last executing test programs:

8m55.479986093s ago: executing program 1 (id=270):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000280), 0xffffffffffffffff)
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x9, 0x48524742, 0x0, 0x1, 0x0, @discrete={0x205}})

8m54.519899218s ago: executing program 1 (id=276):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x2b)

8m54.448831529s ago: executing program 1 (id=277):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x88, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x44, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xe41f}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd0}}, 0x20050800)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07006706000020000000170200000ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56b8c2b84a800ea6553f304000000815dcf00c3eebc52267b042d19"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

8m54.448372863s ago: executing program 1 (id=278):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000040)=0x1, 0x4)
r1 = openat$dlm_monitor(0xffffff9c, &(0x7f0000000080), 0x15b301, 0x0)
setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f00000000c0)=0x1, 0x4)
ioctl$TIOCGICOUNT(r1, 0x545d, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
recvmmsg(r0, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000003f80)=""/178, 0xb2}], 0x1}, 0x117}], 0x1, 0x2, 0x0)

8m54.360070946s ago: executing program 1 (id=279):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r0, &(0x7f0000000300), 0x8) (async, rerun: 64)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (rerun: 64)
connect$bt_sco(r1, &(0x7f0000000140), 0x8) (async, rerun: 64)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 64)
getrlimit(0xf, &(0x7f0000000280)) (async, rerun: 64)
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f00000002c0)=0x8000)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f00000001c0)={0x1, 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x40010, r0, 0x0) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async, rerun: 32)
r5 = socket$kcm(0xa, 0x5, 0x0) (rerun: 32)
setsockopt$sock_attach_bpf(r5, 0x29, 0x6, &(0x7f0000000040), 0x4)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) (async, rerun: 32)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) (async, rerun: 32)
recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x12003, 0x0)
socket$netlink(0x10, 0x3, 0x0)
madvise(&(0x7f0000907000/0x1000)=nil, 0x1000, 0xb)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000180)=@o_path={0x0, 0x0, 0x4010, r4}, 0x14) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @local}}, 0x0, 0x0, 0x39, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f39e97f61fd27a06d6a38a7"}, 0xd8)
sendto$inet6(r6, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
setfsuid(0xee01) (async, rerun: 32)
write$cgroup_int(r7, &(0x7f0000000040)=0x1c9, 0x12) (rerun: 32)

8m53.309637417s ago: executing program 1 (id=281):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102381, 0xfffffffffffffdb4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, 0x0)
r1 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0)
keyctl$reject(0x13, r1, 0x80b4, 0x5, r1)
chdir(&(0x7f0000000280)='./file0\x00')
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
io_uring_setup(0x22a1, &(0x7f0000000180)={0x0, 0x2d99, 0x0, 0x20000002, 0x118, 0x0, r2})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0xe)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x60, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x90}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3400000011002d08000000000020000000000000", @ANYRES32=0x0, @ANYBLOB="1453616d00030000000000000000000c00000000000000"], 0x34}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r7, 0x0, 0x0, 0x2202, 0x0)
sendmsg$netlink(r7, 0x0, 0x2000080)
unshare(0x62040200)
socket$inet(0xa, 0x801, 0x84)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000100)={0x3, 0x0, &(0x7f00000000c0)=""/18, &(0x7f00000002c0)=""/83, 0x0, 0x100000})
mkdir(&(0x7f0000000000)='./file3\x00', 0x3)

8m52.689230492s ago: executing program 0 (id=283):
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$inet6(0xa, 0x80003, 0x3)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000001a00)={0xa, 0x4e24, 0xf, @private1, 0x4}, 0x1c)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000680), 0x1050c0, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x1a1240)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x1353, &(0x7f0000000440)={0x0, 0x3e90, 0x3e000, 0x1, 0x321}, &(0x7f00000001c0), &(0x7f00000004c0))
sendmsg$IPSET_CMD_TYPE(r2, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000880)=ANY=[@ANYBLOB="300000000d0605020000000000000000070000030500010007000000120003006269746d61703a69702c6d6163000000"], 0x30}, 0x1, 0x0, 0x0, 0x7}, 0x10040000)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000000)="4cf80ddf5d987af37ce3aad617815bcd896d9e577a5b87838c69a2a4d9855e63364b3bc7e3ac31486d909794497d958c2cdb365934537a49cc6cf7191f9dd4409b6b83341b2816a80440b3b105a14b3f5039ea15246ccf3be916ae1bf029eec16a18b564603d4b0dc58bc8bd3d5ee23834b830a2878eaccf6ee33247ab629f45c1e2c96a6f9519b6eb5f6c9f8fea27367fd66bbf674bd724ed5ce6be6c68fd0084b2e719a7ff", 0xa6}, {&(0x7f0000000200)="04baacd42cbc70aa171905eef69109af0963f75ff32598f1dc7f5be2df63ba0a7ded950662313fb4f51c5466f44a10d40711e5b9b47d31772a87787c36331920d5eccb238544e57e35fa3c0a8ef7e4fd2623c66eede8363ff69ef58884749f3851e19c233c42bb88fae9f351117f8fd913ac896a54bdba691f9ba5fd4f74a865259337454ee3eebed3763ad7d736444776124054a57c89b853c5ac74a46c6d45700f65d01354d900328bb1378ae70e32da8698a7d9d5609aff279b3db3b1a95fc661f7dbb7e006de52fcfe261dbcc5e3ddd914625f8cdc462d97f4150f545836e8", 0xe1}, {&(0x7f0000000100)="7e3b7d20736f3390931970ab81adc0728c06411f6eed43bf5b493739cecc1f4fea37344c7e09f2f5578de02dd77dfc9e1fee84b1f9d2a1b6e1f7803b0bcd2f1c0afbde1e16cd77bf8af086da87bcee051d2d41a232a327584394eabd6fbcc5b2a79f1ace2b50eea2262db11f0e561b4f81fd08f695327f78498784c0550032bc03e6917ac85b880cd98048455684e6aa4d15c364c7cc61012e8233d0d9ed57e434", 0xa1}, {&(0x7f0000000300)="695b397dd52fba", 0x7}, {&(0x7f0000000340)="4ac62f683d4af567cc11efe018c060476e17345cd909a3c5f271d6fb9e589c3da8a2afbaa0d20e12e949b27d63f1dcb19e1903a75fcd3956a2f6c4363e12026a3a7c3a1b1652191ae0ab576629567b722291f7ecb9b77d86cb488f5820c42e0205ee76bed6e8a4a78a5ca63b1d935f33b261bdcc567a0a8312af8f97324ee7eabc", 0x81}], 0x5)

8m52.631079256s ago: executing program 0 (id=284):
r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0x0, @none}, &(0x7f0000000180)=0xe, 0x800)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f00000001c0), &(0x7f0000000240)=0x60)
getpid()
io_uring_setup(0x716f, &(0x7f0000000280)={0x0, 0x2a57, 0x4684, 0x3, 0x1d})
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000f40))
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000008000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000014010000033800001d13f8ff000000007a0af0ff0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0xffffffff, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r4}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xfff3}, {}, {0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_SRC={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, @TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @multicast2}]}}, @TCA_RATE={0x6, 0x5, {0x5}}]}, 0x58}}, 0x20000000)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r7, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r2, 0xe0, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000001140)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000001180)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000011c0), <r8=>0x0, 0x99, &(0x7f0000001200)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000001280), 0x0, 0x0, 0x28, 0x8, 0x8, &(0x7f0000001300)}}, 0x10)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000014c0)=@o_path={&(0x7f0000001480)='./file0\x00'}, 0x18)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001580)={{}, &(0x7f0000001500), &(0x7f0000001540)='%pI4   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000015c0)={0x1}, 0x4)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000001640)=@o_path={&(0x7f0000001600)='./file0\x00', 0x0, 0x4008, r3}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x18, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112200000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = dup2(r1, r1)
openat$btrfs_control(0xffffff9c, &(0x7f0000000000), 0x311800, 0x0)
read$FUSE(r9, 0x0, 0x0)
read$FUSE(r9, &(0x7f0000000f80)={0x2020}, 0x2020)
ioctl$VHOST_VSOCK_SET_RUNNING(r9, 0x4004af61, &(0x7f0000000040)=0x1)

8m52.469581426s ago: executing program 0 (id=285):
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', 0x0})
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x80, 0x80, 0xb, [@enum={0x4, 0x7, 0x0, 0x6, 0x4, [{0xd, 0x1000}, {0xe, 0x1}, {0x1, 0xdcde}, {0x5, 0x8}, {0x1, 0x7}, {0x4, 0x1}, {0x0, 0xc}]}, @restrict={0x2, 0x0, 0x0, 0xb, 0x4}, @union={0x6, 0x1, 0x0, 0x5, 0x0, 0x6, [{0xa, 0x1, 0x80000001}]}, @struct={0x7, 0x1, 0x0, 0x4, 0x0, 0x2, [{0x0, 0x2, 0x30}]}]}, {0x0, [0x5f, 0x0, 0x5f, 0x30, 0x2e, 0x2e, 0x5f, 0x30, 0x5f]}}, &(0x7f0000000580)=""/188, 0xa3, 0xbc, 0x1, 0xcfd0, 0x0, @void, @value}, 0x28)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, &(0x7f0000000140)={0x0, 0x9, [0x13c, 0x6, 0x8, 0x5, 0x6]})
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r1}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0xd, &(0x7f0000000440)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}], &(0x7f0000000040)='syzkaller\x00', 0x3, 0xe4, &(0x7f00000002c0)=""/228, 0x41000, 0x24, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000043000900fffffffffddbdf25010000000c0003804e2d4e"], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x44850)

8m52.46926671s ago: executing program 0 (id=286):
mkdir(&(0x7f0000000040)='./file0\x00', 0x1c0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000080)={0x5, 0xffffff1c, {}, {<r1=>0xee01}, 0x4, 0x8})
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)

8m51.559217589s ago: executing program 0 (id=290):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2a, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x8000004, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
sched_setscheduler(r0, 0x0, &(0x7f0000000280)=0x8)
syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5c, 0x80, 0x0, 0x89}, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
process_vm_writev(r0, &(0x7f00000005c0)=[{&(0x7f00000004c0)=""/226, 0xe2}], 0x1, &(0x7f0000000a80)=[{&(0x7f0000000600)=""/201, 0xc9}, {&(0x7f0000000700)=""/110, 0x6e}, {&(0x7f0000000780)=""/130, 0x82}, {&(0x7f0000000840)=""/247, 0xf7}, {&(0x7f0000000940)=""/84, 0x54}, {&(0x7f00000009c0)=""/185, 0xb9}], 0x6, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
r4 = socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000400)=@assoc_value, &(0x7f0000000440)=0x8)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16], 0x448}}, 0x0)

8m49.400037484s ago: executing program 0 (id=292):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
write(r0, &(0x7f0000000000)="fa", 0xfffffdef)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x20, 0x17, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24044042}, 0x20000088)

8m48.704369081s ago: executing program 32 (id=292):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
write(r0, &(0x7f0000000000)="fa", 0xfffffdef)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$unix(0x1, 0x1, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x20, 0x17, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24044042}, 0x20000088)

