694][ T5401] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   80.348772][ T5384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.382818][ T5401] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[   80.393003][ T5384] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.406246][ T5384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.452979][ T5384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.508398][ T5401] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   80.554872][ T5401] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[   80.668745][ T5401] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   80.691450][ T5227] Bluetooth: hci3: command tx timeout
[   80.704669][ T5401] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[   80.758770][ T5384] hsr_slave_0: entered promiscuous mode
[   80.770775][ T5384] hsr_slave_1: entered promiscuous mode
[   80.779389][ T5401] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   80.788734][ T5384] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.800448][ T5384] Cannot create hsr debugfs directory
[   80.816391][ T5401] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[   81.527451][ T5401] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   81.547675][ T5401] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[   81.570376][ T5281] usb 1-1: USB disconnect, device number 3
[   81.848521][  T941] cfg80211: failed to load regulatory.db
[   81.910210][ T5284] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[   82.002811][ T5284] usbhid 4-1:0.0: can't add hid device: -71
[   82.008944][ T5284] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[   82.130682][ T5284] usb 4-1: USB disconnect, device number 2
[   82.243922][ T5459] netlink: 'syz.3.35': attribute type 1 has an invalid length.
[   82.353656][   T51] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[   82.364414][ T5278] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[   82.378051][   T51] usbhid 2-1:0.0: can't add hid device: -71
[   82.384587][ T5278] usbhid 5-1:0.0: can't add hid device: -71
[   82.390619][ T5278] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   82.404798][   T51] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[   82.423486][ T5278] usb 5-1: USB disconnect, device number 2
[   82.431821][   T51] usb 2-1: USB disconnect, device number 2
[   82.591081][ T5281] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   82.625028][   T52] hsr_slave_0: left promiscuous mode
[   82.638727][   T52] hsr_slave_1: left promiscuous mode
[   82.666999][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.678448][   T52] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.745962][   T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.760379][   T52] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.768197][ T5281] usb 1-1: Using ep0 maxpacket: 8
[   82.782286][ T5281] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   82.797936][ T5281] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   82.828231][ T5281] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.847816][   T52] veth1_macvtap: left promiscuous mode
[   82.861388][ T5281] usb 1-1: config 0 descriptor??
[   82.872179][   T52] veth0_macvtap: left promiscuous mode
[   82.880845][   T52] veth1_vlan: left promiscuous mode
[   82.889902][   T52] veth0_vlan: left promiscuous mode
[   82.901590][   T51] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   83.052267][   T51] usb 2-1: Using ep0 maxpacket: 32
[   83.064906][   T51] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   83.077011][   T51] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   83.090777][ T5281] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[   83.120753][   T51] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   83.153974][   T51] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[   83.189516][   T51] usb 2-1: Product: syz
[   83.208977][   T51] usb 2-1: Manufacturer: syz
[   83.240577][   T51] hub 2-1:4.0: USB hub found
[   83.433657][   T51] hub 2-1:4.0: 2 ports detected
[   83.581296][ T5286] usb 1-1: USB disconnect, device number 4
[   83.622779][ T5286] iowarrior 1-1:0.0: I/O-Warror #0 now disconnected
[   83.763406][   T52] team0 (unregistering): Port device team_slave_1 removed
[   83.799526][   T52] team0 (unregistering): Port device team_slave_0 removed
[   83.847531][ T5466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   83.867143][ T5466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   83.884571][ T5466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   83.903340][ T5466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   84.429562][ T5384] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   84.439990][ T5471] netlink: 'syz.3.38': attribute type 10 has an invalid length.
[   84.456270][ T5471] batman_adv: batadv0: Adding interface: team0
[   84.463683][ T5471] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.512608][ T5471] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   84.565410][ T5472] FAULT_INJECTION: forcing a failure.
[   84.565410][ T5472] name failslab, interval 1, probability 0, space 0, times 1
[   84.585971][ T5472] CPU: 1 UID: 0 PID: 5472 Comm: syz.4.39 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[   84.596187][ T5472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   84.606244][ T5472] Call Trace:
[   84.609531][ T5472]  <TASK>
[   84.612567][ T5472]  dump_stack_lvl+0x241/0x360
[   84.617266][ T5472]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.622475][ T5472]  ? __pfx__printk+0x10/0x10
[   84.627086][ T5472]  ? __kmalloc_node_track_caller_noprof+0xb2/0x440
[   84.633627][ T5472]  ? __pfx___might_resched+0x10/0x10
[   84.638964][ T5472]  should_fail_ex+0x3b0/0x4e0
[   84.643689][ T5472]  should_failslab+0xac/0x100
[   84.648384][ T5472]  __kmalloc_node_track_caller_noprof+0xda/0x440
[   84.654729][ T5472]  ? kobject_set_name_vargs+0x61/0x120
[   84.660269][ T5472]  kstrdup+0x3a/0x80
[   84.664206][ T5472]  kobject_set_name_vargs+0x61/0x120
[   84.669575][ T5472]  dev_set_name+0xd5/0x120
[   84.674033][ T5472]  ? __pfx_dev_set_name+0x10/0x10
[   84.679129][ T5472]  ? device_initialize+0x266/0x460
[   84.684290][ T5472]  netdev_register_kobject+0xb7/0x310
[   84.689882][ T5472]  register_netdevice+0x12c5/0x1b00
[   84.695972][ T5472]  ? __pfx_register_netdevice+0x10/0x10
[   84.701558][ T5472]  ? __pfx_ip_tunnel_find+0x10/0x10
[   84.706865][ T5472]  ? ip_tunnel_newlink+0x274/0x940
[   84.712104][ T5472]  ip_tunnel_newlink+0x29d/0x940
[   84.717408][ T5472]  ? __pfx_ip_tunnel_newlink+0x10/0x10
[   84.722942][ T5472]  ? ip_tunnel_netlink_parms+0x3c2/0x590
[   84.728695][ T5472]  ipip_newlink+0x265/0x340
[   84.733216][ T5472]  ? read_word_at_a_time+0xe/0x20
[   84.738462][ T5472]  ? __pfx_ipip_newlink+0x10/0x10
[   84.743580][ T5472]  ? alloc_netdev_mqs+0xcda/0x1000
[   84.748718][ T5472]  ? rtnl_create_link+0x91c/0xc20
[   84.753778][ T5472]  ? __pfx_ipip_newlink+0x10/0x10
[   84.758907][ T5472]  rtnl_newlink+0x1591/0x20a0
[   84.763623][ T5472]  ? __pfx_rtnl_newlink+0x10/0x10
[   84.768661][ T5472]  ? do_raw_spin_unlock+0x13c/0x8b0
[   84.773873][ T5472]  ? __mutex_lock+0x9ab/0xd70
[   84.778566][ T5472]  ? __mutex_lock+0x52a/0xd70
[   84.783289][ T5472]  ? __pfx_rtnl_newlink+0x10/0x10
[   84.788412][ T5472]  rtnetlink_rcv_msg+0x73f/0xcf0
[   84.793381][ T5472]  ? rtnetlink_rcv_msg+0x1a7/0xcf0
[   84.798503][ T5472]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   84.804109][ T5472]  ? ref_tracker_free+0x643/0x7e0
[   84.809326][ T5472]  netlink_rcv_skb+0x1e3/0x430
[   84.814127][ T5472]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   84.819603][ T5472]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   84.824929][ T5472]  ? netlink_deliver_tap+0x2e/0x1b0
[   84.830148][ T5472]  netlink_unicast+0x7f6/0x990
[   84.834993][ T5472]  ? __pfx_netlink_unicast+0x10/0x10
[   84.840295][ T5472]  ? __virt_addr_valid+0x183/0x530
[   84.845419][ T5472]  ? __check_object_size+0x48e/0x900
[   84.850721][ T5472]  netlink_sendmsg+0x8e4/0xcb0
[   84.855508][ T5472]  ? __pfx_netlink_sendmsg+0x10/0x10
[   84.860808][ T5472]  ? aa_sock_msg_perm+0x91/0x160
[   84.865786][ T5472]  ? __pfx_netlink_sendmsg+0x10/0x10
[   84.871090][ T5472]  __sock_sendmsg+0x221/0x270
[   84.875784][ T5472]  ____sys_sendmsg+0x52a/0x7e0
[   84.880565][ T5472]  ? __pfx_____sys_sendmsg+0x10/0x10
[   84.885985][ T5472]  __sys_sendmsg+0x2aa/0x390
[   84.890598][ T5472]  ? __pfx___sys_sendmsg+0x10/0x10
[   84.895727][ T5472]  ? vfs_write+0x7bf/0xc90
[   84.901328][ T5472]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   84.907758][ T5472]  ? do_syscall_64+0x100/0x230
[   84.912541][ T5472]  ? do_syscall_64+0xb6/0x230
[   84.917226][ T5472]  do_syscall_64+0xf3/0x230
[   84.921780][ T5472]  ? clear_bhb_loop+0x35/0x90
[   84.926472][ T5472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.932394][ T5472] RIP: 0033:0x7fb2b217def9
[   84.936849][ T5472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.956559][ T5472] RSP: 002b:00007fb2b2ebb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   84.964986][ T5472] RAX: ffffffffffffffda RBX: 00007fb2b2336058 RCX: 00007fb2b217def9
[   84.972980][ T5472] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[   84.980961][ T5472] RBP: 00007fb2b2ebb090 R08: 0000000000000000 R09: 0000000000000000
[   84.988937][ T5472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   84.996919][ T5472] R13: 0000000000000000 R14: 00007fb2b2336058 R15: 00007fb2b245fa28
[   85.004905][ T5472]  </TASK>
[   85.018411][ T5473] netlink: 'syz.3.38': attribute type 10 has an invalid length.
[   85.031119][ T5473] netlink: 2 bytes leftover after parsing attributes in process `syz.3.38'.
[   85.050470][ T5473] team0: entered promiscuous mode
[   85.068344][ T5473] team_slave_0: entered promiscuous mode
[   85.077156][ T5473] team_slave_1: entered promiscuous mode
[   85.095554][ T5473] 8021q: adding VLAN 0 to HW filter on device team0
[   85.147285][ T5473] batman_adv: batadv0: Interface activated: team0
[   85.155619][ T5473] batman_adv: batadv0: Interface deactivated: team0
[   85.171448][ T5473] batman_adv: batadv0: Removing interface: team0
[   85.190482][ T5473] bridge0: port 3(team0) entered blocking state
[   85.197387][ T5473] bridge0: port 3(team0) entered disabled state
[   85.206501][ T5473] team0: entered allmulticast mode
[   85.212648][ T5473] team_slave_0: entered allmulticast mode
[   85.219385][ T5473] team_slave_1: entered allmulticast mode
[   85.228530][ T5473] bridge0: port 3(team0) entered blocking state
[   85.235917][ T5473] bridge0: port 3(team0) entered forwarding state
[   85.265862][ T5384] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   85.275710][   T51] hub 2-1:4.0: set hub depth failed
[   85.298910][   T51] usb 2-1: USB disconnect, device number 3
[   85.307998][ T5483] netlink: 'syz.0.42': attribute type 32 has an invalid length.
[   85.319610][ T5483] netlink: 8 bytes leftover after parsing attributes in process `syz.0.42'.
[   85.339935][ T5483] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[   85.365989][ T5483] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[   85.414815][ T5384] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   85.482560][ T5384] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   85.531704][ T5286] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   85.708870][ T5384] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.718517][ T5286] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4
[   85.730990][ T5286] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.768328][ T5286] usb 5-1: config 0 descriptor??