8m38.268992936s ago: executing program 33 (id=281):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000380)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102381, 0xfffffffffffffdb4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, 0x0)
r1 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0)
keyctl$reject(0x13, r1, 0x80b4, 0x5, r1)
chdir(&(0x7f0000000280)='./file0\x00')
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
io_uring_setup(0x22a1, &(0x7f0000000180)={0x0, 0x2d99, 0x0, 0x20000002, 0x118, 0x0, r2})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0xe)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x60, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x90}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3400000011002d08000000000020000000000000", @ANYRES32=0x0, @ANYBLOB="1453616d00030000000000000000000c00000000000000"], 0x34}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r7, 0x0, 0x0, 0x2202, 0x0)
sendmsg$netlink(r7, 0x0, 0x2000080)
unshare(0x62040200)
socket$inet(0xa, 0x801, 0x84)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000100)={0x3, 0x0, &(0x7f00000000c0)=""/18, &(0x7f00000002c0)=""/83, 0x0, 0x100000})
mkdir(&(0x7f0000000000)='./file3\x00', 0x3)

8m32.356977895s ago: executing program 4 (id=318):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000280), 0xffffffffffffffff)
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20002, 0x600a8}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x69}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0xc5c}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x8}]}}}]}, 0x60}}, 0x24008040)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x9, 0x48524742, 0x0, 0x1, 0x0, @discrete={0x205}})

8m29.469891801s ago: executing program 4 (id=325):
r0 = socket(0x1e, 0x4, 0x0)
ppoll(&(0x7f0000000240)=[{r0, 0x8}], 0x1, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000040)="3d0eef4e271701000100892d65ee140631145c0dea35cf74cf8c8584", 0x1c}], 0x1f}}], 0x1, 0x2000c000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x1c}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0xc, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)

8m28.995139797s ago: executing program 4 (id=326):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r1, 0x0, 0x0)
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
pwritev2(r0, &(0x7f0000000140)=[{&(0x7f0000000380)}], 0x1, 0x9, 0x7ff, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
userfaultfd(0x80001)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
syz_io_uring_setup(0x117, &(0x7f0000000300), 0x0, &(0x7f0000000200)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r5}, 0x10)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
close(r7)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=ANY=[@ANYBLOB="180000000000181100"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r9, 0x0, 0x0}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
close(r11)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r10, 0x0, 0x0}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r11, r10, 0x4, r10}, 0x10)

8m25.624385287s ago: executing program 4 (id=331):
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ftruncate(r0, 0x82081fc)
r1 = open(&(0x7f0000000780)='./bus\x00', 0x14d0be, 0x48)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) (fail_nth: 8)

8m25.008709342s ago: executing program 4 (id=334):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000001c0)={'veth1_macvtap\x00', &(0x7f0000000040)=@ethtool_perm_addr={0x4b}})
r0 = openat2$dir(0xffffff9c, &(0x7f0000000240)='./file1\x00', &(0x7f0000000280)={0x4000, 0x40, 0x14}, 0x18)
mknodat$loop(r0, &(0x7f00000002c0)='./file0\x00', 0x8, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0x6)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
socket(0x1a, 0x6, 0x5)
socket$inet6(0xa, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x32, 0x0, @void}, 0xfffffffffffffe07)
syz_emit_ethernet(0x4a, &(0x7f0000000400)=ANY=[@ANYBLOB="a868aaaaaaaaaaaaaaaaaaaaaa0086dd6000a8721504fa97d436000000000000000000000000003bfe8000000000008000000000000000aa00003f7b412c6a9f0f3a1243b4f4bd641305e0d809bb6f8b8d7e04e32f89acc733d649002a1c1ecf5002de35f613b7d8a1a8a6f11c41a0ab473b5a042b01eca781a25799652d12a110b07c646eca7b51b8c70978b071ffd7c58fec4cd8ab326e409f42675b7475dc8eefdd7ae5f6235611baa2a66c8e3a576aa49992edb26344c7ae8c56fab97282bcd3263eb51c", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090781000"], 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r7, &(0x7f0000012bc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x18, 0x1404, 0x1, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000800}, 0x30048000)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, 0x0, 0x0)
connect$inet6(r8, &(0x7f0000000340)={0x2, 0x4e21, 0x0, @private2}, 0x1c)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r9 = socket$netlink(0x10, 0x3, 0xa)
writev(r9, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71006000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
connect$inet6(r8, &(0x7f00000001c0)={0xa, 0x4e20, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x7}, 0x1c)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r10, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c020000", @ANYRES64=r5, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980282100f8060001000a00000014000200fe800000000000e9f865e300000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x24040010}, 0x0)

8m24.769820966s ago: executing program 4 (id=336):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x3c9321)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = openat$hpet(0xffffff9c, &(0x7f00000001c0), 0x501502, 0x0)
r4 = syz_io_uring_setup(0x38fa, &(0x7f0000000300)={0x0, 0x1fffff, 0x0, 0x0, 0x1a4, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @local, @val, {@ipv6={0x86dd, @generic={0x0, 0x6, "76cd8a", 0x18, 0x0, 0x0, @rand_addr=' \x01\x00', @dev, {[@hopopts={0x0, 0x2, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x47}}, @pad1, @padn={0x1, 0x1, [0x0]}]}]}}}}}, 0x0)
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r8 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x10c})
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
ioctl$UFFDIO_WAKE(r8, 0x8010aa02, &(0x7f00000000c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r9=>0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(r9, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r10, 0x0}])
close_range(r0, 0xffffffffffffffff, 0x0)

8m24.720449659s ago: executing program 34 (id=336):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x3c9321)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = openat$hpet(0xffffff9c, &(0x7f00000001c0), 0x501502, 0x0)
r4 = syz_io_uring_setup(0x38fa, &(0x7f0000000300)={0x0, 0x1fffff, 0x0, 0x0, 0x1a4, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @local, @val, {@ipv6={0x86dd, @generic={0x0, 0x6, "76cd8a", 0x18, 0x0, 0x0, @rand_addr=' \x01\x00', @dev, {[@hopopts={0x0, 0x2, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x47}}, @pad1, @padn={0x1, 0x1, [0x0]}]}]}}}}}, 0x0)
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
r7 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r8 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x10c})
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r7, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
ioctl$UFFDIO_WAKE(r8, 0x8010aa02, &(0x7f00000000c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000})
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r9=>0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
io_submit(r9, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r10, 0x0}])
close_range(r0, 0xffffffffffffffff, 0x0)

6m28.215596002s ago: executing program 6 (id=635):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
syz_genetlink_get_family_id$net_dm(&(0x7f0000000280), 0xffffffffffffffff)
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20002, 0x600a8}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x69}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0xc5c}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x8}]}}}]}, 0x60}}, 0x24008040)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x9, 0x48524742, 0x0, 0x1, 0x0, @discrete={0x205}})

6m26.661234911s ago: executing program 6 (id=638):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2a, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
sched_setscheduler(r0, 0x0, &(0x7f0000000280)=0x8)
syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5c, 0x80, 0x0, 0x89}, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
process_vm_writev(r0, &(0x7f00000005c0)=[{&(0x7f00000004c0)=""/226, 0xe2}], 0x1, &(0x7f0000000a80)=[{&(0x7f0000000600)=""/201, 0xc9}, {&(0x7f0000000700)=""/110, 0x6e}, {&(0x7f0000000780)=""/130, 0x82}, {&(0x7f0000000840)=""/247, 0xf7}, {&(0x7f0000000940)=""/84, 0x54}, {&(0x7f00000009c0)=""/185, 0xb9}], 0x6, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
socket$inet6_sctp(0xa, 0x0, 0x84)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r4], 0x448}}, 0x0)

6m25.556175549s ago: executing program 6 (id=641):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='veno\x00', 0x5)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040)=0x80000001, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback, 0xfffffffb}, 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)="4435c61bc9a1f1ed51c7b06188c682bd59fde0261c9bc2b1f66724ea0287fb6effd2c318abfa442135afa8ca2b68dacbb4a1aa65f9c177dc50967e99edcce6e8900d450fcd9980371cd431b9c1ad0766a9cb142c1ac79715905c856c9e549753967a92c7024ac039", 0xffffffffffffff1d, 0x850, 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/uevent_seqnum', 0x0, 0x10)
syz_fuse_handle_req(r1, &(0x7f000000acc0)="57fc702f307a2d12557b9025c7342d0e43b7a7501f9750a0d9aa642b1eff8e6208100d279c7e6f2c3680a4270d11d7c919d43df5506faee9cc69735827ada6201768c749a924f7d3a32abd3ada4322c5af0f3d13eea9f1daf6117f95e0a8199a987ce6048c7dfb268d1ec0b98c9cc2e739fbea041f2955c6e3b56883509fa2ffc2f331de1414b25156ee263991a482caf9ce77d011a92897104bc8d032c51dcfc6cfe67affdaf422a3099dbc2e64a7e4f1b9ad4eb071ce2881960d9f04af2b3487a4362efc5d58534d1ecdc244ee8bf87ee401c1e59388977b350a81d7f6b48fd9ddff2b9f973ee8f69013dbffeacd8e3bdef6b2cf10ecd5163dd3d290eb2427a97f224b8e23d2f8e7297cb690efbc5ef7d2ba6670bcaa24db3c2e4e100b579eab8114c3a4ea1ba10a862ef3e0ec444043a3dd15f14871da0d645af9439f1e30d672037d6e0fc8a829ff5cba70ea13c9f52e7e77e71aef1c35deaf46cb91a551b7fe873ca1b0a8debe5931b62de66bf63e553819574f699c055eb19030d9bd880284247862e22717c3bcb4c21401e7f7956234567906aca3f8c050015cd15db7ff89d2ce9a876e93182f8c3fb2d19c2dbf62e49dfd676b928caa32fa4ba525d15d446ebcdb69ae72cde0e83037a48e427789285158e13cf50094991ac82d822fd7540019258f027d388e5d94d6097c2c089ed35867cbc7cbfd9f317aff2a312484f9e981cb41366a476bde882a660dc8bfa9b518a5dd11d6ef951e4a410c4bcbf5f0d0b749fa0732223ca05e1831091d737ad53bca86671080e0e879da10f9e06c93fd58ca7668370e75d8f56b1ba0abd2c1903ac7fce91f115ebf11298a3a6ac5665eaef2142c4597c503777af8a0e9095f4ea6d3f150818923854fb6bb4874074b7dd598c77ba01caa86bea208a3d75c407a74e710ccf4813614db70bb22fe5f5cacdd7a70d950cdb5fb2b457e970cc73d9cc1788b6265a498c56ce7cc6c35a9a566701af88df8b14c63bf960d8c5ecd48488de5312f9227356438d0d9a45135a9683c660b3293e327ce2abe4af77cfe4e2412c34e2713c9005e9059f4d943fbee19d2325bed6ad49a5c5fdea70e23de31489af2996ab701540ae238559b946df6d7b275fe315ff4bd586339cd05c9b0f6b1b54ad29283682cbd7754cdc1e3fb73a575d2086e5da094bbe864a89f35bf6246cc68b74c7e74e24868e09043492af50c1f5e9af5d0498e145000e6e9323d80cdcf6b9c390881c5141482d2964c6b1d22f390ef935b07b716653cfafc8b17e4606f1d0aa1890476a4ca5ec039794a60bee884afb9f5f3def085c68484182dded393f8698d0f2e7dfbc6bcebd04f0b4f793e72206920bed64ef35353c3aa8be2bfbec08495935762dd939954958fe3f1c0ab700d49f34edbf87839b7d139b36affe24212af2b5434282afc1c02f606d11dbf9932e2404255401162f62198a5e08c173a9eee7a140695a70403796c674dee2403a10b3798e9854187c798121e95483093b2f331f48dd72090bcfcdc1eb110d7454c4fcb11c6c19481d1fac982cecb0d4199d36bfdd10ebb1296cd242fa9e4110e9e2293e9536a73cfee5902f2e00db2fd6f70e56668d9565c4cb2de220d3717ca72cf5b4422242d468cf00ac64158ed79f7ff143bf030f17636db691f143c2be58641b0ffdc6c10e5fe6b0b3bda9a86e56dcfcb54b3ef1a0f01ee4a7f8c8dc6a824af24d431f476bf5dd5d9ae5af54d30c2a2f344442504af9cc7caf508b757853c24b13edd21809c3d2cf2cf5d66a8bc3d01ca2a62b769345cb630965f487a531c627ce04f5f6ea99428ca34a392964afb9786d808c227dece2ccb3e0c51a610c8979fc778c62cb4916246b4b0dbd3553233336dfc21551b2c18cdbc87d1ae3bc646d758c3b8966b8739fa2b43c3d4256c6018cc70561a885b14f6b89ca0fe682f03a7065931ed6221b9ab557743d7ab795623e8f436a2c96a82c6f9c99283b02ecf65a2becb1224611662d5d3c281e95df63788019a79fb0770eb7d6bb62bf5e755a0a9f7d9959a166b9bcc65e1a5e23104b69247454da02847960147f9f820da3e19596904f000f8332bca4c5bf862e12c31eae946764955a940f7d04d863cc31eaaaa5baa62ffab27deaf5677d56127c52828e2a87f40d5b776528d46eb587632f5a81be77eedb874e40e6af340e4e02b91f9dc161c5979e33419ade104b6b41c565d27fb157ba178b7adfdca112aa55cef01a50c60814a214537745b4be09e26820e65755b0dec66cc38bc6914c1eaf19a0b81edb5b26e7e3fcb49025c0608aca36e0c81b810a9f4b9d644b3db9d56a918ae9c0135f1db8d21f8449b4679b7b0ee0c6e35be69617da15b41f92536a360c4f27ade5bcf203e3413e5ab07ce392807fd49951b4af5d1f2b94978f7c4c9535372b8b2eb2b673a9b44b077f04304c5ee0afcbb143bf92b39760ffaf66890c0a48132c0603cb2d755380163266a313c70530f168c02395f708150bec77e3cd8599adb4d2098da1447f3eb825c5ba3d7c40594f38d7dace1f251ed132c58274187a99735f77fdb02f3709c309b65930500c3ed53d57a2e53918e0ffa11c759a7609a822caab1426c6ec06555504d4f569acd2225a89dad3cf0a39e1d1889e26950e5c5ceaab7c31dfc2b8036bd302467d1e96bef9749db38b2e25edf4c579d8f85ab30345f873c7532c527ebc3a334f6719075c8b6c7532242d2d417f079acea1eeb2dc351ea812f39282def35eb7c7bb887ab1149e2081b6977d6bad1732e52f47854631d775eeb8a8f5a47e126c8715aada3a5150de5139012888822699a27ade2409f847fbec024030892aa2538f562634c45e4c25215ac29fa824d836069c572ed8811947225dddb377bb3afd4dd81517370e7360475e1add590648e605a6a0c4ae293b5c442e23a4ae6340697409bf0ad8736f0b307cd3fcc94927c91c4f0e909649c2a246f4a62dc9537d5e50351bb44e42b56d9211bc5373ab77713777f7d75a1657d54238f7eea89758ebbd7116bcd44bb632ca82c671fc01a9e5cb561ad008849102d0f525fc462960074f3ecaca745af0100f4223090391669ff24f8169cd54900e89959b72e20f88f9f2ff8836188d13d504d67f59242b020dc17873a7461c3b76147e6b27a32c0d920d1c001fa0d74c76b18c1ce4335e438d0e01ff6aed897f19b060bd4aece01d91a88341c17fe08e6fc5f1c65fd2ec84e85fce8dd42a7150400872892d4025186ac68670f0709d2066565de26542f3f7c03274f39035f9b4e709fb99124c5d469534e6467c75f1d8de1feb8f134414fc4c63cc2ceb00ec4e8c7093fcea3f2fec4b90217ffff9566d68a94f09a20a41474ad3e9e2d08657d056b2014074794965a4fd77d1370021e125f46747d9216e19dcf4380a9a1c4c397661f18c898ba25aea45d784e00d5037863bf9e615ad529efa7d48e6fd852f7f16e6fb48885e08765c09af11a3b4572f63dd93cf8d446a9daf8f014be520b40955a4d79e82c4f73d488ae01f22a0cab9ff0132a4491c68a5e68a57df0355a94b13c9ddee9ba07d9192e417195bf64a0eb13ddd9e0eb9f48aec3387461df69e98a1536874955331945c93e8394ee8c8a1d1f6afefe4ca57680d8a1e0bb73258031f2f0f4396e365607ed5dd4f2df196d816100b14119472f6e910130a4064cdedc4d0501c184df6787ba299f0e1494d017fe73323a50f0765f2d7f750587112ad9fb67702815d453e8512f90129df09b817b4cceea98ac23f6b4b9e4c7f504b8e3544280bf63c61d79de6b332e31d7b4779e335fe55c2a37b772944681b29dff28e7ae217af791ab0ef3f990d25404a9d0128a35ecc33c589add3f1866bca1c3c71acc5726814ad465b10a5ce1020e6e6c3d87b598a847eecf89e95b017b731cd8ae4373eea727c7fe5254522536e45b95a65fce6e23d070d93e26580e6a096588846d950700e42ee7ddbcbcd6eab0a63ad87d2b198c0554f65c5078f8f6b144eb65061d79310d7e975299a2dbc9e7eceb49b4be376e536e26e80d5383cb770a08886dd55f101a2049f7c51d48a30f32da3b696bffef4d2dec84a306e1b62999d19e2605073da27622c8948e7c0e5a18903eda8ec5575551570fa1699371393e0c2034def3b06d1676451820ac26139199e10d33b401b38be3b5a039e43cf5c07b80de0102d85beff0ba8a93461719738abcd749421e0b06594d91269938d10a14f127927d805997a8725a528869dbb3220d8e4aea3d63e7a4a832b3fda5c6a5d58b564f4d53cef5922c02375cd67fec80974da5cdc4d0176fd3e0c32b772dd6ca045ae7544faa3630732f419353dd00a261c165694da9be27d8f17a0ee22a45018852655869ffdadca45d43a304a15034ff8f4baf3fbc6be73dcf8ad7355e992989279d793e486c9d6859a213e76b621de6614dc1fe58c8e4826b26fdb18d9a4810c3b3c0320992f72a0738f56d4046b93c9d2552adb3224fc3a95001a18e8b0a803313fcfbad5d3eb4e39348addfbaa00dd276f73adfdba77876bd27f804efdf9fe3cfb893683b460d54ae4d790d0cbeefb31952f24ebb1c6f2f8f1a5741f26ef22dff5f1672f35888dda3c489d3538561bf122a29a3504b625622488c21be08648e4eaeb05adcc510dc60e4d45a3d4408eb3bab788a8668277383eafad6a7d32fb9c79c5f70df0a6963b3172f21fde9543947ab91a745136f8b96fe3516a51a6fb9e8e7b3220e703134d27d1d519683893deb0e9f58ce64c5005ebf172179ff78727ef2d607babd3b8ff5c1bc91f33f895796c149af21aac4c0680d1c4cf4e68b7b684da52d40a6a13e4211ae58c772c53cdc3fc686ffee48a3002ea6b22cabc05916565f2c4b75e965841ae88e7ad5be3f6a824f6ad4464c08675ebfb7e7420ee23287125b29d26c96bf61362bdf2b490be2bf05c154bfea1436657613deabe4f5ba56f4697083b1fdac9d756fd2304880f257b468c903f9f17115fdc8e073ba3fb2c297401a96648303495c1ebba01698424f613b3e916649c09cda95d6bd2209ed1307677a41f3bab99b046e6064aa78fbe6a865c92d9c8ffcebe93a35ee11e6b6c7052850b76ec214ffd9e838b2a9b9a3254a9bc6b6a2e4317843c22622d9d88a3edd95eafb66fd5d343e03a2104c1d3f43c2ee778e9effbb6dee935bf89a71ace56b80df95da0654bbeb1cef55a8f0e5b5f7635419971c4d243bf45a4fc52a95463fa062a34c8b4605cff7e62b3b0b085612cb138845733db97882b803fd5cb8a9cabc083d9fef1b4eca21d5cea45ca331e0db3fab3e939471eed073f0eefdcc14c898b87fc72209a4a6bdcc1a480a47670a17b9332c02fe4d2c007a52645c7dee0412a67ee78c3a1ef4b868ee463137eca273e7930c22aafc4e4cfe5b83e650d6b79c824be615973aaae753c5703b5be061c284ea7083d511ddf6dc5391aad712599bbd510b405486bf3cbf97ae2311e06b5574b20e900ba12198f19d41f767547f2761d69303c906d381062e0d148402c963fe126feae8570ae6d6d1c914b99eb3a2f8e0f25117eb8eec7db031e11c3d8cb0934f21700489