[   85.787747][ T5384] 8021q: adding VLAN 0 to HW filter on device team0
[   85.812620][ T5284] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   85.825127][   T29] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.832358][   T29] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.856277][  T790] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.863551][  T790] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.955815][ T5384] 8021q: adding VLAN 0 to HW filter on device batadv0
[   85.991328][ T5281] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   86.004520][ T5384] veth0_vlan: entered promiscuous mode
[   86.020488][ T5384] veth1_vlan: entered promiscuous mode
[   86.046213][ T5286] gs_usb 5-1:0.0: Couldn't send data format (err=-71)
[   86.054590][ T5284] usb 1-1: Using ep0 maxpacket: 8
[   86.076402][ T5284] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   86.091396][ T5284] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.094990][ T5384] veth0_macvtap: entered promiscuous mode
[   86.117439][ T5384] veth1_macvtap: entered promiscuous mode
[   86.133392][ T5384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.141392][ T5286] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71
[   86.144107][ T5384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.162048][ T5384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.172876][ T5384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.183328][ T5384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.194085][ T5384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.204253][ T5384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   86.211374][ T5286] usb 5-1: USB disconnect, device number 3
[   86.214983][ T5384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.232788][ T5384] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.246770][ T5384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.258233][ T5384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.268884][ T5384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.279598][ T5384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.289723][ T5384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.297484][ T5284] usb 1-1: config 0 descriptor??
[   86.303286][ T5384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.315988][ T5384] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   86.326683][ T5384] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   86.337760][ T5384] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.347994][ T5384] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.356775][ T5384] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.365519][ T5384] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.374339][ T5384] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.424512][ T5281] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   86.502524][ T5281] usb 4-1: New USB device found, idVendor=15f4, idProduct=0015, bcdDevice=74.72
[   86.522637][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.579807][ T5281] usb 4-1: Product: syz
[   86.605463][ T5281] usb 4-1: Manufacturer: syz
[   86.628798][ T5281] usb 4-1: SerialNumber: syz
[   86.652871][ T5281] usb 4-1: config 0 descriptor??
[   86.658114][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.666457][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.675171][ T5281] dvb-usb: found a 'Hanftek UMT-010 DVB-T USB2.0' in warm state.
[   86.705854][ T5281] dvb-usb: bulk message failed: -22 (3/0)
[   86.718854][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.805836][ T5281] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[   86.810181][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.836487][ T5281] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 error while loading driver (-19)
[   86.849908][ T5281] dvb_usb_umt_010 4-1:0.0: probe with driver dvb_usb_umt_010 failed with error -22
[   86.893253][ T5281] usb 4-1: USB disconnect, device number 3
[   87.016365][ T5527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.49'.
[   87.835792][ T5497] netlink: 'syz.0.45': attribute type 29 has an invalid length.
[   87.848839][ T5497] netlink: 'syz.0.45': attribute type 29 has an invalid length.
[   87.892331][ T5560] netlink: 'syz.1.54': attribute type 32 has an invalid length.
[   87.935266][ T5560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.54'.
[   87.947196][ T5560] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[   88.002448][ T5284] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   88.098831][ T5284] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[   88.161372][ T5284] asix 1-1:0.0: probe with driver asix failed with error -71
[   88.250701][ T5284] usb 1-1: USB disconnect, device number 5
[   88.491201][ T5277] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   88.661831][ T5277] usb 5-1: Using ep0 maxpacket: 16
[   88.692209][ T5277] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   88.715413][ T5277] usb 5-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4
[   88.739733][ T5277] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.760692][ T5277] usb 5-1: Product: syz
[   88.780038][ T5277] usb 5-1: Manufacturer: syz
[   88.786396][ T5596] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[   88.823376][ T5277] usb 5-1: SerialNumber: syz
[   88.851402][ T5277] usb 5-1: config 0 descriptor??
[   89.109228][ T5613] x_tables: duplicate underflow at hook 1
[   89.149154][ T5281] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   89.176498][ T5613] capability: warning: `syz.2.68' uses 32-bit capabilities (legacy support in use)
[   89.268768][ T5277] usb 5-1: Found UVC 0.00 device syz (045e:0721)
[   89.278960][ T5277] usb 5-1: No valid video chain found.
[   89.303343][ T5278] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   89.331164][ T5281] usb 4-1: Using ep0 maxpacket: 16
[   89.331610][ T5286] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   89.338246][ T5281] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   89.360261][ T5281] usb 4-1: config 0 has no interfaces?
[   89.366595][ T5281] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   89.382975][ T5281] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.402048][ T5281] usb 4-1: config 0 descriptor??
[   89.421171][   T25] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   89.441313][ T5278] usb 1-1: device descriptor read/64, error -71
[   89.511543][ T5286] usb 2-1: Using ep0 maxpacket: 8
[   89.531254][ T5286] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[   89.550241][ T5286] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   89.567905][ T5286] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   89.571226][   T25] usb 3-1: Using ep0 maxpacket: 32
[   89.603746][   T25] usb 3-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=53.ef
[   89.608243][ T5286] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   89.630864][ T5286] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   89.633387][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.651307][ T5286] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   89.676505][   T25] usb 3-1: Product: syz
[   89.676702][ T5286] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.680740][   T25] usb 3-1: Manufacturer: syz
[   89.701721][ T5278] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   89.752339][   T25] usb 3-1: SerialNumber: syz
[   89.778645][   T25] usb 3-1: config 0 descriptor??
[   89.806456][   T25] cytherm 3-1:0.0: Cypress thermometer device now attached
[   89.861247][ T5278] usb 1-1: device descriptor read/64, error -71
[   89.910148][ T5286] usb 2-1: GET_CAPABILITIES returned 0
[   89.916115][ T5286] usbtmc 2-1:16.0: can't read capabilities
[   89.991301][ T5278] usb usb1-port1: attempt power cycle
[   90.022232][   T25] usb 3-1: USB disconnect, device number 2
[   90.028576][   T25] cytherm 3-1:0.0: Cypress thermometer now disconnected
[   90.156604][ T5286] usb 2-1: USB disconnect, device number 4
[   90.341843][ T5278] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   90.394895][ T5278] usb 1-1: device descriptor read/8, error -71
[   90.651078][ T5278] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   90.651274][ T5286] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   90.742308][ T5278] usb 1-1: device descriptor read/8, error -71
[   90.787420][ T5657] FAULT_INJECTION: forcing a failure.
[   90.787420][ T5657] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   90.801728][ T5657] CPU: 1 UID: 0 PID: 5657 Comm: syz.2.70 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[   90.812109][ T5657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   90.822357][ T5657] Call Trace:
[   90.825665][ T5657]  <TASK>
[   90.828626][ T5657]  dump_stack_lvl+0x241/0x360
[   90.833348][ T5657]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.838584][ T5657]  ? __pfx__printk+0x10/0x10
[   90.843232][ T5657]  should_fail_ex+0x3b0/0x4e0
[   90.848125][ T5657]  prepare_alloc_pages+0x1da/0x5d0
[   90.853272][ T5657]  __alloc_pages_noprof+0x166/0x6c0
[   90.858510][ T5657]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   90.864307][ T5657]  ? validate_chain+0x11e/0x5920
[   90.869928][ T5657]  ? is_bpf_text_address+0x285/0x2a0
[   90.875278][ T5657]  alloc_pages_mpol_noprof+0x3e8/0x680
[   90.881131][ T5657]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[   90.888646][ T5657]  ? arch_stack_walk+0xfd/0x150
[   90.894162][ T5657]  ? alloc_pages_noprof+0xef/0x170
[   90.899508][ T5657]  pte_alloc_one+0x88/0x5d0
[   90.901945][ T5286] usb 2-1: Using ep0 maxpacket: 16
[   90.904043][ T5657]  ? __pfx_pte_alloc_one+0x10/0x10
[   90.914302][ T5657]  ? __lock_acquire+0x1384/0x2050
[   90.918344][ T5286] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   90.919348][ T5657]  ? cgroup_rstat_updated+0x13b/0xc60
[   90.928316][ T5286] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   90.933382][ T5657]  __pte_alloc+0x79/0x390
[   90.933413][ T5657]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[   90.953699][ T5657]  ? __pfx___pte_alloc+0x10/0x10
[   90.958685][ T5657]  ? mark_lock+0x9a/0x360
[   90.963056][ T5657]  handle_pte_fault+0x50b4/0x6800
[   90.966204][ T5286] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   90.968114][ T5657]  ? __pfx_handle_pte_fault+0x10/0x10
[   90.984398][ T5657]  ? __pfx_lock_acquire+0x10/0x10
[   90.989661][ T5657]  ? __pmd_alloc+0x4ff/0x620
[   90.994405][ T5657]  ? __pfx_lock_release+0x10/0x10
[   90.995196][ T5286] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   90.999454][ T5657]  ? do_raw_spin_lock+0x14f/0x370
[   91.015080][ T5657]  ? do_raw_spin_unlock+0x13c/0x8b0
[   91.020353][ T5657]  ? _raw_spin_unlock+0x28/0x50
[   91.025091][ T5286] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   91.025235][ T5657]  ? __pmd_alloc+0x4ff/0x620
[   91.025279][ T5657]  ? __pfx___pmd_alloc+0x10/0x10
[   91.035547][ T5286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.040159][ T5657]  ? mt_find+0x2a9/0x920
[   91.040204][ T5657]  handle_mm_fault+0x1106/0x1bb0
[   91.062442][ T5657]  ? __pfx_handle_mm_fault+0x10/0x10
[   91.067883][ T5657]  ? __pfx_find_vma+0x10/0x10
[   91.068200][ T5286] usb 2-1: Product: syz
[   91.072588][ T5657]  ? vma_is_secretmem+0xd/0x50
[   91.072620][ T5657]  ? check_vma_flags+0x3ee/0x5a0
[   91.072660][ T5657]  __get_user_pages+0x1b16/0x48d0
[   91.072729][ T5657]  ? __pfx___get_user_pages+0x10/0x10
[   91.072769][ T5657]  ? alloc_bprm+0xbbe/0xe20
[   91.072803][ T5657]  ? __pfx_lock_release+0x10/0x10
[   91.072851][ T5657]  get_user_pages_remote+0x31e/0xb60
[   91.072895][ T5657]  ? __pfx_get_user_pages_remote+0x10/0x10
[   91.087770][ T5286] usb 2-1: Manufacturer: syz
[   91.091891][ T5657]  get_arg_page+0x266/0x580
[   91.091936][ T5657]  ? __pfx_get_arg_page+0x10/0x10
[   91.110974][ T5286] usb 2-1: SerialNumber: syz
[   91.112549][ T5657]  ? __pfx_alloc_bprm+0x10/0x10
[   91.143943][ T5657]  copy_string_kernel+0x148/0x1f0
[   91.149694][ T5657]  do_execveat_common+0x3fd/0x6f0
[   91.154980][ T5657]  __x64_sys_execveat+0xc4/0xe0
[   91.161022][ T5657]  do_syscall_64+0xf3/0x230
[   91.165731][ T5657]  ? clear_bhb_loop+0x35/0x90
[   91.170606][ T5657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.177350][ T5657] RIP: 0033:0x7f83d8b7def9
[   91.181904][ T5657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.201576][ T5657] RSP: 002b:00007f83d9a2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[   91.210044][ T5657] RAX: ffffffffffffffda RBX: 00007f83d8d35f80 RCX: 00007f83d8b7def9
[   91.218047][ T5657] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   91.226052][ T5657] RBP: 00007f83d9a2f090 R08: 0000000000001000 R09: 0000000000000000
[   91.234063][ T5657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   91.242074][ T5657] R13: 0000000000000000 R14: 00007f83d8d35f80 R15: 00007f83d8e5fa28
[   91.250095][ T5657]  </TASK>
[   91.307363][ T5278] usb usb1-port1: unable to enumerate USB device
[   91.344145][ T5277] usb 5-1: USB disconnect, device number 4
[   91.832913][ T5681] netlink: 'syz.4.73': attribute type 32 has an invalid length.
[   91.852039][ T5681] netlink: 8 bytes leftover after parsing attributes in process `syz.4.73'.