d290365e0f90d899d805d3864d6a996a75d277e38cb039359e0e0428a3aa4b5d2649f75e9eb9fddf5dcd894f183a34fa4b6cc2415b931d0258eb67ccfe08fd389bbe0860490caa485e2182e1e981a442c9b543392ccb3c929bc7870022c751b056d2688c745e60a793558ca299b11ce7dca6d63992cedecc58d958f3874eebf9d6dcfb77d079b84a48cb465429cb83e1282d77476765a556980c5b6c5f1c7a0e4d889238ba2b92504ad24536e81c214a81af2725d384018c7a239eb6427c55514e9fb079d660e6a92086ecd83511d967c0dd3908358446c88fbdb9c72054a0a49ba93e2937fb288b6a44a4f2cc2885ecc56b4b8149c5fa61047ccf9570ef3c0025c4db8e97e8a92166dc6801113570de720a43e017b2b523349ebc766a7fe3dd2d9bf451bc17ef16ca89096a2500df8a61c859447cddfcc0cdd45b274ed3a7238ea6645db207788982388141d252c3e8548a13b0512ec2a1acb33a19fd37a5e03724050863c1127b32fe6ad38c69cc21a73dfea4977cb47373a7ddd216d76b956a94aad3954a78a8896016f8e2a29cb51babaa9fd374aa9926887685e7be3d72b29b1d6644337a6dee518b238e69c120cb1aa3da4202939c6704067239e66a4d4bfb028b825172069e21a186437c9b4a0ab68df6aa0e4d881c0819f9fbe00e27b3be39bcee865afe6512099fddb88e4a8bef6faf6593dc8a4eef2e1575a23a62e2a2bedc2b21d754fdc1cedbd5c475fb3ce45b89b2a8c91577da8f76921cd7917764a784d77f07354a95754f793485b65e33c90265401ab87ac99b78540d58ea70379a2358357caf62c6b54e7965be35100b57963ece45053a1687a2b2d7dc95798be9234129c79aa78039878497a11ab2af0891b99df6b08a37260e7ed7c7f36a9f9c9d5d955b1241fdf6f50c4bd1b6012cd60566b34dd194f02d1400dfdb3873240cf4ac7dbd09baa86960068c000727f5d44a3181c516347651adeae01917f334a71738a3aa26f1f4a7a02455ce47f42134945a601ecadff61428d42e767127052e5e6f63589553635c43c57ec136552b06a02193dcf30ac17e69bc58c6dcd31e272adbf7e3265c9425163196ecbb1209c892602dad52779c7810582b16c39bec5e31ea9852ea9c63b3c4886b84976eb06cdd081e4797f2045d96a419d820609d5d01fe8ecc85fc1fbc68a1daf91d56bbb9e4e95397812c325b253db566e3f9eb9aee7fe8f0abe2a21899d722b64fa0bd6b01d6f64dfc3963f6a4066874ceb6a700c4a9a9b3c13a93a24c0e5e6128bcc4e3187a5a5529e79d2445c8b46f5f5d6589880ddf3dd00a15320067c3c82fc387d45d236f1f6abdf4c26697ab6c382b2cfe380b43fdf8149f49de16b701c155f2d83f94ed161dcecfc7bd778feb39db9ef4caded209a72af6eef7cb71e4921dd1a501d31afd7f1ecae8440102f073d273914bd39c01cb4495e40dd27d7892f676f8692c6e944b2a63075efd9ce438b714954ae3d3334b731822bc8df375207928e3094038206ef2b65daea497933756a76c5b63631dada9fca33b4e32636410cf4dc294da181a742b34310adb3cdcc01498e405c0a89442fa0d31eab2b1a2c855754c9748fe68867119aab5aeb32db348424280dd2c9792afb36fd98c1ed30280a96604c4612e8bd50cf65a6648d26056e83c4ef70ab8ef9ceb9eaa87ea7f6bb5fcc85752e477e691b8e4d7435942baadaa1687ea09c6eaf67c46fe39c61fe733beb8d502f4872f3baec8b5ddab6c60f18f36d4f0ff571ac4c5d3094946ec65b2a35b7e2ca49e98580aeed7a6a957b629c5527f9023b727872aeed002091869a6bdc3cd99b235419643cfedeb956cc79d8e310dd7958640d1032bb4cce3d859eca8efab029d13428841f6eb04659d26a887536c99ce74d24efa222d66cde8635c488eee4056276e27656093150e378237f928ba770175ae994166c8f7974ee688a7f912b2131f30bb0b665c00754c8f268760e5e9329acc3a36a116394622de20254b61c8741f9bf0455789b1ad7e716081a8f4d0495e4d473eaed053849e8e193ad190e57836eb4bc22854116ae46b05a37bb148fec719ff2a90068e92faff25ae800cd4e7432ae09b83ae72077cc7e8f7686189c42e1bd188bc2617066730440a0a902a19e7f43f098e8879a8a452ef3ab03abbfcaeb3ca5872b29fd66ddf8b87e8c19ffae0ace9eec29a3d3b344568dfc907ca92c7d58b745986eeaceb5e9fdc231e24f46355078f7abb9f05bf774db687c2b4a9c809307f0d68cf96836ecba95a6d6a18ec3eba92fc241ed99f5cf5a81c2bef0b9bbd523437dd0ca705ad7aa126974ec22cd8b5f83f03ad2f4e637bd28acc45fe873853789859d220ef75732fc7980658255129e9db38a9719cca4b7b89ae7e751d1b3f2c938aed16bd4ebf2315820deabd89827949890d3044b326fe40923879bb30f97cacda05b43339e0513bc4afb0853932a9e03fbabb464241682e5e396c7af2de50740fcd460afc714efc2cc3b84f0428c8e2236ee966be198158019ae20983e0ddb41572f914594eb792031f32e3406caf2fb60ce2901a89a10ed3ca65e5d72830ecfb615c23680420b5cbfc52c10383532a37325a0ddcedd6b1131e7b0e271bdb99c3018c6b711aa934b367524220131f57b411274dac341d29eb91213f7468a963ff2d37424619b975b5de254d310022212273786ea33cacaefd2cd402fedce0ad0be686893a0b6a7d8d6a58400f7a4a639dbf6f4697fcc69c60677a2b734b4b17410692d5f912da69c905a6e344809fbfa9992498f448e8dd8d84829957cae94240215c16cc5a2010f2a557aa773c5fd8ac4f514459c0403725f64a7cc06fd4bf1a85dc9a66688ccaf7d258086a3736d926bd4cb86a7e1943cd7521059642d69936a80d787ff9ea113d7ad1ce54460831c580576419fdca69db02e64ce26bfcb6bd4907e1b6c90aaee3bb0d90c573acde5f02dd230b606d813e8f2a6e938c4079423e9a8b52e7f766db2c05704e31a963126ca5de5aaccbe3f0af16060c7886d2f68a7f06d8341ddfc8e672cd28622a43a03a627daa25e2c03f47a5fbd8a559a810cf5ed70e7f5fcbd2f28f2a098e579b4c10a5fdd6f1922d32363261708f87b2323342de12415633067853b8e506476f351aa5eecaa12e0559d5a1633679b77dcc509ed213966f7f2c4fb05b4e4f0aecef706fbf919fe5ec55f02c90feefd5b9abcd3ec7b78987d93d7e1b9ba5a94a0d698b21a7e5e1f13b486cf0734896cbc1c73d7a9a778d939b51b733aa88108b60a766edc09e7d397c4ab73602c8d1f2e2377ab390456b388e198b871f7f8b4b3b70798f49231ff769e74f35006e16e8bbaba50dda945a5d9945f7de2f965c6e64e82ba459a4d33ff901be3689512ce5bfd60c80fe2d123fcf0222925672bca83cdfd81b9a907a43f1a92ecb49f6584e26a5fd5dca81cbdaadbd9209a97f2cd091db6bdc3bc5e43073e94e01b745e4271b9dd97c17187f2646948479537590e63bc35a81ef13306a41c428b8c8218e69469c6d5deb088316e4e37f22d263589adaf145bf420ec0456cab0152ae382ffc15d276f9aacbfc1d7256ae303c0a485272781a14d5c37d25e840b7a98fe7f0c08c13fc601bb9c04bba41ee5034f4e756745aebd56fe35f6a201fd4518a757152cc81047cba1abe8d2c22a262ad3e27aa9f3189be0d5186a25e856308488f534b66c04d14f6b2b0e9ef3b3f589f37a5f00f78f85e7759ad9e2a0f66fc75726df6a40df5a324538fe57d73d28c8acf595dab3f2d709afbf87b1ad2e96e75c26e726685e6bad2639b2926acb7be90bda237ae288320692bee4d193de7009d35c0a512cf75f72f22bc4b0c9fefbf4fe8ef483a8742b8d6c4e46316f5aa8a86cbfc63ddc643605a23300f332736f6e12a4cd20a80ffea0811ea44562c897afa78bd01abaa4f1ccdc16e8b175f3b2c5c3d8fca49267873d09b5e294fa98910a1cb92fa85a6bbf927161ab02c6194708e962e60f6a6b9eb2bbce8c5a590e25187aeab6522c5f9bde90552df9770d02f9fda7f5d413df1c40d59ffabe31d4e32609d13e1556c70507596d95fdfdca1ffadf1da61b5f1e2f5f9d7a3ec325b2bb3a0360366b74cf392d504ec49efe242108585fecd9d0bfab642a18c0b2f35a9d5555cc23b9525f3beb505348794a55909ed010eaae3df1430def15b041076e2b72da7a55ee353355db5c3888892101c1796faa3248e3e74ce9b0262b64ccad679107bceae1e460841e5e903b466398801fd42743842b6e1ddf0d46722b961f380ec3a79727707deca6cd3ec9801e93532f927494edd16878ae1b2f2e1756660f2714165aa6722a2908c50c1a4bed422dc8631b2cebedf27ab0c57815c7554195c911dff74fc6404a5f3aed3cda924b2b5b4e048865667843bcca94abf8a98c37f67ced69530b7369b8f0a777101924d8a3da8f0865970814513f2bcc1a0968530e69eb26675b252feaeba235e2d20ac60a7888c78c1a2216276356f0d69c333cc86f6d7ca4fa187b4d0012fb92dd19757137c06616c1ee4000f3ba7920cf8aea299414c746a30f30ae28eda4a4050ce82efd397b4d7dbb1adb76361b297f80d918903f0483283e298212ae7e0291f57604969d97aed4cb7a23cde641d8650a7fec36bb4dabd2871b4418cfe8dcf7120833d8f71279bfb2847f55a2105d5e9e9d368b9cc5b1e520db6ad9efdff816426b0db61899f32aada795470b3d89a685fa8a882949094014081ce3d67b484ac4afa87def00af5fc4e0db6def32af9329fad2e72e2f330a68451fd3b34621ec6c41fbcf79920bca82b0736ed33c71b8ba3ef56cfa2752c1569a85c2ea3e923350614c614fea90d2e9e7dba977fc8ee1072340e53eeaf3dbb600b67c814067e3af3d2a6065419074065950ed0ac13d67c03f8f4275e5ccedd6e5996e99b866eadf75c9373a302654d25ede2867a0da66b036fb8f3394e00ca6e87b1a3ad5195d909921787d18d542c39253aae361615d3f4acbd0ba56ea0e10a6da87065f9c3e05a95ffd21697b9d2584fa59c900e04b1294e2ae3ed557bd159de0b7ee3b316f20080cd0cde5a9a9221a9b80f544ac957de372baa0fa8e63bebc06257241a11236a5cea1cbbd74676df3156365f2116772d373400506811d4c6bae1a377f4132f6598d477c0bf0ab7316604f01ca9c97eb8366021a100425e39b757f892f19b3d672921099d605553c07600de8a193d3c929832c689fb0d12d4922c8e6428eca1c6271457d94417c1f62cb4b2879f9e41b95ba17d9b84d13edbf59f8642aea6240640a1e4adb8cc4f23824c53ab3c1df4dedefa46da18b4b84bd4a705e4a82d53ccabf7456bfbf1222ce4bc21b11715c8a58f89ef52202fdbe10a26696863e8ad2a0829c36d128d84e11aa94f0371f27182f3d74b4681c8addd3bdd80e7d05fd2341921c197c4302d7e10416d317aac24848a83bd5410de7c2b43d49ff07e6921b827a00524fdf49edd289fc775ab6ab9212dc89ff678ffb82a20bd54c32f9236fa6ac6a628ec63391bbb1502a84ddefc02cd52a1d2df12176dde0501ef9e0eef2e9497eac1d3ab1dd88d280bd02c5afae60facb699316295d58fb368920ec588371a7723d07ff75b1f8a701fb85e5b8b4ef499f64b0aeb9c13f468e915a565636176523a9d572dfc4512e3d34d5d3949135d10445ad9cd36f87fb1ef3cce722409a5f2f9efe7465235066c27ced3b9a087dbfee5f4a8b6512d94acd1272f51099b4c96dd095a619571efdad27d3fe0eca51f2f871f3ceffcde780444d6721fe9ce15677a4eacceee9bbfc1588d8d3c6341ec0c5b10988f9fb430b3efbec653b5b79c11554ba93d18a165f20ab605515ece75324673c5deff0b869904c0398bc44e20ffde37b04b5807cfbd4e63c8e0bc84254eb4fba3bdbc18263af8b5bf3fde7cd0d931fb6c7233c126ee594bb9f6ed265a", 0x2000, &(0x7f000000d440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODESET_CTL(r1, 0x40086408, &(0x7f0000000140)={0x1, 0x8})

6m25.301507152s ago: executing program 6 (id=644):
syz_usb_connect(0x0, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000092df5510ac05269289b201020301090222"], 0x0)
syz_usb_connect(0x1, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x423}}, {0x2, &(0x7f0000000400)=@string={0x2}}]})
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r0, &(0x7f0000000400), 0x2000011a)
recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001e80)=""/4096, 0x1000}], 0x1}, 0x7}], 0x1, 0x40000001, 0x0)

6m23.665265966s ago: executing program 6 (id=645):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x31, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000e8000000000040d900008500000023000000850000000f00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x10, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff)
fsopen(&(0x7f0000000180)='ntfs3\x00', 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x1001, 0x0)
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1afbd70e0f756092}, 0x20000000)
ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000300)={{0x2, 0x4e20, @private=0xa010300}, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x109b70819ce8d017, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 'team_slave_1\x00'})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080)={[{0x2b, 'cpuset'}]}, 0x8)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
keyctl$session_to_parent(0x12)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_sco_SCO_OPTIONS(r3, 0x11, 0x2, 0x0, &(0x7f0000000000)=0xffffffffffffff1c)

6m13.613326002s ago: executing program 6 (id=658):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080000000000000010000009400000007ad4160850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f00000016c0)=""/4126, 0x101e}], 0x1)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
syz_init_net_socket$ax25(0x3, 0x3, 0x1)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
mmap(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x80010, r1, 0x11b68000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102384, 0x18ff0)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000480)={0xa, 0x0, 0x3c000, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x5}, 0x1c)
dup2(r3, r3)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r4, &(0x7f00000027c0)={0xb, 0x10, 0xfa00, {0x0, r5}}, 0x18)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
unshare(0x2c060000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

5m58.226281271s ago: executing program 35 (id=658):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080000000000000010000009400000007ad4160850000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f00000016c0)=""/4126, 0x101e}], 0x1)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
syz_init_net_socket$ax25(0x3, 0x3, 0x1)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
mmap(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x80010, r1, 0x11b68000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r2, &(0x7f0000019680)=""/102384, 0x18ff0)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000480)={0xa, 0x0, 0x3c000, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x5}, 0x1c)
dup2(r3, r3)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r4, &(0x7f00000027c0)={0xb, 0x10, 0xfa00, {0x0, r5}}, 0x18)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
unshare(0x2c060000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

3m30.338743648s ago: executing program 3 (id=906):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
r2 = openat$vicodec0(0xffffff9c, &(0x7f0000000440), 0x2, 0x0)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x18800)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0185648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f909, 0x8002, '\x00', @p_u16=&(0x7f00000010c0)=0xa5b}})
r3 = syz_open_dev$rtc(&(0x7f0000000180), 0x0, 0x408000)
ioctl$RTC_IRQP_READ(r3, 0x8008700b, &(0x7f0000000200))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
r7 = socket$inet6(0x10, 0x3, 0x0)
read(r7, &(0x7f0000000340)=""/254, 0xfe)
sendto$inet6(r7, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0)
recvfrom$inet6(r7, &(0x7f0000000000)=""/45, 0x44, 0x0, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000000)="48050000150019", 0x7}], 0x1)
write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc)
splice(r4, 0x0, r6, 0x0, 0x200000000622c, 0x0)
getsockopt$SO_TIMESTAMP(r7, 0x1, 0x23, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf253b00000008000300", @ANYRES32=r9, @ANYBLOB="48003300e0b00600080211000001080211000001241432aae65a770710004c810f02100004000104161b16062d1a1008030d03000000000000030005000600000000f802000000fd080057"], 0x74}}, 0x48054)
socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0x3c, r11, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={{{}, {0x2}, @broadcast}, 0x26, @void}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080)

3m28.89120801s ago: executing program 3 (id=908):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$alg(0x26, 0x5, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
io_setup(0x7, &(0x7f0000000d80)=<r4=>0x0)
r5 = eventfd(0x9)
io_submit(r4, 0x2, &(0x7f0000000f40)=[&(0x7f0000000e80)={0x0, 0x0, 0x0, 0x6, 0x81, r1, &(0x7f0000000dc0)="f537f8b8b40eef1b9005e8065abc0228742bb24462312b017c894466634f5a1cbbf8f497df7d6e105271d50be2190c00941f8344976207da716a5caac63fed8e9a25df35240094581b4c28a11cf6dea2960b024c1347d7724d1b8de9c963cef92d9d80370382ebd7a2792d34bd3dc5af1ec667379b0fb2e91e68b9e5aadd79435f6f5ceb98960fddfc503388b0a8094df7ed8620785dfa15b23ed69a7b5d4183965843dc4f9438601cce88", 0xab, 0x100000000, 0x0, 0x1, r5}, &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x7, 0x7, r3, &(0x7f0000000ec0)="f983ad5f97333cb983b993946d3dc67eee8064cb7a01355f2d72e4630e9870583b27dfc0cd71a5", 0x27, 0x40, 0x0, 0x3}])
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000100075c0000000e0a01020000000000000000010000000900020073797a32000000000900010073797a30"], 0xec}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x34, r7, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}}, 0x0)

3m19.876193122s ago: executing program 3 (id=915):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x3000000, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}}, 0x0)

3m19.722197183s ago: executing program 3 (id=917):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x11a)
mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0xc000, 0x9)
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000200)='./bus/file0\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
getdents64(r2, 0x0, 0x0)
getdents(r2, 0x0, 0x58)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000980)=ANY=[@ANYBLOB="1400000042000b06"], 0x14}}, 0x0)
recvmmsg(r4, &(0x7f0000006640)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/185, 0xb9}, {&(0x7f0000000280)=""/31, 0x1f}, {&(0x7f00000002c0)=""/255, 0xff}], 0x4}, 0x7fffffff}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x9}], 0x3, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r6=>0x0})
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r7, 0x700, 0x0)
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x30, r5, 0x5, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]]}, 0x30}, 0x1, 0x0, 0x0, 0x44840}, 0x0)

3m19.244793862s ago: executing program 3 (id=919):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc2c85513, &(0x7f0000000340)={{0x9, 0x3, 0x0, 0x0, 'syz0\x00', 0x80000}, 0x0, [0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x100000, 0x0, 0x23f2, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x8000000, 0x761b, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0xfffffffe, 0x7fff, 0x5, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8]})
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x181c82, 0x0)
write$sequencer(r4, &(0x7f0000000040)=[@l={0x92, 0x0, 0xd0}], 0x8)
sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x50, r3, 0x1, 0x70bd25, 0x25dfdbff, {0x2, 0x2, 0x2}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'wg1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x50}, 0x1, 0x40030000000000, 0x0, 0x40004}, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
recvmmsg(r5, &(0x7f0000007c80)=[{{0x0, 0x0, 0x0}, 0x401}], 0x1, 0x40002000, 0x0)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="20000000051421060000000000000000100001"], 0x20}}, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x8, 0x81, 0x7, 0x2, {0x8, 0x5, 0x0, 0x9, 0x40, 0xad14, 0x8, 0x7, 0x25, 0x5, 0x7f, 0x401, 0xfffffff8, 0xcb0, "f4993878e7ef3f9281ae9aeb8d27eda6ed53eb9311e922e476608c28ba70803c"}})

3m18.470080919s ago: executing program 3 (id=920):
r0 = syz_open_dev$usbfs(0x0, 0x1ff, 0x402)
r1 = dup(r0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000240)={0x23, 0x1, 0x2, 0x1, 0x0, 0x5, 0x0})

3m18.287917635s ago: executing program 36 (id=920):
r0 = syz_open_dev$usbfs(0x0, 0x1ff, 0x402)
r1 = dup(r0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000240)={0x23, 0x1, 0x2, 0x1, 0x0, 0x5, 0x0})

2m22.665906973s ago: executing program 2 (id=621):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20002, 0x600a8}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x69}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0xc5c}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x8}]}}}]}, 0x60}}, 0x24008040)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x9, 0x48524742, 0x0, 0x1, 0x0, @discrete={0x205}})

1m51.27597586s ago: executing program 2 (id=621):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20002, 0x600a8}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x69}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0xc5c}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x8}]}}}]}, 0x60}}, 0x24008040)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x9, 0x48524742, 0x0, 0x1, 0x0, @discrete={0x205}})

1m29.416251329s ago: executing program 2 (id=621):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20002, 0x600a8}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x69}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0xc5c}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x8}]}}}]}, 0x60}}, 0x24008040)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x9, 0x48524742, 0x0, 0x1, 0x0, @discrete={0x205}})

1m3.825018435s ago: executing program 2 (id=621):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20002, 0x600a8}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x69}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0xc5c}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x8}]}}}]}, 0x60}}, 0x24008040)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x9, 0x48524742, 0x0, 0x1, 0x0, @discrete={0x205}})

38.182147133s ago: executing program 2 (id=621):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20002, 0x600a8}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x69}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0xc5c}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x8}]}}}]}, 0x60}}, 0x24008040)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x9, 0x48524742, 0x0, 0x1, 0x0, @discrete={0x205}})

16.801487945s ago: executing program 2 (id=621):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20002, 0x600a8}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x69}, @IFLA_BR_MCAST_LAST_MEMBER_INTVL={0xc}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0xc, 0x1f, 0xc5c}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x8}]}}}]}, 0x60}}, 0x24008040)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000080)={0x9, 0x48524742, 0x0, 0x1, 0x0, @discrete={0x205}})

13.302627871s ago: executing program 8 (id=1235):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
r2 = openat$vicodec0(0xffffff9c, &(0x7f0000000440), 0x2, 0x0)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x18800)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0185648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f909, 0x8002, '\x00', @p_u16=&(0x7f00000010c0)=0xa5b}})
r3 = syz_open_dev$rtc(&(0x7f0000000180), 0x0, 0x408000)
ioctl$RTC_IRQP_READ(r3, 0x8008700b, &(0x7f0000000200))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
r7 = socket$inet6(0x10, 0x3, 0x0)
read(r7, &(0x7f0000000340)=""/254, 0xfe)
sendto$inet6(r7, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0)
recvfrom$inet6(r7, &(0x7f0000000000)=""/45, 0x44, 0x0, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000000)="48050000150019", 0x7}], 0x1)
write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc)
splice(r4, 0x0, r6, 0x0, 0x200000000622c, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf253b00000008000300", @ANYRES32=r9, @ANYBLOB="48003300e0b00600080211000001080211000001241432aae65a770710004c810f02100004000104161b16062d1a1008030d03000000000000030005000600000000f802000000fd080057"], 0x74}}, 0x48054)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r11=>0x0})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r12, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0x3c, r13, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={{{}, {0x2}, @broadcast}, 0x26, @void}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080)