[   91.883562][ T5681] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[   92.034186][ T5286] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[   92.076922][ T5286] usb 2-1: MIDIStreaming interface descriptor not found
[   92.342643][ T5286] usb 2-1: USB disconnect, device number 5
[   92.368529][   T25] usb 4-1: USB disconnect, device number 4
[   92.986806][ T5719] binder: BINDER_SET_CONTEXT_MGR already set
[   93.026516][ T5719] binder: 5717:5719 ioctl 4018620d 20000100 returned -16
[   93.451487][   T25] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   93.602694][   T25] usb 5-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[   93.619477][   T25] usb 5-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   93.680337][   T25] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   93.693819][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.910032][ T5753] netlink: 4 bytes leftover after parsing attributes in process `syz.0.90'.
[   93.965927][ T5721] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.80'.
[   93.986143][ T5721] openvswitch: netlink: Tunnel attr 0 has unexpected len 2 expected 8
[   94.201135][ T5286] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[   94.255071][   T25] usb 5-1: string descriptor 0 read error: -71
[   94.274022][   T25] aiptek 5-1:17.0: interface has no int in endpoints, but must have minimum 1
[   94.293543][   T25] usb 5-1: USB disconnect, device number 5
[   94.394278][ T5286] usb 1-1: Using ep0 maxpacket: 32
[   94.412939][ T5286] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[   94.442058][ T5286] usb 1-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[   94.466249][ T5286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.481151][ T5286] usb 1-1: Product: syz
[   94.487729][ T5286] usb 1-1: Manufacturer: syz
[   94.539311][ T5286] usb 1-1: SerialNumber: syz
[   94.553818][ T5286] usb 1-1: config 0 descriptor??
[   94.596059][ T5753] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   94.651760][ T5286] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[   94.676108][ T5762] netlink: 'syz.1.92': attribute type 32 has an invalid length.
[   94.684370][ T5762] netlink: 8 bytes leftover after parsing attributes in process `syz.1.92'.
[   94.693459][ T5762] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[   95.036268][ T5774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.088594][ T5774] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.295177][ T5779] binder: BINDER_SET_CONTEXT_MGR already set
[   95.321382][ T5779] binder: 5777:5779 ioctl 4018620d 20000100 returned -16
[   96.285294][ T5281] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   96.455816][ T5281] usb 5-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[   96.477786][ T5281] usb 5-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   96.513549][ T5281] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   96.527416][ T5281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.800031][ T5806] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.105'.
[   96.809855][ T5806] openvswitch: netlink: Tunnel attr 0 has unexpected len 2 expected 8
[   97.012170][   T51] usb 1-1: USB disconnect, device number 10
[   97.118453][ T5281] usb 5-1: string descriptor 0 read error: -71
[   97.162037][ T5281] aiptek 5-1:17.0: interface has no int in endpoints, but must have minimum 1
[   97.210439][ T5281] usb 5-1: USB disconnect, device number 6
[   97.247045][ T5822] binder: BINDER_SET_CONTEXT_MGR already set
[   97.286474][ T5822] binder: 5821:5822 ioctl 4018620d 20000100 returned -16
[   97.607525][ T5834] netlink: 'syz.0.111': attribute type 32 has an invalid length.
[   97.621953][ T5834] netlink: 8 bytes leftover after parsing attributes in process `syz.0.111'.
[   97.632386][ T5834] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[   98.447959][ T5864] binder: BINDER_SET_CONTEXT_MGR already set
[   98.484762][ T5864] binder: 5861:5864 ioctl 4018620d 20000100 returned -16
[   98.591019][ T5286] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   98.791033][ T5286] usb 5-1: Using ep0 maxpacket: 32
[   98.807005][ T5286] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[   98.869751][ T5286] usb 5-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[   98.889997][ T5286] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.921210][ T5286] usb 5-1: Product: syz
[   98.925738][ T5286] usb 5-1: Manufacturer: syz
[   98.930601][ T5286] usb 5-1: SerialNumber: syz
[   98.988535][ T5286] usb 5-1: config 0 descriptor??
[   99.006732][ T5859] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[   99.045413][ T5286] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[   99.321113][   T51] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   99.510697][ T5859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.562851][   T51] usb 2-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[   99.574133][   T51] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   99.598211][ T5859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.606699][   T51] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   99.625375][   T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.912473][ T5878] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.128'.
[   99.923779][ T5878] openvswitch: netlink: Tunnel attr 0 has unexpected len 2 expected 8
[  104.457349][ T5883] sched: DL replenish lagged too much
[  104.516755][   T51] usb 2-1: string descriptor 0 read error: -71
[  104.575568][   T51] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[  104.661064][   T51] usb 2-1: USB disconnect, device number 6
[  111.851495][   T51] usb 5-1: USB disconnect, device number 7
[  120.866434][ T4619] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  120.905197][ T4619] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  120.931714][ T4619] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  120.961658][ T4619] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  120.969325][ T4619] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  120.977039][ T4619] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  121.561371][ T5227] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  121.583096][ T5227] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  121.595538][ T5227] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  121.616188][ T5227] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  121.632309][ T5227] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  121.641522][ T5227] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  121.724656][ T4619] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  121.734856][ T4619] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  121.744288][ T4619] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  121.752760][ T4619] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  121.769393][ T4619] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  121.777982][ T4619] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  121.829512][ T5227] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  121.847222][ T5227] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  121.857483][ T5227] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  121.872228][ T5227] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  121.880035][ T5227] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  121.901283][ T5227] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  123.011279][ T5227] Bluetooth: hci5: command tx timeout
[  123.120534][ T4619] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  123.136480][ T4619] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  123.146397][ T4619] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  123.155222][ T4619] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  123.167817][ T4619] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  123.176766][ T4619] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  123.732527][ T4619] Bluetooth: hci0: command tx timeout
[  123.894569][ T4619] Bluetooth: hci2: command tx timeout
[  123.974570][ T4619] Bluetooth: hci3: command tx timeout
[  125.091135][ T4619] Bluetooth: hci5: command tx timeout
[  125.251195][ T4619] Bluetooth: hci4: command tx timeout
[  125.811174][ T4619] Bluetooth: hci0: command tx timeout
[  125.971498][ T4619] Bluetooth: hci2: command tx timeout
[  126.051277][ T4619] Bluetooth: hci3: command tx timeout
[  127.171094][ T4619] Bluetooth: hci5: command tx timeout
[  127.332119][ T4619] Bluetooth: hci4: command tx timeout
[  127.894261][ T4619] Bluetooth: hci0: command tx timeout
[  128.057710][ T4619] Bluetooth: hci2: command tx timeout
[  128.131175][ T4619] Bluetooth: hci3: command tx timeout
[  129.251131][ T4619] Bluetooth: hci5: command tx timeout
[  129.411329][ T4619] Bluetooth: hci4: command tx timeout
[  129.971076][ T4619] Bluetooth: hci0: command tx timeout
[  130.131203][ T4619] Bluetooth: hci2: command tx timeout
[  130.211076][ T4619] Bluetooth: hci3: command tx timeout
[  131.491221][ T4619] Bluetooth: hci4: command tx timeout
[  133.015027][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  133.021641][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  175.263181][ T5227] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  175.272343][ T5227] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  175.280195][ T5227] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  175.292480][ T5227] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  175.334291][ T5227] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  175.342737][ T5227] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  175.478811][ T4619] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  175.504535][ T4619] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  175.522530][ T4619] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  175.532972][ T4619] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  175.541093][ T4619] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  175.548478][ T4619] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  175.689272][ T4619] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  175.701359][ T4619] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  175.709357][ T4619] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  175.718794][ T4619] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  175.731369][ T4619] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  175.738741][ T4619] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  175.889200][ T4619] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  175.903906][ T4619] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  175.918637][ T4619] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  175.926872][ T4619] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  175.934791][ T4619] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  175.942188][ T4619] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  177.411153][ T5227] Bluetooth: hci6: command tx timeout
[  177.651198][ T5227] Bluetooth: hci7: command tx timeout
[  177.811157][ T5227] Bluetooth: hci8: command tx timeout
[  177.971049][ T5227] Bluetooth: hci9: command tx timeout
[  179.491077][ T5227] Bluetooth: hci6: command tx timeout
[  179.732294][ T5227] Bluetooth: hci7: command tx timeout
[  179.891066][ T5227] Bluetooth: hci8: command tx timeout
[  180.051207][ T5227] Bluetooth: hci9: command tx timeout
[  181.571120][ T5227] Bluetooth: hci6: command tx timeout
[  181.811152][ T5227] Bluetooth: hci7: command tx timeout
[  181.971097][ T5227] Bluetooth: hci8: command tx timeout
[  182.131120][ T5227] Bluetooth: hci9: command tx timeout
[  183.651234][ T5227] Bluetooth: hci6: command tx timeout
[  183.893746][ T5227] Bluetooth: hci7: command tx timeout
[  184.051356][ T5227] Bluetooth: hci8: command tx timeout
[  184.157352][ T4619] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  184.167197][ T4619] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  184.176474][ T4619] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  184.184838][ T4619] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  184.200004][ T4619] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  184.219039][   T54] Bluetooth: hci9: command tx timeout
[  184.225943][ T4619] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  186.291213][ T4619] Bluetooth: hci10: command tx timeout
[  188.371061][ T4619] Bluetooth: hci10: command tx timeout
[  190.461162][ T4619] Bluetooth: hci10: command tx timeout
[  192.535622][ T4619] Bluetooth: hci10: command tx timeout
[  194.461347][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  194.467702][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  235.261449][ T5227] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  235.278833][ T5227] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  235.286665][ T5227] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  235.295157][ T5227] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  235.308055][ T5227] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[  235.321056][ T5227] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  235.404993][ T4619] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  235.415991][ T4619] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  235.431273][ T4619] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  235.439502][ T4619] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  235.447812][ T4619] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[  235.459134][ T4619] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  236.209121][ T4619] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  236.217796][ T4619] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  236.226472][ T4619] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  236.234775][ T4619] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  236.255139][   T54] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3
[  236.265237][   T54] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  236.291619][   T54] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  236.300369][   T54] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  236.308666][   T54] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  236.318843][   T54] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  236.327528][   T54] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3
[  236.335338][   T54] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  237.411036][   T54] Bluetooth: hci11: command tx timeout
[  237.491155][   T54] Bluetooth: hci12: command tx timeout
[  238.291126][   T54] Bluetooth: hci14: command tx timeout
[  238.371046][   T54] Bluetooth: hci13: command tx timeout
[  239.491076][   T54] Bluetooth: hci11: command tx timeout
[  239.571069][   T54] Bluetooth: hci12: command tx timeout
[  240.371035][   T54] Bluetooth: hci14: command tx timeout
[  240.451082][   T54] Bluetooth: hci13: command tx timeout
[  241.571071][   T54] Bluetooth: hci11: command tx timeout
[  241.651165][   T54] Bluetooth: hci12: command tx timeout
[  242.454460][   T54] Bluetooth: hci14: command tx timeout
[  242.531036][   T54] Bluetooth: hci13: command tx timeout
[  243.651101][   T54] Bluetooth: hci11: command tx timeout
[  243.731152][   T54] Bluetooth: hci12: command tx timeout
[  244.535880][   T54] Bluetooth: hci14: command tx timeout
[  244.611068][   T54] Bluetooth: hci13: command tx timeout
[  244.881594][ T4619] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[  244.890800][ T4619] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[  244.900210][ T4619] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[  244.913465][ T4619] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[  244.921512][ T4619] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3
[  244.928923][ T4619] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[  247.011444][ T4619] Bluetooth: hci15: command tx timeout
[  247.750978][ T4619] Bluetooth: hci4: command 0x0406 tx timeout
[  247.762772][ T5236] Bluetooth: hci3: command 0x0406 tx timeout
[  247.768867][ T5236] Bluetooth: hci0: command 0x0406 tx timeout
[  247.775727][ T5237] Bluetooth: hci2: command 0x0406 tx timeout
[  247.784467][ T4619] Bluetooth: hci5: command 0x0406 tx timeout
[  249.091093][ T5227] Bluetooth: hci15: command tx timeout
[  251.171151][ T5227] Bluetooth: hci15: command tx timeout
[  253.261205][ T5227] Bluetooth: hci15: command tx timeout
[  255.894046][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  255.900397][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  284.691146][   T31] INFO: task kworker/1:0:25 blocked for more than 143 seconds.