13.223357855s ago: executing program 7 (id=1236):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x258, 0x30, 0x1, 0x0, 0x0, {}, [{0x244, 0x1, [@m_vlan={0x114, 0x18, 0x0, 0x0, {{0x9}, {0x38, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x5}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x4}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x950}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x7fff, 0x0, 0x20000008, 0x7, 0xfd3}, 0x3}}]}, {0xb3, 0x6, "768d1e7e6370497ced79c014a30a2c340f7efd691cb37a9741d1fd257869c4ab066eeadc155e33b310353c8e9ae422bfb9d738e0918f38bdac45f392de50dd74b8641b517f8d265cae3dc8dff021d1a072882cdf0df61620a633a5c7cb13c12411b4ed1c02075d8cf6682774fa06fdbc13f74c04293cea05f8fcca92df22636fbf70996ac3f00530e246a1fd5a203e32abfda10cb5329c632f81296d58a3963b9a44448c8c2ecd2a5a80149ffffeb2"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_gact={0x12c, 0x7, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x100, 0x4, 0x0, 0x2, 0x3}}, @TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x1ff0000, 0x10000000, 0xf, 0x800}}]}, {0xd0, 0x6, "91cafdf2ab26166bd035a5942f41f0d0857ad2408f96fdf668348a58f25008add13d1c7e57e9f146ade5b6ab0eedd9c03a1a8c410b668de18dedad9e1fd3204bdf74cb7a707f2415fbcf7275df3348e7bf75e5962875fa345c1b1e6328dee75ceae12623b0fe9881cab9a1a7df1b740c62a12f58b906b5c6a4c3f29dc36ff5996ccf7691d51aa76748561caf5dca03286ce80334fcd92922c740e02f8b985e75f417208b68d6eb5f6712ee63d1291b5263408dba689972dbacceafc814b8d36742955ca81c11d151ff4b4e7f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x258}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x80, 0x0, 0x89}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r7, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0xad8})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {0x3}}, './file0\x00'})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
r10 = fsmount(r9, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000200)={@cgroup=r10, r8, 0x12, 0x6, 0x0, @void, @value}, 0x10)
r11 = syz_open_dev$usbmon(&(0x7f0000000180), 0x1, 0xa000)
ioctl$MON_IOCH_MFLUSH(r11, 0x9208, 0x9)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206050000000000000000000700000014000780080008400000009808000640000a00000500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}}, 0x20000000)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000b40)=[{0x0}, {0x0}], 0x2}})
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x25)
io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0)

12.274401136s ago: executing program 8 (id=1239):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
eventfd(0x9)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x34, r3, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}}, 0x0)

11.761617675s ago: executing program 7 (id=1241):
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b89200"], 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185)

10.448788283s ago: executing program 5 (id=1242):
r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

10.448286903s ago: executing program 5 (id=1243):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d000000"], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffe94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f0000000140))
pipe2(&(0x7f0000000480), 0x4080)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
ioprio_set$pid(0x3, 0x0, 0x4004)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket$inet6(0xa, 0x1, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYRES64, @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a500000008000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x2dc, 0x1b4, 0x0, 0x148, 0x1b4, 0x148, 0x248, 0x240, 0x240, 0x248, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0x190, 0x1b4, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x11e, 0x10, 0x2, 0x0, 'syz1\x00'}}, @common=@addrtype={{0x2c}}]}, @common=@inet=@SYNPROXY={0x24}}, {{@uncond, 0x0, 0x70, 0x94}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xfffffffffffffffc}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x338)
r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r9, 0x4c80, 0xffffffffffffffb6)

9.429362878s ago: executing program 5 (id=1244):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000200)={0x30, r0, 0x801, 0x0, 0xfffffffc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x14, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac0c}]}]}, 0x30}}, 0x0)

8.58979078s ago: executing program 7 (id=1245):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703380000001f00070000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x26, 0x1, 0x0, "27425b895f17386bcec1d8665c0084feea0be6b8a80052d063e6179d13f019e3"})
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/mdstat\x00', 0x0, 0x0)
r3 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000)={0x10000000})
write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x7, 0x21, 0x1}, 0x7)

2.603565133s ago: executing program 5 (id=1246):
ioctl$DRM_IOCTL_MODE_ADDFB(0xffffffffffffffff, 0xc01c64ae, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@bridge_delneigh={0x1b, 0x1c, 0x63, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x80, 0xbe}, [@NDA_LLADDR={0xa, 0x2, @random="63ccc7696324"}]}, 0x28}}, 0x0)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x68, &(0x7f0000000080)=0x1, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.603244689s ago: executing program 7 (id=1247):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
r2 = openat$vicodec0(0xffffff9c, &(0x7f0000000440), 0x2, 0x0)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x18800)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0185648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f909, 0x8002, '\x00', @p_u16=&(0x7f00000010c0)=0xa5b}})
r3 = syz_open_dev$rtc(&(0x7f0000000180), 0x0, 0x408000)
ioctl$RTC_IRQP_READ(r3, 0x8008700b, &(0x7f0000000200))
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
r6 = socket$inet6(0x10, 0x3, 0x0)
read(r6, &(0x7f0000000340)=""/254, 0xfe)
sendto$inet6(r6, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0)
recvfrom$inet6(r6, &(0x7f0000000000)=""/45, 0x44, 0x0, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000000)="48050000150019", 0x7}], 0x1)
write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc)
getsockopt$SO_TIMESTAMP(r6, 0x1, 0x23, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="48003300e0b00600080211000001080211000001241432aae65a770710004c810f02100004000104161b16062d1a1008030d03000000000000030005000600000000f802000000fd080057"], 0x74}}, 0x48054)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r10=>0x0})
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r11, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0x3c, r12, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={{{}, {0x2}, @broadcast}, 0x26, @void}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080)

2.479033694s ago: executing program 8 (id=1248):
getresgid(&(0x7f0000000000), 0x0, &(0x7f0000000080))
writev(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000000080)}], 0x1)
r0 = socket$l2tp(0x2, 0x2, 0x73)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000100), 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, &(0x7f0000000140))
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000180)=0x5)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001400090400000800fddbdf25020000fe", @ANYRES32=r7, @ANYBLOB="08000200ac"], 0x48}, 0x1, 0x0, 0x0, 0x4000855}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[], 0xe8}}, 0x0)
openat$snapshot(0xffffff9c, &(0x7f00000001c0), 0x8201, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)

2.478609961s ago: executing program 5 (id=1249):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x258, 0x30, 0x1, 0x0, 0x0, {}, [{0x244, 0x1, [@m_vlan={0x114, 0x18, 0x0, 0x0, {{0x9}, {0x38, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x5}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x4}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x950}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x7fff, 0x0, 0x20000008, 0x7, 0xfd3}, 0x3}}]}, {0xb3, 0x6, "768d1e7e6370497ced79c014a30a2c340f7efd691cb37a9741d1fd257869c4ab066eeadc155e33b310353c8e9ae422bfb9d738e0918f38bdac45f392de50dd74b8641b517f8d265cae3dc8dff021d1a072882cdf0df61620a633a5c7cb13c12411b4ed1c02075d8cf6682774fa06fdbc13f74c04293cea05f8fcca92df22636fbf70996ac3f00530e246a1fd5a203e32abfda10cb5329c632f81296d58a3963b9a44448c8c2ecd2a5a80149ffffeb2"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_gact={0x12c, 0x7, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x100, 0x4, 0x0, 0x2, 0x3}}, @TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x1ff0000, 0x10000000, 0xf, 0x800}}]}, {0xd0, 0x6, "91cafdf2ab26166bd035a5942f41f0d0857ad2408f96fdf668348a58f25008add13d1c7e57e9f146ade5b6ab0eedd9c03a1a8c410b668de18dedad9e1fd3204bdf74cb7a707f2415fbcf7275df3348e7bf75e5962875fa345c1b1e6328dee75ceae12623b0fe9881cab9a1a7df1b740c62a12f58b906b5c6a4c3f29dc36ff5996ccf7691d51aa76748561caf5dca03286ce80334fcd92922c740e02f8b985e75f417208b68d6eb5f6712ee63d1291b5263408dba689972dbacceafc814b8d36742955ca81c11d151ff4b4e7f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x258}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x80, 0x0, 0x89}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r7, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0xad8})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r3, 0xc0189374, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2, {0x3}}, './file0\x00'})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
r10 = fsmount(r9, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000200)={@cgroup=r10, r8, 0x12, 0x6, 0x0, @void, @value}, 0x10)
r11 = syz_open_dev$usbmon(&(0x7f0000000180), 0x1, 0xa000)
ioctl$MON_IOCH_MFLUSH(r11, 0x9208, 0x9)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206050000000000000000000700000014000780080008400000009808000640000a00000500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}}, 0x20000000)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000b40)=[{0x0}, {0x0}], 0x2}})
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x25)
io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0)

1.532575884s ago: executing program 7 (id=1250):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000100)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000083c0)={{0x1, 0x3}})
read(r4, &(0x7f0000000340)=""/87, 0x57)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
io_uring_enter(r1, 0x47f4, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x14)

1.384661934s ago: executing program 8 (id=1251):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000100)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000083c0)={{0x1, 0x3}})
read(r4, &(0x7f0000000340)=""/87, 0x57)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
io_uring_enter(r1, 0x47f4, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x14)

1.031666048s ago: executing program 7 (id=1252):
syz_usb_connect(0x0, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000092df5510ac05269289b201020301090222"], 0x0)
syz_usb_connect(0x1, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x5, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x423}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x187f}}, {0xce, &(0x7f00000002c0)=ANY=[@ANYBLOB="ce03ffffffffc12302b0b50ca98604477d17e3e943334574a78f12fff9dc941177ab569794033a2de09980ab1ef5973b4e5c3a4414cf9129d6b6192524eb3527784c0f21a3db4092f798193a29d71eac5e228ab3cd09e63eeb049eadf0f23f8264fd3a6e8e54293698c0f6d77aef850e33241349c18e70a3d5bf2fb1c007fd6fda84fb9001504011dbca0d7436f3885bd9b35dedd45a977a0c9be030b59f2154986e33e302a18e5ad7286ded86e716704e6efcc2aef808957458b210f2410bd73988000000000000000000"]}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x813}}, {0xf, &(0x7f0000000400)=@string={0xf, 0x3, "c4f9202ed2b85620e27d906e4a"}}]})
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r0, &(0x7f0000000400), 0x2000011a)
recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001e80)=""/4096, 0x1000}], 0x1}, 0x7}], 0x1, 0x40000001, 0x0)

805.692775ms ago: executing program 8 (id=1253):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000003600), 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='timerslack_ns\x00')
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x1, 0x1, 0x6000, 0x2000, &(0x7f0000fa2000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000204000/0x2000)=nil})
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000000, 0x4000010, r0, 0xa90d5000)
pread64(r1, &(0x7f0000033240)=""/102391, 0x18ff7, 0x1)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYRESDEC=r1], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x18)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r6}, 0x10)
close(0xffffffffffffffff)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
close(r7)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r5, 0x0, 0x0}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000001ac0)=r7, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000680)={r7, 0x0, 0x0}, 0x10)

645.220023ms ago: executing program 5 (id=1254):
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b8920000000109029009"], 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185)