[  284.699283][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  284.750886][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  284.774986][   T31] task:kworker/1:0     state:D stack:23192 pid:25    tgid:25    ppid:2      flags:0x00004000
[  284.831988][   T31] Workqueue: events_power_efficient crda_timeout_work
[  284.869197][   T31] Call Trace:
[  284.940163][   T31]  <TASK>
[  284.966868][   T31]  __schedule+0x1895/0x4b30
[  285.017011][   T31]  ? __pfx___schedule+0x10/0x10
[  285.040508][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  285.070879][   T31]  ? __pfx_lock_release+0x10/0x10
[  285.076166][   T31]  ? kick_pool+0x1bd/0x620
[  285.080632][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  285.137843][   T31]  ? lockdep_hardirqs_on+0x99/0x150
[  285.166152][   T31]  ? schedule+0x90/0x320
[  285.170486][   T31]  schedule+0x14b/0x320
[  285.210993][   T31]  schedule_preempt_disabled+0x13/0x30
[  285.216537][   T31]  __mutex_lock+0x6a7/0xd70
[  285.260938][   T31]  ? __mutex_lock+0x52a/0xd70
[  285.265705][   T31]  ? crda_timeout_work+0x15/0x50
[  285.270679][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  285.332377][   T31]  ? process_scheduled_works+0x976/0x1850
[  285.338356][   T31]  crda_timeout_work+0x15/0x50
[  285.370917][   T31]  process_scheduled_works+0xa63/0x1850
[  285.376655][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  285.421077][   T31]  ? assign_work+0x364/0x3d0
[  285.425783][   T31]  worker_thread+0x870/0xd30
[  285.430535][   T31]  ? __kthread_parkme+0x169/0x1d0
[  285.470181][   T31]  ? __pfx_worker_thread+0x10/0x10
[  285.493348][   T31]  kthread+0x2f0/0x390
[  285.497487][   T31]  ? __pfx_worker_thread+0x10/0x10
[  285.531055][   T31]  ? __pfx_kthread+0x10/0x10
[  285.550936][   T31]  ret_from_fork+0x4b/0x80
[  285.555434][   T31]  ? __pfx_kthread+0x10/0x10
[  285.560087][   T31]  ret_from_fork_asm+0x1a/0x30
[  285.621101][   T31]  </TASK>
[  285.624286][   T31] INFO: task kworker/u8:3:52 blocked for more than 144 seconds.
[  285.653844][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  285.690881][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  285.699650][   T31] task:kworker/u8:3    state:D stack:21504 pid:52    tgid:52    ppid:2      flags:0x00004000
[  285.786414][   T31] Workqueue: events_unbound linkwatch_event
[  285.811028][   T31] Call Trace:
[  285.814381][   T31]  <TASK>
[  285.817437][   T31]  __schedule+0x1895/0x4b30
[  285.855242][   T31]  ? __pfx___schedule+0x10/0x10
[  285.860174][   T31]  ? __pfx_lock_release+0x10/0x10
[  285.896041][   T31]  ? __mutex_trylock_common+0x92/0x2e0
[  285.908920][   T31]  ? kthread_data+0x52/0xd0
[  285.929248][   T31]  ? schedule+0x90/0x320
[  285.933707][   T31]  ? wq_worker_sleeping+0x66/0x240
[  285.938889][   T31]  ? schedule+0x90/0x320
[  285.958554][   T31]  schedule+0x14b/0x320
[  285.974564][   T31]  schedule_preempt_disabled+0x13/0x30
[  285.980087][   T31]  __mutex_lock+0x6a7/0xd70
[  286.007371][   T31]  ? __mutex_lock+0x52a/0xd70
[  286.020989][   T31]  ? linkwatch_event+0xe/0x60
[  286.025736][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  286.048992][   T31]  ? process_scheduled_works+0x976/0x1850
[  286.065701][   T31]  linkwatch_event+0xe/0x60
[  286.070269][   T31]  process_scheduled_works+0xa63/0x1850
[  286.091066][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  286.097130][   T31]  ? assign_work+0x364/0x3d0
[  286.121031][   T31]  worker_thread+0x870/0xd30
[  286.125707][   T31]  ? __kthread_parkme+0x169/0x1d0
[  286.140906][   T31]  ? __pfx_worker_thread+0x10/0x10
[  286.146094][   T31]  kthread+0x2f0/0x390
[  286.150197][   T31]  ? __pfx_worker_thread+0x10/0x10
[  286.177602][   T31]  ? __pfx_kthread+0x10/0x10
[  286.197073][   T31]  ret_from_fork+0x4b/0x80
[  286.201820][   T31]  ? __pfx_kthread+0x10/0x10
[  286.206462][   T31]  ret_from_fork_asm+0x1a/0x30
[  286.227455][   T31]  </TASK>
[  286.246394][   T31] INFO: task kworker/u8:8:4016 blocked for more than 144 seconds.
[  286.259038][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  286.276356][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  286.300937][   T31] task:kworker/u8:8    state:D stack:23824 pid:4016  tgid:4016  ppid:2      flags:0x00004000
[  286.326535][   T31] Workqueue: netns cleanup_net
[  286.340584][   T31] Call Trace:
[  286.344090][   T31]  <TASK>
[  286.347048][   T31]  __schedule+0x1895/0x4b30
[  286.364238][   T31]  ? __pfx___schedule+0x10/0x10
[  286.369154][   T31]  ? __pfx_lock_release+0x10/0x10
[  286.398077][   T31]  ? kthread_data+0x52/0xd0
[  286.408853][   T31]  ? wq_worker_sleeping+0x66/0x240
[  286.420483][   T31]  ? schedule+0x90/0x320
[  286.437832][   T31]  schedule+0x14b/0x320
[  286.457921][   T31]  schedule_timeout+0xb0/0x310
[  286.468003][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  286.480985][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  286.487053][   T31]  ? wait_for_completion+0x2fe/0x620
[  286.509407][   T31]  ? wait_for_completion+0x2fe/0x620
[  286.531167][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  286.550906][   T31]  ? lockdep_hardirqs_on+0x99/0x150
[  286.556741][   T31]  ? wait_for_completion+0x2fe/0x620
[  286.583860][   T31]  wait_for_completion+0x355/0x620
[  286.589107][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  286.619567][   T31]  ? __flush_work+0xe7/0xc50
[  286.621448][    C0] BUG: workqueue lockup - pool
[  286.624348][   T31]  __flush_work+0xa37/0xc50
[  286.624424][   T31]  ? __flush_work+0xe7/0xc50
[  286.629226][    C0]  cpus=0 node=0 flags=0x0 nice=-20 stuck for 165s!
[  286.645187][    C0] Showing busy workqueues and worker pools:
[  286.650956][   T31]  ? __pfx___flush_work+0x10/0x10
[  286.651112][    C0] workqueue events: flags=0x0
[  286.656098][   T31]  ? __pfx_wq_barrier_func+0x10/0x10
[  286.660934][    C0]   pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=11 refcnt=12
[  286.660982][    C0]     pending: nsim_dev_trap_report_work, vmstat_shepherd, 3*nsim_dev_trap_report_work, free_obj_work, 5*nsim_dev_hwstats_traffic_work
[  286.661119][    C0] workqueue events_highpri: flags=0x10
[  286.680974][   T31]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  286.687593][    C0]   pwq 3: cpus=0 node=0 flags=0x0 nice=-20 active=1 refcnt=3
[  286.687640][    C0]     pending: flush_backlog BAR(4016)
[  286.687678][    C0] workqueue events_long: flags=0x0
[  286.717546][    C0]   pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=7 refcnt=8
[  286.717593][    C0]     pending: 7*defense_work_handler
[  286.717627][    C0] workqueue events_unbound: flags=0x2
[  286.721196][   T31]  ? _raw_spin_lock_irq+0xdf/0x120
[  286.724941][    C0]   pwq 8: cpus=0-1 flags=0x4 nice=0 active=2 refcnt=3
[  286.724980][    C0]     in-flight: 52:linkwatch_event linkwatch_event
[  286.725037][    C0] workqueue events_power_efficient: flags=0x80
[  286.730353][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  286.735743][    C0]   pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=2 refcnt=3
[  286.735781][    C0]     in-flight: 25:crda_timeout_work ,51:reg_check_chans_work
[  286.735837][    C0] workqueue netns: flags=0x6000a
[  286.785712][    C0]   pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=4
[  286.785752][    C0]     in-flight: 4016:cleanup_net
[  286.785792][    C0] workqueue mm_percpu_wq: flags=0x8
[  286.802974][    C0]   pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
[  286.803022][    C0]     pending: vmstat_update
[  286.803063][    C0] workqueue kblockd: flags=0x18
[  286.819838][    C0]   pwq 3: cpus=0 node=0 flags=0x0 nice=-20 active=1 refcnt=2
[  286.819883][    C0]     pending: blk_mq_timeout_work
[  286.820266][    C0] workqueue ipv6_addrconf: flags=0x6000a
[  286.820301][   T31]  unregister_netdevice_many_notify+0x87b/0x1da0
[  286.827846][    C0]   pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=9
[  286.827882][    C0]     in-flight: 1096:addrconf_verify_work
[  286.827920][    C0]     inactive: 5*addrconf_verify_work
[  286.828011][    C0] workqueue wg-crypt-wg1: flags=0x28
[  286.851987][   T31]  ? __mutex_trylock_common+0x183/0x2e0
[  286.857729][    C0]   pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
[  286.857777][    C0]     pending: wg_packet_decrypt_worker
[  286.857822][    C0] workqueue wg-crypt-wg1: flags=0x28
[  286.876367][   T31]  ? __pfx___might_resched+0x10/0x10
[  286.881413][    C0]   pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
[  286.881461][    C0]     pending: wg_packet_decrypt_worker, wg_packet_encrypt_worker
[  286.881513][    C0] workqueue wg-crypt-wg0: flags=0x28
[  286.896403][   T31]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  286.897743][    C0]   pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
[  286.897786][    C0]     in-flight: 5277:wg_packet_tx_worker
[  286.897829][    C0] workqueue wg-crypt-wg1: flags=0x28
[  286.920514][   T31]  ? __pfx___mutex_trylock_common+0x10/0x10
[  286.925075][    C0]   pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
[  286.925121][    C0]     pending: wg_packet_decrypt_worker
[  286.925170][    C0] pool 2: cpus=0 node=0 flags=0x0 nice=0 hung=0s workers=7 idle: 5286 5284 5276 938 8 9
[  286.925282][    C0] pool 6: cpus=1 node=0 flags=0x0 nice=0 hung=0s workers=8 idle: 941 5278 5281 5266 5279 5280
[  286.925395][    C0] pool 8: cpus=0-1 flags=0x4 nice=0 hung=0s workers=9 idle: 12 29 790 2947 11 62
[  286.925501][    C0] Showing backtraces of running workers in stalled CPU-bound worker pools:
[  286.950938][   T31]  ? rcu_is_watching+0x15/0xb0
[  287.095364][   T31]  ? trace_contention_end+0x3c/0x120
[  287.100744][   T31]  ? __mutex_lock+0x2ef/0xd70
[  287.120908][   T31]  ? do_raw_spin_unlock+0x13c/0x8b0
[  287.126188][   T31]  unregister_netdevice_queue+0x303/0x370
[  287.156800][   T31]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  287.170888][   T31]  nsim_destroy+0x180/0x5c0
[  287.175555][   T31]  __nsim_dev_port_del+0x14b/0x1b0
[  287.180715][   T31]  nsim_dev_reload_destroy+0x28a/0x490
[  287.207960][   T31]  nsim_dev_reload_down+0x98/0xd0
[  287.220995][   T31]  devlink_reload+0x18b/0x870
[  287.225744][   T31]  ? __pfx_devlink_reload+0x10/0x10
[  287.248715][   T31]  devlink_pernet_pre_exit+0x1f3/0x440
[  287.266314][   T31]  ? __pfx_devlink_pernet_pre_exit+0x10/0x10
[  287.280885][   T31]  ? class_remove_file_ns+0x121/0x160
[  287.286335][   T31]  cleanup_net+0x615/0xcc0
[  287.301036][   T31]  ? __pfx_cleanup_net+0x10/0x10
[  287.306062][   T31]  ? process_scheduled_works+0x976/0x1850
[  287.330905][   T31]  process_scheduled_works+0xa63/0x1850
[  287.336564][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  287.359360][   T31]  ? assign_work+0x364/0x3d0
[  287.376195][   T31]  worker_thread+0x870/0xd30
[  287.390920][   T31]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  287.397006][   T31]  ? __kthread_parkme+0x169/0x1d0
[  287.424971][   T31]  ? __pfx_worker_thread+0x10/0x10
[  287.430389][   T31]  kthread+0x2f0/0x390
[  287.450927][   T31]  ? __pfx_worker_thread+0x10/0x10
[  287.456169][   T31]  ? __pfx_kthread+0x10/0x10
[  287.480906][   T31]  ret_from_fork+0x4b/0x80
[  287.485631][   T31]  ? __pfx_kthread+0x10/0x10
[  287.490304][   T31]  ret_from_fork_asm+0x1a/0x30
[  287.515771][   T31]  </TASK>
[  287.529759][   T31] INFO: task syz-executor:5384 blocked for more than 146 seconds.
[  287.544059][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  287.570094][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  287.589233][   T31] task:syz-executor    state:D stack:20608 pid:5384  tgid:5384  ppid:1      flags:0x00004006
[  287.618254][   T31] Call Trace:
[  287.626828][   T31]  <TASK>
[  287.629822][   T31]  __schedule+0x1895/0x4b30
[  287.644878][   T31]  ? __pfx___schedule+0x10/0x10
[  287.649849][   T31]  ? __pfx_lock_release+0x10/0x10
[  287.670937][   T31]  ? __mutex_trylock_common+0x92/0x2e0
[  287.676478][   T31]  ? schedule+0x90/0x320
[  287.680755][   T31]  schedule+0x14b/0x320
[  287.706616][   T31]  schedule_preempt_disabled+0x13/0x30
[  287.724132][   T31]  __mutex_lock+0x6a7/0xd70
[  287.728724][   T31]  ? __mutex_lock+0x52a/0xd70
[  287.770892][   T31]  ? tun_chr_close+0x3b/0x1b0
[  287.775686][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  287.780779][   T31]  ? __pfx_call_rcu+0x10/0x10
[  287.806951][   T31]  tun_chr_close+0x3b/0x1b0
[  287.823236][   T31]  ? __pfx_tun_chr_close+0x10/0x10
[  287.828460][   T31]  __fput+0x23f/0x880
[  287.848559][   T31]  task_work_run+0x24f/0x310
[  287.860223][   T31]  ? kasan_quarantine_put+0xdc/0x230
[  287.874111][   T31]  ? __pfx_task_work_run+0x10/0x10
[  287.879282][   T31]  ? do_exit+0xa2a/0x28e0
[  287.901041][   T31]  ? kmem_cache_free+0x1a2/0x420
[  287.910915][   T31]  ? do_exit+0xa2a/0x28e0
[  287.927958][   T31]  do_exit+0xa2f/0x28e0
[  287.938139][   T31]  ? __pfx_do_exit+0x10/0x10
[  287.957239][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  287.970888][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  287.977036][   T31]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  288.000595][   T31]  ? _raw_spin_lock_irq+0xdf/0x120
[  288.012287][   T31]  do_group_exit+0x207/0x2c0
[  288.017117][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.041059][   T31]  ? lockdep_hardirqs_on+0x99/0x150
[  288.047338][   T31]  get_signal+0x176f/0x1810
[  288.071050][   T31]  ? __pfx_get_signal+0x10/0x10
[  288.076109][   T31]  arch_do_signal_or_restart+0x96/0x860
[  288.101152][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  288.108065][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  288.139440][   T31]  ? syscall_exit_to_user_mode+0xa3/0x370
[  288.157566][   T31]  syscall_exit_to_user_mode+0xc9/0x370
[  288.171279][   T31]  do_syscall_64+0x100/0x230
[  288.176133][   T31]  ? clear_bhb_loop+0x35/0x90
[  288.207125][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.217771][   T31] RIP: 0033:0x7f83d8b74157
[  288.237176][   T31] RSP: 002b:00007f83d8e5fd90 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[  288.257027][   T31] RAX: fffffffffffffe00 RBX: 0000000000000040 RCX: 00007f83d8b74157
[  288.279611][   T31] RDX: 0000000040000000 RSI: 00007f83d8e5fdec RDI: 00000000ffffffff
[  288.304194][   T31] RBP: 00007f83d8e5fdec R08: 0000000000000000 R09: 7fffffffffffffff
[  288.325263][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 00005555607565eb
[  288.350871][   T31] R13: 0000555560756590 R14: 0000000000018627 R15: 00007f83d8e5fe40
[  288.358919][   T31]  </TASK>
[  288.373993][   T31] INFO: task syz.1.128:5877 blocked for more than 147 seconds.
[  288.385364][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  288.396126][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  288.407390][   T31] task:syz.1.128       state:D stack:24952 pid:5877  tgid:5877  ppid:5243   flags:0x00004006
[  288.421668][   T31] Call Trace:
[  288.424982][   T31]  <TASK>
[  288.427947][   T31]  __schedule+0x1895/0x4b30
[  288.437742][   T31]  ? __pfx___schedule+0x10/0x10
[  288.445201][   T31]  ? __pfx_lock_release+0x10/0x10
[  288.450445][   T31]  ? __mutex_trylock_common+0x92/0x2e0
[  288.461230][   T31]  ? schedule+0x90/0x320
[  288.465532][   T31]  schedule+0x14b/0x320
[  288.469726][   T31]  schedule_preempt_disabled+0x13/0x30
[  288.481138][   T31]  __mutex_lock+0x6a7/0xd70
[  288.485708][   T31]  ? __mutex_lock+0x52a/0xd70
[  288.490440][   T31]  ? tun_chr_close+0x3b/0x1b0
[  288.503688][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  288.508807][   T31]  ? __pfx_call_rcu+0x10/0x10
[  288.518530][   T31]  tun_chr_close+0x3b/0x1b0
[  288.524599][   T31]  ? __pfx_tun_chr_close+0x10/0x10
[  288.529934][   T31]  __fput+0x23f/0x880
[  288.543346][   T31]  task_work_run+0x24f/0x310
[  288.547995][   T31]  ? kasan_quarantine_put+0xdc/0x230
[  288.558939][   T31]  ? __pfx_task_work_run+0x10/0x10
[  288.566721][   T31]  ? do_exit+0xa2a/0x28e0
[  288.574792][   T31]  ? kmem_cache_free+0x1a2/0x420
[  288.579782][   T31]  ? do_exit+0xa2a/0x28e0
[  288.586675][   T31]  do_exit+0xa2f/0x28e0
[  288.594467][   T31]  ? __pfx_do_exit+0x10/0x10
[  288.599097][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  288.614740][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  288.620785][   T31]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  288.628996][   T31]  ? _raw_spin_lock_irq+0xdf/0x120
[  288.638772][   T31]  do_group_exit+0x207/0x2c0
[  288.644753][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.649997][   T31]  ? lockdep_hardirqs_on+0x99/0x150
[  288.659860][   T31]  get_signal+0x176f/0x1810
[  288.667650][   T31]  ? __pfx_get_signal+0x10/0x10
[  288.674582][   T31]  ? __pfx___might_resched+0x10/0x10
[  288.680226][   T31]  arch_do_signal_or_restart+0x96/0x860
[  288.690604][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  288.705661][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  288.714534][   T31]  ? syscall_exit_to_user_mode+0xa3/0x370
[  288.720355][   T31]  syscall_exit_to_user_mode+0xc9/0x370
[  288.731145][   T31]  do_syscall_64+0x100/0x230
[  288.735816][   T31]  ? clear_bhb_loop+0x35/0x90
[  288.740546][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.753037][   T31] RIP: 0033:0x7f57cb77def9
[  288.757512][   T31] RSP: 002b:00007f57cba5fb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  288.769576][   T31] RAX: 0000000000000000 RBX: 00000000000182d9 RCX: 00007f57cb77def9
[  288.785655][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  288.799150][   T31] RBP: 00007f57cb937a80 R08: 0000000000000001 R09: 00007f57cba5fe7f
[  288.810246][   T31] R10: 00007f57cb600000 R11: 0000000000000246 R12: 0000000000018a41
[  288.825302][   T31] R13: 00007f57cba5fc90 R14: 000000000000015e R15: ffffffffffffffff
[  288.835763][   T31]  </TASK>
[  288.838948][   T31] INFO: task syz.3.129:5880 blocked for more than 147 seconds.
[  288.853132][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  288.860475][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  288.874921][   T31] task:syz.3.129       state:D stack:25920 pid:5880  tgid:5880  ppid:5241   flags:0x00004006
[  288.889243][   T31] Call Trace:
[  288.896613][   T31]  <TASK>
[  288.900060][   T31]  __schedule+0x1895/0x4b30
[  288.914407][   T31]  ? __pfx___schedule+0x10/0x10
[  288.919631][   T31]  ? __pfx_lock_release+0x10/0x10
[  288.927709][   T31]  ? __mutex_trylock_common+0x92/0x2e0
[  288.938840][   T31]  ? schedule+0x90/0x320
[  288.946915][   T31]  schedule+0x14b/0x320
[  288.954959][   T31]  schedule_preempt_disabled+0x13/0x30
[  288.960492][   T31]  __mutex_lock+0x6a7/0xd70
[  288.967819][   T31]  ? __mutex_lock+0x52a/0xd70
[  288.977464][   T31]  ? tun_chr_close+0x3b/0x1b0
[  288.985061][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  288.990146][   T31]  ? __pfx_call_rcu+0x10/0x10
[  288.998628][   T31]  tun_chr_close+0x3b/0x1b0
[  289.005704][   T31]  ? __pfx_tun_chr_close+0x10/0x10
[  289.014823][   T31]  __fput+0x23f/0x880
[  289.018878][   T31]  task_work_run+0x24f/0x310
[  289.027353][   T31]  ? kasan_quarantine_put+0xdc/0x230
[  289.036268][   T31]  ? __pfx_task_work_run+0x10/0x10
[  289.044002][   T31]  ? do_exit+0xa2a/0x28e0
[  289.048372][   T31]  ? kmem_cache_free+0x1a2/0x420
[  289.056876][   T31]  ? do_exit+0xa2a/0x28e0
[  289.063780][   T31]  do_exit+0xa2f/0x28e0
[  289.067984][   T31]  ? __pfx_do_exit+0x10/0x10
[  289.076216][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  289.085692][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  289.096736][   T31]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  289.105493][   T31]  ? _raw_spin_lock_irq+0xdf/0x120
[  289.110659][   T31]  do_group_exit+0x207/0x2c0
[  289.119006][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  289.126690][   T31]  ? lockdep_hardirqs_on+0x99/0x150
[  289.135817][   T31]  get_signal+0x176f/0x1810
[  289.140473][   T31]  ? __pfx_get_signal+0x10/0x10
[  289.150702][   T31]  ? __pfx___might_resched+0x10/0x10
[  289.159748][   T31]  arch_do_signal_or_restart+0x96/0x860
[  289.167896][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  289.177568][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  289.186292][   T31]  ? syscall_exit_to_user_mode+0xa3/0x370
[  289.195419][   T31]  syscall_exit_to_user_mode+0xc9/0x370
[  289.206013][   T31]  do_syscall_64+0x100/0x230
[  289.210657][   T31]  ? clear_bhb_loop+0x35/0x90
[  289.218973][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.227450][   T31] RIP: 0033:0x7f2c7ab7def9
[  289.235587][   T31] RSP: 002b:00007f2c7ae5fb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  289.246654][   T31] RAX: 0000000000000000 RBX: 00007f2c7ad37a80 RCX: 00007f2c7ab7def9
[  289.259816][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  289.270466][   T31] RBP: 00007f2c7ad37a80 R08: 0000000000000006 R09: 00007f2c7ae5fe7f
[  289.280864][   T31] R10: 00000000003ffadc R11: 0000000000000246 R12: 0000000000018739
[  289.288877][   T31] R13: 00007f2c7ae5fc90 R14: 0000000000000032 R15: ffffffffffffffff
[  289.302104][   T31]  </TASK>
[  289.305246][   T31] INFO: task syz-executor:5924 blocked for more than 147 seconds.