0s ago: executing program 8 (id=1255):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, 0x0, 0x0)
openat$vim2m(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x28, 0x32, 0x1, 0x70bd2a, 0x25dbdbfe, {0x5}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x2}, @typed={0x9, 0x5, 0x0, 0x0, @str='syz0\x06'}]}, 0x28}, 0x1, 0x0, 0x0, 0x50}, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
pselect6(0x40, &(0x7f00000001c0)={0x6, 0x8, 0x2, 0x401, 0x1000, 0x6, 0x7, 0xfff}, &(0x7f0000000300)={0x6, 0x1, 0x136bc30a, 0x5, 0x9, 0x8, 0x2, 0x1}, &(0x7f0000000340)={0xdd, 0xc, 0x8, 0xd4, 0xf83, 0x1, 0x3, 0x5}, &(0x7f0000000380), &(0x7f0000000400)={&(0x7f00000003c0)={[0x100, 0x4]}, 0x8})
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76"])
open$dir(&(0x7f00000068c0)='./file0\x00', 0x101000, 0x281)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r9}, 0xc)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000", @ANYRES32=r4, @ANYBLOB="25003300d0000000080211000001080211000000505050505050d00003"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)

kernel console output (not intermixed with test programs):

93][T10768] RSP: 0018:ffffc90003b8fd80 EFLAGS: 00050246
[  446.849104][T10768] RAX: 0000000000000001 RBX: 0000000080000080 RCX: 0000000000000018
[  446.849112][T10768] RDX: fffff52000771fc3 RSI: 0000000080000080 RDI: ffffc90003b8fe00
[  446.849120][T10768] RBP: 0000000000000018 R08: 0000000000000001 R09: fffff52000771fc2
[  446.849128][T10768] R10: ffffc90003b8fe17 R11: 0000000000000000 R12: 0000000000000000
[  446.849136][T10768] R13: ffffc90003b8fe00 R14: ffff888025275c00 R15: ffff88806ed5bc00
[  446.849154][T10768]  move_addr_to_kernel+0x68/0x160
[  446.849171][T10768]  __sys_bind+0x11c/0x260
[  446.849186][T10768]  ? __pfx___sys_bind+0x10/0x10
[  446.849199][T10768]  ? __fget_files+0x206/0x3a0
[  446.849223][T10768]  ? __pfx_ksys_write+0x10/0x10
[  446.849245][T10768]  __ia32_sys_bind+0x71/0xb0
[  446.849259][T10768]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  446.849275][T10768]  __do_fast_syscall_32+0x73/0x120
[  446.849292][T10768]  do_fast_syscall_32+0x32/0x80
[  446.849309][T10768]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  446.849341][T10768] RIP: 0023:0xf7f03579
[  446.849351][T10768] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  446.849362][T10768] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000169
[  446.849373][T10768] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  446.849381][T10768] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000
[  446.849389][T10768] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  446.849396][T10768] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  446.849403][T10768] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  446.849419][T10768]  </TASK>
[  447.470649][ T9353] usb 13-1: new high-speed USB device number 3 using dummy_hcd
[  447.493081][T10775] netlink: 1268 bytes leftover after parsing attributes in process `syz.7.942'.
[  447.550521][T10702] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.565421][T10702] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.575479][T10702] bridge_slave_0: entered allmulticast mode
[  447.593516][T10702] bridge_slave_0: entered promiscuous mode
[  447.652378][ T9353] usb 13-1: Using ep0 maxpacket: 8
[  447.671835][ T9353] usb 13-1: config index 0 descriptor too short (expected 301, got 45)
[  447.675397][ T9353] usb 13-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  447.680692][T10702] bridge0: port 2(bridge_slave_1) entered blocking state
[  447.682443][ T9353] usb 13-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  447.691171][ T9353] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  447.694908][T10702] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.696141][ T9353] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.713300][T10702] bridge_slave_1: entered allmulticast mode
[  447.714571][ T9353] usbtmc 13-1:16.0: bulk endpoints not found
[  447.759070][T10702] bridge_slave_1: entered promiscuous mode
[  448.009201][T10702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  448.040576][T10702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  448.180824][T10702] team0: Port device team_slave_0 added
[  448.196643][T10702] team0: Port device team_slave_1 added
[  448.462394][T10702] batman_adv: batadv0: Adding interface: batadv_slave_0
[  448.483007][T10702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.497447][T10702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  448.610045][T10702] batman_adv: batadv0: Adding interface: batadv_slave_1
[  448.612793][T10702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.643308][T10702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  448.855417][T10702] hsr_slave_0: entered promiscuous mode
[  448.858260][T10702] hsr_slave_1: entered promiscuous mode
[  448.860877][T10702] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  448.864803][T10702] Cannot create hsr debugfs directory
[  450.296204][ T9353] usb 13-1: USB disconnect, device number 3
[  450.835690][T10702] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  450.886754][T10702] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  450.925090][T10702] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  450.941357][T10702] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  452.718239][T10702] 8021q: adding VLAN 0 to HW filter on device bond0
[  452.736855][T10702] 8021q: adding VLAN 0 to HW filter on device team0
[  452.950508][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state
[  452.969758][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state
[  452.990050][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  452.994187][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  453.217238][T10868] FAULT_INJECTION: forcing a failure.
[  453.217238][T10868] name failslab, interval 1, probability 0, space 0, times 0
[  453.240831][T10868] CPU: 2 UID: 0 PID: 10868 Comm: syz.7.955 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  453.240856][T10868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  453.240866][T10868] Call Trace:
[  453.240872][T10868]  <TASK>
[  453.240879][T10868]  dump_stack_lvl+0x16c/0x1f0
[  453.240904][T10868]  should_fail_ex+0x50a/0x650
[  453.240927][T10868]  ? fs_reclaim_acquire+0xae/0x150
[  453.240949][T10868]  should_failslab+0xc2/0x120
[  453.240965][T10868]  __kmalloc_node_noprof+0xd1/0x510
[  453.240988][T10868]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  453.241013][T10868]  __kvmalloc_node_noprof+0xad/0x1a0
[  453.241035][T10868]  io_alloc_cache_init+0x33/0x170
[  453.241056][T10868]  io_uring_setup+0x5a7/0x2200
[  453.241075][T10868]  ? __pfx_io_uring_setup+0x10/0x10
[  453.241093][T10868]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  453.241118][T10868]  ? __fget_files+0x206/0x3a0
[  453.241145][T10868]  ? ksys_write+0x1ba/0x250
[  453.241167][T10868]  ? __pfx_ksys_write+0x10/0x10
[  453.241194][T10868]  __ia32_sys_io_uring_setup+0x97/0x140
[  453.241213][T10868]  __do_fast_syscall_32+0x73/0x120
[  453.241239][T10868]  do_fast_syscall_32+0x32/0x80
[  453.241262][T10868]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  453.241289][T10868] RIP: 0023:0xf7f57579
[  453.241303][T10868] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  453.241319][T10868] RSP: 002b:00000000f505550c EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[  453.241337][T10868] RAX: ffffffffffffffda RBX: 0000000000000239 RCX: 0000000080000380
[  453.241348][T10868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  453.241358][T10868] RBP: 0000000080000180 R08: 0000000000000000 R09: 0000000000000000
[  453.241368][T10868] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  453.241378][T10868] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  453.241401][T10868]  </TASK>
[  453.349743][T10702] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  453.595108][T10855] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  453.612286][T10855] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  453.716402][T10855] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  453.757911][T10855] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  453.852746][T10855] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  453.874058][T10702] 8021q: adding VLAN 0 to HW filter on device batadv0
[  453.906746][T10855] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  453.948995][T10855] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  453.952936][T10702] veth0_vlan: entered promiscuous mode
[  453.986322][T10855] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  453.990634][T10702] veth1_vlan: entered promiscuous mode
[  454.032682][T10702] veth0_macvtap: entered promiscuous mode
[  454.043397][T10702] veth1_macvtap: entered promiscuous mode
[  454.062139][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.079073][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.083246][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.102120][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.107539][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.112497][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.129893][T10702] batman_adv: batadv0: Interface activated: batadv_slave_0
[  454.135418][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.151236][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.159605][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.169849][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.177094][T10702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.181910][T10702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.225658][T10702] batman_adv: batadv0: Interface activated: batadv_slave_1
[  454.241737][T10702] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  454.262288][T10702] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  454.285705][T10702] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  454.313073][T10702] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  454.344444][ T5949] usb 12-1: new full-speed USB device number 27 using dummy_hcd
[  454.506157][T10891] netlink: 144 bytes leftover after parsing attributes in process `syz.8.957'.
[  454.571083][ T7228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  454.588676][ T7228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.592538][ T5949] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  454.597011][ T5949] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 2
[  454.609738][ T5949] usb 12-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  454.615867][ T5949] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.629112][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  454.637732][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.665673][ T5949] usb 12-1: config 0 descriptor??
[  454.690928][ T5949] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  454.727087][ T5949] dvb-usb: bulk message failed: -22 (3/0)
[  454.817133][ T5949] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  454.831590][ T5949] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  454.835225][ T5949] usb 12-1: media controller created
[  454.838775][ T5949] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  454.870115][ T5949] dvb-usb: bulk message failed: -22 (6/0)
[  454.916605][ T5949] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  454.938219][ T5949] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb12/12-1/input/input11
[  454.953494][ T5949] dvb-usb: schedule remote query interval to 150 msecs.
[  454.956684][ T5949] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  455.033104][ T5955] usb 13-1: new high-speed USB device number 4 using dummy_hcd
[  455.126224][ T5949] dvb-usb: bulk message failed: -22 (1/0)
[  455.128739][ T5949] dvb-usb: error while querying for an remote control event.
[  455.187432][ T5955] usb 13-1: Using ep0 maxpacket: 8
[  455.195167][ T5955] usb 13-1: config index 0 descriptor too short (expected 301, got 45)
[  455.198826][ T5955] usb 13-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  455.224030][ T5955] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  455.244631][ T5955] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  455.249775][ T5955] usb 13-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  455.255706][ T5955] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  455.259673][ T5955] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.269737][ T5955] usbtmc 13-1:16.0: bulk endpoints not found
[  455.315375][ T5949] dvb-usb: bulk message failed: -22 (1/0)
[  455.320160][ T5949] dvb-usb: error while querying for an remote control event.
[  455.468123][ T1016] dvb-usb: bulk message failed: -22 (1/0)
[  455.471677][ T1016] dvb-usb: error while querying for an remote control event.
[  455.633237][ T1016] dvb-usb: bulk message failed: -22 (1/0)
[  455.636042][ T1016] dvb-usb: error while querying for an remote control event.
[  455.644107][   T66] Bluetooth: hci0: command 0x0406 tx timeout
[  455.724226][   T66] Bluetooth: hci1: command 0x0c1a tx timeout
[  455.805410][ T1016] dvb-usb: bulk message failed: -22 (1/0)
[  455.808787][ T1016] dvb-usb: error while querying for an remote control event.
[  455.983606][ T1016] dvb-usb: bulk message failed: -22 (1/0)