[  289.322125][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  289.329439][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  289.344201][   T31] task:syz-executor    state:D stack:26816 pid:5924  tgid:5924  ppid:1      flags:0x00004004
[  289.357104][   T31] Call Trace:
[  289.360467][   T31]  <TASK>
[  289.368360][   T31]  __schedule+0x1895/0x4b30
[  289.375665][   T31]  ? __pfx___schedule+0x10/0x10
[  289.380612][   T31]  ? __pfx_lock_release+0x10/0x10
[  289.389840][   T31]  ? __mutex_trylock_common+0x92/0x2e0
[  289.398044][   T31]  ? schedule+0x90/0x320
[  289.406092][   T31]  schedule+0x14b/0x320
[  289.410310][   T31]  schedule_preempt_disabled+0x13/0x30
[  289.418638][   T31]  __mutex_lock+0x6a7/0xd70
[  289.428548][   T31]  ? __mutex_lock+0x52a/0xd70
[  289.435693][   T31]  ? register_nexthop_notifier+0x84/0x290
[  289.445066][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  289.450334][   T31]  ? __asan_memset+0x23/0x50
[  289.458278][   T31]  register_nexthop_notifier+0x84/0x290
[  289.467571][   T31]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  289.476044][   T31]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  289.487520][   T31]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  289.498442][   T31]  ? __asan_memset+0x23/0x50
[  289.507283][   T31]  ops_init+0x31e/0x590
[  289.514379][   T31]  ? lockdep_init_map_type+0xa1/0x910
[  289.519836][   T31]  setup_net+0x287/0x9e0
[  289.527943][   T31]  ? __pfx_down_read_killable+0x10/0x10
[  289.536848][   T31]  ? __pfx_setup_net+0x10/0x10
[  289.545337][   T31]  copy_net_ns+0x33f/0x570
[  289.550092][   T31]  create_new_namespaces+0x425/0x7b0
[  289.559980][   T31]  unshare_nsproxy_namespaces+0x124/0x180
[  289.569630][   T31]  ksys_unshare+0x619/0xc10
[  289.579143][   T31]  ? __pfx_ksys_unshare+0x10/0x10
[  289.587761][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  289.596515][   T31]  ? do_syscall_64+0x100/0x230
[  289.604971][   T31]  __x64_sys_unshare+0x38/0x40
[  289.609794][   T31]  do_syscall_64+0xf3/0x230
[  289.619570][   T31]  ? clear_bhb_loop+0x35/0x90
[  289.628726][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.638285][   T31] RIP: 0033:0x7f3a5837f6f7
[  289.647079][   T31] RSP: 002b:00007f3a5865ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  289.659042][   T31] RAX: ffffffffffffffda RBX: 00007f3a583f22ec RCX: 00007f3a5837f6f7
[  289.672463][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  289.680517][   T31] RBP: 0000000000000000 R08: 00007f3a59067d60 R09: 0000000000000000
[  289.696012][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c
[  289.704402][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  289.719664][   T31]  </TASK>
[  289.723172][   T31] INFO: task syz-executor:5928 blocked for more than 148 seconds.
[  289.740966][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  289.748520][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  289.763963][   T31] task:syz-executor    state:D stack:26480 pid:5928  tgid:5928  ppid:1      flags:0x00004006
[  289.776998][   T31] Call Trace:
[  289.780342][   T31]  <TASK>
[  289.789074][   T31]  __schedule+0x1895/0x4b30
[  289.796258][   T31]  ? __pfx___schedule+0x10/0x10
[  289.804674][   T31]  ? __pfx_lock_release+0x10/0x10
[  289.809758][   T31]  ? __mutex_trylock_common+0x92/0x2e0
[  289.830753][   T31]  ? schedule+0x90/0x320
[  289.835458][   T31]  schedule+0x14b/0x320
[  289.839664][   T31]  schedule_preempt_disabled+0x13/0x30
[  289.853136][   T31]  __mutex_lock+0x6a7/0xd70
[  289.857799][   T31]  ? __mutex_lock+0x52a/0xd70
[  289.867979][   T31]  ? register_nexthop_notifier+0x84/0x290
[  289.875380][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  289.880492][   T31]  ? __asan_memset+0x23/0x50
[  289.890736][   T31]  register_nexthop_notifier+0x84/0x290
[  289.907126][   T31]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  289.915387][   T31]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  289.927948][   T31]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  289.936759][   T31]  ? __asan_memset+0x23/0x50
[  289.946700][   T31]  ops_init+0x31e/0x590
[  289.953299][   T31]  ? lockdep_init_map_type+0xa1/0x910
[  289.959432][   T31]  setup_net+0x287/0x9e0
[  289.972146][   T31]  ? __pfx_down_read_killable+0x10/0x10
[  289.978161][   T31]  ? __pfx_setup_net+0x10/0x10
[  289.990358][   T31]  copy_net_ns+0x33f/0x570
[  289.995761][   T31]  create_new_namespaces+0x425/0x7b0
[  290.007709][   T31]  unshare_nsproxy_namespaces+0x124/0x180
[  290.015971][   T31]  ksys_unshare+0x619/0xc10
[  290.020611][   T31]  ? __pfx_ksys_unshare+0x10/0x10
[  290.030914][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  290.037005][   T31]  ? do_syscall_64+0x100/0x230
[  290.047384][   T31]  __x64_sys_unshare+0x38/0x40
[  290.052862][   T31]  do_syscall_64+0xf3/0x230
[  290.057621][   T31]  ? clear_bhb_loop+0x35/0x90
[  290.068749][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.076239][   T31] RIP: 0033:0x7f556437f6f7
[  290.080793][   T31] RSP: 002b:00007f556465ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  290.096296][   T31] RAX: ffffffffffffffda RBX: 00007f55643f22ec RCX: 00007f556437f6f7
[  290.110363][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  290.118713][   T31] RBP: 0000000000000000 R08: 00007f5565067d60 R09: 0000000000000000
[  290.130865][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c
[  290.138884][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  290.152790][   T31]  </TASK>
[  290.155922][   T31] INFO: task syz-executor:5930 blocked for more than 148 seconds.
[  290.167722][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  290.178789][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  290.191328][   T31] task:syz-executor    state:D stack:25904 pid:5930  tgid:5930  ppid:1      flags:0x00004004
[  290.207230][   T31] Call Trace:
[  290.210560][   T31]  <TASK>
[  290.215146][   T31]  __schedule+0x1895/0x4b30
[  290.219722][   T31]  ? __pfx___schedule+0x10/0x10
[  290.229762][   T31]  ? __pfx_lock_release+0x10/0x10
[  290.236420][   T31]  ? __mutex_trylock_common+0x92/0x2e0
[  290.248813][   T31]  ? schedule+0x90/0x320
[  290.254953][   T31]  schedule+0x14b/0x320
[  290.259492][   T31]  schedule_preempt_disabled+0x13/0x30
[  290.270941][   T31]  __mutex_lock+0x6a7/0xd70
[  290.275811][   T31]  ? __mutex_lock+0x52a/0xd70
[  290.280569][   T31]  ? register_nexthop_notifier+0x84/0x290
[  290.293972][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  290.300070][   T31]  ? __asan_memset+0x23/0x50
[  290.314668][   T31]  register_nexthop_notifier+0x84/0x290
[  290.320436][   T31]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  290.334560][   T31]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  290.343635][   T31]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  290.350702][   T31]  ? __asan_memset+0x23/0x50
[  290.360997][   T31]  ops_init+0x31e/0x590
[  290.366846][   T31]  ? lockdep_init_map_type+0xa1/0x910
[  290.381855][   T31]  setup_net+0x287/0x9e0
[  290.386364][   T31]  ? __pfx_down_read_killable+0x10/0x10
[  290.398737][   T31]  ? __pfx_setup_net+0x10/0x10
[  290.404242][   T31]  copy_net_ns+0x33f/0x570
[  290.409211][   T31]  create_new_namespaces+0x425/0x7b0
[  290.421443][   T31]  unshare_nsproxy_namespaces+0x124/0x180
[  290.427720][   T31]  ksys_unshare+0x619/0xc10
[  290.441779][   T31]  ? __pfx_ksys_unshare+0x10/0x10
[  290.447023][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  290.460956][   T31]  ? do_syscall_64+0x100/0x230
[  290.465831][   T31]  __x64_sys_unshare+0x38/0x40
[  290.476798][   T31]  do_syscall_64+0xf3/0x230
[  290.483285][   T31]  ? clear_bhb_loop+0x35/0x90
[  290.488757][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.500953][   T31] RIP: 0033:0x7f6d9737f6f7
[  290.505449][   T31] RSP: 002b:00007f6d9765ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  290.522530][   T31] RAX: ffffffffffffffda RBX: 00007f6d973f22ec RCX: 00007f6d9737f6f7
[  290.542551][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  290.550617][   T31] RBP: 0000000000000000 R08: 00007f6d98067d60 R09: 0000000000000000
[  290.565013][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c
[  290.574743][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  290.588868][   T31]  </TASK>
[  290.593574][   T31] INFO: task syz-executor:5931 blocked for more than 149 seconds.
[  290.606084][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  290.616984][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  290.630227][   T31] task:syz-executor    state:D stack:25680 pid:5931  tgid:5931  ppid:1      flags:0x00004006
[  290.643162][   T31] Call Trace:
[  290.646492][   T31]  <TASK>
[  290.649448][   T31]  __schedule+0x1895/0x4b30
[  290.659408][   T31]  ? __pfx___schedule+0x10/0x10
[  290.665763][   T31]  ? __pfx_lock_release+0x10/0x10
[  290.671117][   T31]  ? __mutex_trylock_common+0x92/0x2e0
[  290.677067][   T31]  ? schedule+0x90/0x320
[  290.687414][   T31]  schedule+0x14b/0x320
[  290.692054][   T31]  schedule_preempt_disabled+0x13/0x30
[  290.697555][   T31]  __mutex_lock+0x6a7/0xd70
[  290.709429][   T31]  ? __mutex_lock+0x52a/0xd70
[  290.714485][   T31]  ? register_nexthop_notifier+0x84/0x290
[  290.727541][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  290.733575][   T31]  ? __asan_memset+0x23/0x50
[  290.738299][   T31]  register_nexthop_notifier+0x84/0x290
[  290.750252][   T31]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  290.756505][   T31]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  290.770582][   T31]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  290.780451][   T31]  ? __asan_memset+0x23/0x50
[  290.790880][   T31]  ops_init+0x31e/0x590
[  290.795115][   T31]  ? lockdep_init_map_type+0xa1/0x910
[  290.806682][   T31]  setup_net+0x287/0x9e0
[  290.811949][   T31]  ? __pfx_down_read_killable+0x10/0x10
[  290.819261][   T31]  ? __pfx_setup_net+0x10/0x10
[  290.830926][   T31]  copy_net_ns+0x33f/0x570
[  290.836435][   T31]  create_new_namespaces+0x425/0x7b0
[  290.848270][   T31]  unshare_nsproxy_namespaces+0x124/0x180
[  290.861347][   T31]  ksys_unshare+0x619/0xc10
[  290.867133][   T31]  ? __pfx_ksys_unshare+0x10/0x10
[  290.881834][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  290.888505][   T31]  ? do_syscall_64+0x100/0x230
[  290.901210][   T31]  __x64_sys_unshare+0x38/0x40
[  290.906072][   T31]  do_syscall_64+0xf3/0x230
[  290.910623][   T31]  ? clear_bhb_loop+0x35/0x90
[  290.920760][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.927087][   T31] RIP: 0033:0x7f9e8e37f6f7
[  290.939375][   T31] RSP: 002b:00007f9e8e65ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  290.948179][   T31] RAX: ffffffffffffffda RBX: 00007f9e8e3f22ec RCX: 00007f9e8e37f6f7
[  290.960918][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  290.968960][   T31] RBP: 0000000000000000 R08: 00007f9e8f067d60 R09: 0000000000000000
[  290.982713][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c
[  290.997899][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  291.008666][   T31]  </TASK>
[  291.016321][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  291.028654][   T31] INFO: task syz-executor:5934 blocked for more than 149 seconds.
[  291.040287][   T31]       Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  291.051630][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  291.060352][   T31] task:syz-executor    state:D stack:26560 pid:5934  tgid:5934  ppid:1      flags:0x00004004
[  291.076758][   T31] Call Trace:
[  291.080181][   T31]  <TASK>
[  291.083937][   T31]  __schedule+0x1895/0x4b30
[  291.088516][   T31]  ? __pfx___schedule+0x10/0x10
[  291.099529][   T31]  ? __pfx_lock_release+0x10/0x10
[  291.107332][   T31]  ? __mutex_trylock_common+0x92/0x2e0
[  291.118398][   T31]  ? schedule+0x90/0x320
[  291.123000][   T31]  schedule+0x14b/0x320
[  291.127198][   T31]  schedule_preempt_disabled+0x13/0x30
[  291.138650][   T31]  __mutex_lock+0x6a7/0xd70
[  291.143555][   T31]  ? __mutex_lock+0x52a/0xd70
[  291.148306][   T31]  ? register_nexthop_notifier+0x84/0x290
[  291.160144][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  291.167068][   T31]  ? __asan_memset+0x23/0x50
[  291.177499][   T31]  register_nexthop_notifier+0x84/0x290
[  291.183659][   T31]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  291.189532][   T31]  ? __pfx_debug_check_no_locks_freed+0x10/0x10
[  291.201331][   T31]  ? __pfx_register_nexthop_notifier+0x10/0x10
[  291.207553][   T31]  ? __asan_memset+0x23/0x50
[  291.219437][   T31]  ops_init+0x31e/0x590
[  291.223939][   T31]  ? lockdep_init_map_type+0xa1/0x910
[  291.229368][   T31]  setup_net+0x287/0x9e0
[  291.239646][   T31]  ? __pfx_down_read_killable+0x10/0x10
[  291.245528][   T31]  ? __pfx_setup_net+0x10/0x10
[  291.250367][   T31]  copy_net_ns+0x33f/0x570
[  291.260925][   T31]  create_new_namespaces+0x425/0x7b0
[  291.266374][   T31]  unshare_nsproxy_namespaces+0x124/0x180
[  291.277474][   T31]  ksys_unshare+0x619/0xc10
[  291.283769][   T31]  ? __pfx_ksys_unshare+0x10/0x10
[  291.289128][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  291.301217][   T31]  ? do_syscall_64+0x100/0x230
[  291.306223][   T31]  __x64_sys_unshare+0x38/0x40
[  291.317258][   T31]  do_syscall_64+0xf3/0x230
[  291.322524][   T31]  ? clear_bhb_loop+0x35/0x90
[  291.327271][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.340513][   T31] RIP: 0033:0x7fa16ff7f6f7
[  291.345344][   T31] RSP: 002b:00007fa17025ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  291.359495][   T31] RAX: ffffffffffffffda RBX: 00007fa16fff22ec RCX: 00007fa16ff7f6f7
[  291.367831][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  291.380900][   T31] RBP: 0000000000000000 R08: 00007fa170c67d60 R09: 0000000000000000
[  291.388936][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c
[  291.404720][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  291.416760][   T31]  </TASK>
[  291.419823][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  291.431844][   T31] 
[  291.431844][   T31] Showing all locks held in the system:
[  291.439605][   T31] 3 locks held by kworker/1:0/25:
[  291.451388][   T31]  #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  291.469719][   T31]  #1: ffffc900001f7d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  291.481002][   T31]  #2: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: crda_timeout_work+0x15/0x50
[  291.490327][   T31] 1 lock held by khungtaskd/31:
[  291.504417][   T31]  #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  291.517217][   T31] 3 locks held by kworker/1:1/51:
[  291.526934][   T31]  #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  291.543916][   T31]  #1: ffffc90000bb7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  291.561529][   T31]  #2: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0
[  291.576793][   T31] 3 locks held by kworker/u8:3/52:
[  291.582314][   T31]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  291.600189][   T31]  #1: ffffc90000bd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  291.617228][   T31]  #2: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  291.627859][   T31] 1 lock held by hwrng/756:
[  291.638420][   T31]  #0: ffffffff8f18bcc8 (reading_mutex){+.+.}-{3:3}, at: hwrng_fillfn+0xf0/0x3c0
[  291.647982][   T31] 3 locks held by kworker/u8:6/1096:
[  291.660982][   T31]  #0: ffff88814bb11148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  291.683638][   T31]  #1: ffffc90003a67d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  291.702929][   T31]  #2: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30
[  291.716478][   T31] 7 locks held by kworker/u8:8/4016:
[  291.724423][   T31]  #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  291.741999][   T31]  #1: ffffc9000b9b7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  291.758195][   T31]  #2: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  291.769326][   T31]  #3: ffff88805e3160e8 (&dev->mutex){....}-{3:3}, at: devlink_pernet_pre_exit+0x13b/0x440
[  291.785619][   T31]  #4: ffff88805e317250 (&devlink->lock_key#2){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x14d/0x440
[  291.800054][   T31]  #5: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0
[  291.813898][   T31]  #6: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0
[  291.830172][   T31] 2 locks held by getty/4985:
[  291.838599][   T31]  #0: ffff88814bd0c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  291.852807][   T31]  #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00
[  291.866834][   T31] 5 locks held by kworker/0:4/5277:
[  291.874888][   T31] 1 lock held by syz-executor/5384:
[  291.880132][   T31]  #0: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  291.900077][   T31] 1 lock held by syz.1.128/5877:
[  291.909576][   T31]  #0: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  291.924434][   T31] 1 lock held by syz.3.129/5880:
[  291.929410][   T31]  #0: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  291.940367][   T31] 1 lock held by syz.0.139/5917:
[  291.952528][   T31] 2 locks held by syz-executor/5924:
[  291.957887][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  291.972817][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  291.986526][   T31] 2 locks held by syz-executor/5928:
[  291.994302][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.008774][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.026378][   T31] 2 locks held by syz-executor/5930:
[  292.033379][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.048690][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.061016][   T31] 2 locks held by syz-executor/5931:
[  292.066983][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.085025][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.100276][   T31] 2 locks held by syz-executor/5934:
[  292.109413][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.123119][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.139087][   T31] 2 locks held by syz-executor/5943:
[  292.147052][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.161175][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.182132][   T31] 2 locks held by syz-executor/5945:
[  292.187577][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.203782][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.216803][   T31] 2 locks held by syz-executor/5947:
[  292.225962][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.239708][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.257899][   T31] 2 locks held by syz-executor/5949:
[  292.263707][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.280127][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.292342][   T31] 2 locks held by syz-executor/5953:
[  292.297887][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.315357][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.327529][   T31] 2 locks held by syz-executor/5964:
[  292.338310][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.350668][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.371611][   T31] 2 locks held by syz-executor/5966:
[  292.377269][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.395285][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.407360][   T31] 2 locks held by syz-executor/5972:
[  292.420965][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.438876][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.449446][   T31] 2 locks held by syz-executor/5973:
[  292.461105][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.470620][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.488785][   T31] 2 locks held by syz-executor/5978:
[  292.494489][   T31]  #0: ffffffff8fcbf1d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  292.510454][   T31]  #1: ffffffff8fccbcc8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  292.527843][   T31] 
[  292.530234][   T31] =============================================
[  292.530234][   T31] 
[  292.547851][   T31] NMI backtrace for cpu 1
[  292.552256][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  292.562536][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  292.572888][   T31] Call Trace:
[  292.576198][   T31]  <TASK>
[  292.579179][   T31]  dump_stack_lvl+0x241/0x360
[  292.584323][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  292.590190][   T31]  ? __pfx__printk+0x10/0x10
[  292.594860][   T31]  nmi_cpu_backtrace+0x49c/0x4d0
[  292.599956][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  292.605473][   T31]  ? _printk+0xd5/0x120
[  292.609666][   T31]  ? __pfx__printk+0x10/0x10
[  292.614294][   T31]  ? __wake_up_klogd+0xcc/0x110
[  292.620183][   T31]  ? __pfx__printk+0x10/0x10
[  292.625011][   T31]  ? __rcu_read_unlock+0xa1/0x110
[  292.630097][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  292.636130][   T31]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  292.642169][   T31]  watchdog+0xff4/0x1040
[  292.646468][   T31]  ? watchdog+0x1ea/0x1040
[  292.651040][   T31]  ? __pfx_watchdog+0x10/0x10
[  292.655853][   T31]  kthread+0x2f0/0x390
[  292.660437][   T31]  ? __pfx_watchdog+0x10/0x10
[  292.665282][   T31]  ? __pfx_kthread+0x10/0x10
[  292.670291][   T31]  ret_from_fork+0x4b/0x80
[  292.675390][   T31]  ? __pfx_kthread+0x10/0x10
[  292.680034][   T31]  ret_from_fork_asm+0x1a/0x30
[  292.684884][   T31]  </TASK>
[  292.688412][   T31] Sending NMI from CPU 1 to CPUs 0:
[  292.693973][    C0] NMI backtrace for cpu 0
[  292.693988][    C0] CPU: 0 UID: 0 PID: 5277 Comm: kworker/0:4 Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  292.694009][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  292.694021][    C0] Workqueue: events nsim_dev_trap_report_work
[  292.694052][    C0] RIP: 0010:unwind_next_frame+0x1843/0x22d0
[  292.694083][    C0] Code: 48 89 df e8 5f 2f bd 00 4d 39 fe 0f 87 b2 00 00 00 48 8b 03 4c 39 f8 0f 86 a6 00 00 00 49 8d 4f 08 4c 39 f1 0f 86 99 00 00 00 <48> 39 c1 0f 87 90 00 00 00 4c 3b bc 24 90 00 00 00 0f 87 82 00 00
[  292.694098][    C0] RSP: 0018:ffffc90000006530 EFLAGS: 00000202
[  292.694113][    C0] RAX: ffffc90004128000 RBX: ffffc90000006610 RCX: ffffc90004127bc8
[  292.694127][    C0] RDX: dffffc0000000000 RSI: ffffc90004120000 RDI: ffffc90000006608
[  292.694141][    C0] RBP: ffffc90000006600 R08: ffffc90004127bb0 R09: 0000000000000000
[  292.694154][    C0] R10: ffffc90000006650 R11: fffff52000000ccc R12: dffffc0000000000
[  292.694167][    C0] R13: ffffc90000006600 R14: ffffc90004120000 R15: ffffc90004127bc0
[  292.694181][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  292.694196][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  292.694209][    C0] CR2: 0000000020034000 CR3: 0000000056e38000 CR4: 00000000003506f0
[  292.694231][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  292.694242][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  292.694253][    C0] Call Trace:
[  292.694259][    C0]  <NMI>
[  292.694267][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  292.694296][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  292.694324][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  292.694350][    C0]  ? nmi_handle+0x2a/0x5a0
[  292.694375][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  292.694398][    C0]  ? nmi_handle+0x14f/0x5a0
[  292.694415][    C0]  ? nmi_handle+0x2a/0x5a0
[  292.694433][    C0]  ? unwind_next_frame+0x1843/0x22d0
[  292.694460][    C0]  ? default_do_nmi+0x63/0x160
[  292.694478][    C0]  ? exc_nmi+0x123/0x1f0
[  292.694495][    C0]  ? end_repeat_nmi+0xf/0x53
[  292.694523][    C0]  ? unwind_next_frame+0x1843/0x22d0
[  292.694550][    C0]  ? unwind_next_frame+0x1843/0x22d0
[  292.694578][    C0]  ? unwind_next_frame+0x1843/0x22d0
[  292.694605][    C0]  </NMI>
[  292.694610][    C0]  <IRQ>
[  292.694621][    C0]  ? nsim_dev_trap_report_work+0x75d/0xaa0
[  292.694648][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  292.694670][    C0]  arch_stack_walk+0x11c/0x150
[  292.694690][    C0]  ? process_scheduled_works+0xa63/0x1850
[  292.694717][    C0]  stack_trace_save+0x118/0x1d0
[  292.694736][    C0]  ? __asan_memset+0x23/0x50
[  292.694762][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  292.694785][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  292.694813][    C0]  kasan_save_track+0x3f/0x80
[  292.694829][    C0]  ? kasan_save_track+0x3f/0x80
[  292.694844][    C0]  ? __kasan_kmalloc+0x98/0xb0
[  292.694860][    C0]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  292.694883][    C0]  ? ref_tracker_alloc+0x14b/0x490
[  292.694899][    C0]  ? dst_init+0xee/0x490
[  292.694921][    C0]  ? dst_alloc+0x14f/0x190
[  292.694941][    C0]  ? ip_route_output_key_hash_rcu+0x13cc/0x2390
[  292.694963][    C0]  ? ip_route_output_key_hash+0x193/0x2b0
[  292.694983][    C0]  ? ip_route_output_flow+0x29/0x140
[  292.695000][    C0]  ? ip_route_me_harder+0x80d/0x1300
[  292.695017][    C0]  ? synproxy_send_tcp+0x356/0x6c0
[  292.695035][    C0]  ? synproxy_send_client_synack+0x8b8/0xf30
[  292.695054][    C0]  ? nft_synproxy_eval_v4+0x3ca/0x610
[  292.695075][    C0]  ? nft_synproxy_do_eval+0x362/0xa60
[  292.695095][    C0]  ? nft_do_chain+0x4ad/0x1da0
[  292.695115][    C0]  ? nft_do_chain_inet+0x418/0x6b0
[  292.695135][    C0]  ? nf_hook_slow+0xc3/0x220
[  292.695152][    C0]  ? NF_HOOK+0x29e/0x450
[  292.695176][    C0]  ? NF_HOOK+0x3a4/0x450
[  292.695199][    C0]  ? __netif_receive_skb+0x2bf/0x650
[  292.695215][    C0]  ? process_backlog+0x662/0x15b0
[  292.695239][    C0]  ? __napi_poll+0xcb/0x490
[  292.695254][    C0]  ? net_rx_action+0x89b/0x1240
[  292.695272][    C0]  ? handle_softirqs+0x2c5/0x980
[  292.695294][    C0]  ? do_softirq+0x11b/0x1e0
[  292.695314][    C0]  ? __local_bh_enable_ip+0x1bb/0x200
[  292.695336][    C0]  ? nsim_dev_trap_report_work+0x75d/0xaa0
[  292.695376][    C0]  __kasan_kmalloc+0x98/0xb0
[  292.695393][    C0]  ? ref_tracker_alloc+0x14b/0x490
[  292.695410][    C0]  __kmalloc_cache_noprof+0x19c/0x2c0
[  292.695436][    C0]  ref_tracker_alloc+0x14b/0x490
[  292.695454][    C0]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  292.695482][    C0]  dst_init+0xee/0x490
[  292.695503][    C0]  ? kmem_cache_alloc_noprof+0x185/0x2a0
[  292.695527][    C0]  dst_alloc+0x14f/0x190
[  292.695551][    C0]  ip_route_output_key_hash_rcu+0x13cc/0x2390
[  292.695579][    C0]  ip_route_output_key_hash+0x193/0x2b0
[  292.695601][    C0]  ? ip_route_output_key_hash+0xdf/0x2b0
[  292.695621][    C0]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  292.695644][    C0]  ? __pfx_lock_release+0x10/0x10
[  292.695668][    C0]  ? kthread+0x2f0/0x390
[  292.695689][    C0]  ip_route_output_flow+0x29/0x140
[  292.695708][    C0]  ip_route_me_harder+0x80d/0x1300
[  292.695731][    C0]  ? __pfx_ip_route_me_harder+0x10/0x10
[  292.695750][    C0]  ? trace_kmalloc+0x1f/0xd0
[  292.695771][    C0]  ? __kmalloc_node_track_caller_noprof+0x242/0x440
[  292.695805][    C0]  synproxy_send_tcp+0x356/0x6c0
[  292.695827][    C0]  synproxy_send_client_synack+0x8b8/0xf30
[  292.695853][    C0]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  292.695875][    C0]  ? synproxy_pernet+0x45/0x270
[  292.695897][    C0]  nft_synproxy_eval_v4+0x3ca/0x610
[  292.695921][    C0]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  292.695941][    C0]  ? validate_chain+0x11e/0x5920
[  292.695960][    C0]  ? nf_ip_checksum+0x13a/0x500
[  292.695984][    C0]  nft_synproxy_do_eval+0x362/0xa60
[  292.696008][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  292.696028][    C0]  ? validate_chain+0x11e/0x5920
[  292.696049][    C0]  ? __pfx_validate_chain+0x10/0x10
[  292.696072][    C0]  nft_do_chain+0x4ad/0x1da0
[  292.696100][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  292.696121][    C0]  ? __local_bh_enable_ip+0x168/0x200
[  292.696156][    C0]  ? __pfx_nf_nat_inet_fn+0x10/0x10
[  292.696183][    C0]  nft_do_chain_inet+0x418/0x6b0
[  292.696205][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  292.696230][    C0]  ? ipt_do_table+0x312/0x1860
[  292.696258][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  292.696278][    C0]  nf_hook_slow+0xc3/0x220
[  292.696297][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  292.696323][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  292.696349][    C0]  NF_HOOK+0x29e/0x450
[  292.696375][    C0]  ? NF_HOOK+0x9a/0x450
[  292.696399][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  292.696425][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  292.696454][    C0]  ? ip_rcv_finish+0x406/0x560
[  292.696482][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  292.696508][    C0]  NF_HOOK+0x3a4/0x450
[  292.696532][    C0]  ? __lock_acquire+0x1384/0x2050
[  292.696558][    C0]  ? NF_HOOK+0x9a/0x450
[  292.696583][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  292.696607][    C0]  ? ip_rcv_core+0x801/0xd10
[  292.696633][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  292.696663][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  292.696688][    C0]  __netif_receive_skb+0x2bf/0x650
[  292.696707][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  292.696732][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[  292.696748][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  292.696774][    C0]  ? __pfx_lock_release+0x10/0x10
[  292.696800][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[  292.696826][    C0]  process_backlog+0x662/0x15b0
[  292.696847][    C0]  ? process_backlog+0x33b/0x15b0
[  292.696869][    C0]  ? __pfx_process_backlog+0x10/0x10
[  292.696887][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  292.696914][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  292.696941][    C0]  __napi_poll+0xcb/0x490
[  292.696959][    C0]  net_rx_action+0x89b/0x1240
[  292.696988][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  292.697006][    C0]  ? __pfx_tmigr_handle_remote+0x10/0x10
[  292.697047][    C0]  handle_softirqs+0x2c5/0x980
[  292.697072][    C0]  ? do_softirq+0x11b/0x1e0
[  292.697095][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  292.697122][    C0]  do_softirq+0x11b/0x1e0
[  292.697143][    C0]  </IRQ>
[  292.697149][    C0]  <TASK>
[  292.697155][    C0]  ? __pfx_do_softirq+0x10/0x10
[  292.697177][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[  292.697205][    C0]  ? rcu_is_watching+0x15/0xb0
[  292.697229][    C0]  __local_bh_enable_ip+0x1bb/0x200
[  292.697252][    C0]  ? nsim_dev_trap_report_work+0x75d/0xaa0
[  292.697277][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  292.697300][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  292.697323][    C0]  ? nsim_dev_trap_report_work+0x6a7/0xaa0
[  292.697350][    C0]  nsim_dev_trap_report_work+0x75d/0xaa0
[  292.697382][    C0]  ? process_scheduled_works+0x976/0x1850
[  292.697406][    C0]  process_scheduled_works+0xa63/0x1850
[  292.697442][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  292.697470][    C0]  ? assign_work+0x364/0x3d0
[  292.697495][    C0]  worker_thread+0x870/0xd30
[  292.697526][    C0]  ? __kthread_parkme+0x169/0x1d0
[  292.697552][    C0]  ? __pfx_worker_thread+0x10/0x10
[  292.697576][    C0]  kthread+0x2f0/0x390
[  292.697592][    C0]  ? __pfx_worker_thread+0x10/0x10
[  292.697615][    C0]  ? __pfx_kthread+0x10/0x10
[  292.697631][    C0]  ret_from_fork+0x4b/0x80
[  292.697655][    C0]  ? __pfx_kthread+0x10/0x10
[  292.697671][    C0]  ret_from_fork_asm+0x1a/0x30
[  292.697703][    C0]  </TASK>
[  293.690631][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  293.697624][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08833-gde5cb0dcb74c #0
[  293.707813][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  293.717905][   T31] Call Trace:
[  293.721220][   T31]  <TASK>
[  293.724184][   T31]  dump_stack_lvl+0x241/0x360
[  293.728904][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.734140][   T31]  ? __pfx__printk+0x10/0x10
[  293.738772][   T31]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  293.744866][   T31]  ? vscnprintf+0x5d/0x90
[  293.749260][   T31]  panic+0x349/0x880
[  293.753202][   T31]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  293.759401][   T31]  ? __pfx_panic+0x10/0x10
[  293.763853][   T31]  ? tick_nohz_tick_stopped+0x82/0xb0
[  293.769284][   T31]  ? __irq_work_queue_local+0x137/0x410
[  293.774877][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[  293.780280][   T31]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  293.786564][   T31]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  293.792761][   T31]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  293.798958][   T31]  watchdog+0x1033/0x1040
[  293.803341][   T31]  ? watchdog+0x1ea/0x1040
[  293.807798][   T31]  ? __pfx_watchdog+0x10/0x10
[  293.812517][   T31]  kthread+0x2f0/0x390
[  293.816664][   T31]  ? __pfx_watchdog+0x10/0x10
[  293.821389][   T31]  ? __pfx_kthread+0x10/0x10
[  293.826015][   T31]  ret_from_fork+0x4b/0x80
[  293.830473][   T31]  ? __pfx_kthread+0x10/0x10
[  293.835094][   T31]  ret_from_fork_asm+0x1a/0x30
[  293.839910][   T31]  </TASK>
[  293.843320][   T31] Kernel Offset: disabled
[  293.847651][   T31] Rebooting in 86400 seconds..