[  456.019317][ T1016] dvb-usb: error while querying for an remote control event.
[  456.198437][ T1016] dvb-usb: bulk message failed: -22 (1/0)
[  456.200622][ T1016] dvb-usb: error while querying for an remote control event.
[  456.363374][ T1016] dvb-usb: bulk message failed: -22 (1/0)
[  456.366455][ T1016] dvb-usb: error while querying for an remote control event.
[  456.528023][ T1016] dvb-usb: bulk message failed: -22 (1/0)
[  456.530470][ T1016] dvb-usb: error while querying for an remote control event.
[  456.667301][ T1221] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  456.835229][ T1016] dvb-usb: bulk message failed: -22 (1/0)
[  456.837757][ T1016] dvb-usb: error while querying for an remote control event.
[  456.970674][ T5990] usb 12-1: USB disconnect, device number 27
[  457.064034][ T5990] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  457.724418][   T66] Bluetooth: hci0: command 0x0406 tx timeout
[  457.827968][   T66] Bluetooth: hci1: command 0x0c1a tx timeout
[  457.844914][ T5990] usb 13-1: USB disconnect, device number 4
[  458.124327][   T40] audit: type=1326 audit(1741326918.608:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10921 comm="syz.8.964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000
[  458.158433][ T1221] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.186759][   T40] audit: type=1326 audit(1741326918.608:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10921 comm="syz.8.964" exe="/syz-executor" sig=0 arch=40000003 syscall=46 compat=1 ip=0xf7f03579 code=0x7ffc0000
[  458.198067][   T40] audit: type=1326 audit(1741326918.608:46): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=unconfined pid=10921 comm="syz.8.964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000
[  458.210996][   T40] audit: type=1326 audit(1741326918.608:47): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=unconfined pid=10921 comm="syz.8.964" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f03579 code=0x7ffc0000
[  458.221962][   T40] audit: type=1326 audit(1741326918.608:48): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=unconfined pid=10921 comm="syz.8.964" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f03579 code=0x7ffc0000
[  458.493831][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  458.503184][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  458.522450][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  458.526034][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  458.530368][ T5950] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  458.535126][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  459.274330][ T1221] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.322805][T10929] FAULT_INJECTION: forcing a failure.
[  459.322805][T10929] name failslab, interval 1, probability 0, space 0, times 0
[  459.332366][T10929] CPU: 1 UID: 0 PID: 10929 Comm: syz.5.965 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  459.332387][T10929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  459.332398][T10929] Call Trace:
[  459.332403][T10929]  <TASK>
[  459.332410][T10929]  dump_stack_lvl+0x16c/0x1f0
[  459.332437][T10929]  should_fail_ex+0x50a/0x650
[  459.332461][T10929]  ? fs_reclaim_acquire+0xae/0x150
[  459.332503][T10929]  should_failslab+0xc2/0x120
[  459.332519][T10929]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  459.332540][T10929]  ? getname_flags.part.0+0x4c/0x550
[  459.332560][T10929]  getname_flags.part.0+0x4c/0x550
[  459.332578][T10929]  getname_flags+0x93/0xf0
[  459.332597][T10929]  user_path_at+0x24/0x60
[  459.332617][T10929]  __ia32_sys_mount+0x1fc/0x310
[  459.332632][T10929]  ? __pfx___ia32_sys_mount+0x10/0x10
[  459.332652][T10929]  __do_fast_syscall_32+0x73/0x120
[  459.332676][T10929]  do_fast_syscall_32+0x32/0x80
[  459.332696][T10929]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  459.332720][T10929] RIP: 0023:0xf73ae579
[  459.332734][T10929] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  459.332748][T10929] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  459.332764][T10929] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800000c0
[  459.332774][T10929] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000080000400
[  459.332783][T10929] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  459.332793][T10929] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  459.332803][T10929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  459.332821][T10929]  </TASK>
[  459.860422][T10938] overlayfs: upper fs does not support tmpfile.
[  459.871050][ T1221] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.883925][   T66] Bluetooth: hci1: command 0x0c1a tx timeout
[  459.909374][T10926] chnl_net:caif_netlink_parms(): no params data found
[  460.196256][ T6014] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[  460.393020][ T6014] usb 10-1: Using ep0 maxpacket: 8
[  460.400914][ T6014] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  460.452206][ T6014] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  460.460448][T10926] bridge0: port 1(bridge_slave_0) entered blocking state
[  460.470293][ T6014] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  460.477051][T10926] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.499176][T10926] bridge_slave_0: entered allmulticast mode
[  460.502683][T10926] bridge_slave_0: entered promiscuous mode
[  460.525896][T10926] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.529458][T10926] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.534235][T10926] bridge_slave_1: entered allmulticast mode
[  460.555066][T10926] bridge_slave_1: entered promiscuous mode
[  460.590611][ T6014] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  460.615081][   T66] Bluetooth: hci2: command tx timeout
[  460.623390][ T6014] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  460.633201][ T6014] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.831620][ T1221] bridge_slave_1: left allmulticast mode
[  460.834056][ T1221] bridge_slave_1: left promiscuous mode
[  460.844156][ T1221] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.872768][ T1221] bridge_slave_0: left allmulticast mode
[  460.875182][ T1221] bridge_slave_0: left promiscuous mode
[  460.878846][ T1221] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.904401][T10954] netlink: 8 bytes leftover after parsing attributes in process `syz.8.971'.
[  461.092358][ T6014] usb 10-1: GET_CAPABILITIES returned 0
[  461.094634][ T6014] usbtmc 10-1:16.0: can't read capabilities
[  461.297960][T10944] tmpfs: Bad value for 'mpol'
[  461.385769][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.396006][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.403910][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.409542][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.416325][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.421866][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.427878][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.434193][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.439506][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.447621][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.452451][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.458142][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.463624][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.469075][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.473031][ T6014] usb 13-1: new high-speed USB device number 5 using dummy_hcd
[  461.475284][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.482127][    C2] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  461.490172][T10319] usb 10-1: USB disconnect, device number 24
[  461.707188][ T6014] usb 13-1: Using ep0 maxpacket: 8
[  461.711929][ T6014] usb 13-1: config index 0 descriptor too short (expected 301, got 45)
[  461.722386][ T6014] usb 13-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  461.729390][ T6014] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  461.733928][ T6014] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  461.751329][ T6014] usb 13-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  461.756384][ T6014] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  461.776560][ T6014] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.800682][ T6014] usbtmc 13-1:16.0: bulk endpoints not found
[  462.424416][ T1221] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  462.477380][ T1221] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  462.484071][ T1221] bond0 (unregistering): Released all slaves
[  462.497985][T10926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  462.546751][T10958] ip6gretap0: entered promiscuous mode
[  462.550161][T10958] vlan2: entered promiscuous mode
[  462.572133][T10958] ip6gretap0: left promiscuous mode
[  462.678739][T10926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  462.683249][   T66] Bluetooth: hci2: command tx timeout
[  463.068901][T10926] team0: Port device team_slave_0 added
[  463.105619][T10926] team0: Port device team_slave_1 added
[  463.652542][T10926] batman_adv: batadv0: Adding interface: batadv_slave_0
[  463.667994][T10926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  463.736919][T10926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  463.981596][T10926] batman_adv: batadv0: Adding interface: batadv_slave_1
[  463.984732][T10926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  463.999910][T10926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  464.114951][ T1221] hsr_slave_0: left promiscuous mode
[  464.140456][ T1221] hsr_slave_1: left promiscuous mode
[  464.143565][ T1221] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  464.146693][ T1221] batman_adv: batadv0: Removing interface: batadv_slave_0
[  464.179691][ T1221] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  464.184843][ T1221] batman_adv: batadv0: Removing interface: batadv_slave_1
[  464.227209][ T6605] usb 13-1: USB disconnect, device number 5
[  464.233287][ T1221] veth1_macvtap: left promiscuous mode
[  464.235631][ T1221] veth0_macvtap: left promiscuous mode
[  464.238471][ T1221] veth1_vlan: left promiscuous mode
[  464.240890][ T1221] veth0_vlan: left promiscuous mode
[  464.769666][   T66] Bluetooth: hci2: command tx timeout
[  464.955997][ T6009] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[  465.142148][ T6009] usb 10-1: Using ep0 maxpacket: 16
[  465.147205][ T6009] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  465.161594][ T6009] usb 10-1: config 0 has no interfaces?
[  465.179483][ T6009] usb 10-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  465.183364][ T6009] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.187151][ T6009] usb 10-1: Product: syz
[  465.189266][ T6009] usb 10-1: Manufacturer: syz
[  465.206121][ T6009] usb 10-1: SerialNumber: syz
[  465.220551][ T6009] usb 10-1: config 0 descriptor??
[  465.460921][   T39] tipc: Subscription rejected, illegal request
[  465.472785][ T5990] usb 10-1: USB disconnect, device number 25
[  466.866769][   T66] Bluetooth: hci2: command tx timeout
[  468.166547][ T1221] team0 (unregistering): Port device team_slave_1 removed
[  468.585216][ T1221] team0 (unregistering): Port device team_slave_0 removed
[  472.706742][T10926] hsr_slave_0: entered promiscuous mode
[  472.710899][T10926] hsr_slave_1: entered promiscuous mode
[  472.716232][T10926] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  472.719959][T10926] Cannot create hsr debugfs directory
[  473.077529][T11028] netlink: 8 bytes leftover after parsing attributes in process `syz.7.986'.
[  473.106066][T11028] netlink: 8 bytes leftover after parsing attributes in process `syz.7.986'.
[  473.231018][T11033] FAULT_INJECTION: forcing a failure.
[  473.231018][T11033] name failslab, interval 1, probability 0, space 0, times 0
[  473.243036][T11033] CPU: 3 UID: 0 PID: 11033 Comm: syz.8.987 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  473.243062][T11033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  473.243073][T11033] Call Trace:
[  473.243079][T11033]  <TASK>
[  473.243086][T11033]  dump_stack_lvl+0x16c/0x1f0
[  473.243115][T11033]  should_fail_ex+0x50a/0x650
[  473.243142][T11033]  ? fs_reclaim_acquire+0xae/0x150
[  473.243165][T11033]  ? nla_strdup+0xc6/0x150
[  473.243182][T11033]  should_failslab+0xc2/0x120
[  473.243198][T11033]  __kmalloc_noprof+0xcb/0x510
[  473.243230][T11033]  nla_strdup+0xc6/0x150
[  473.243250][T11033]  nf_tables_addchain.constprop.0+0x469/0x1ab0
[  473.243280][T11033]  ? lock_acquire+0x2f/0xb0
[  473.243302][T11033]  ? nft_chain_lookup+0x101/0x3e0
[  473.243327][T11033]  ? __pfx_nf_tables_addchain.constprop.0+0x10/0x10
[  473.243347][T11033]  ? __pfx_nft_chain_lookup+0x10/0x10
[  473.243389][T11033]  ? nla_strcmp+0xff/0x130
[  473.243409][T11033]  ? nft_table_lookup.part.0+0x1e3/0x230
[  473.243432][T11033]  nf_tables_newchain+0x1cc4/0x27f0
[  473.243458][T11033]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  473.243486][T11033]  ? __nla_validate_parse+0x5d1/0x2880
[  473.243510][T11033]  ? __pfx_nf_tables_newchain+0x10/0x10
[  473.243531][T11033]  ? __pfx___nla_validate_parse+0x10/0x10
[  473.243550][T11033]  ? net_generic+0xea/0x2a0
[  473.243575][T11033]  ? __pfx_lock_release+0x10/0x10
[  473.243605][T11033]  ? __nla_parse+0x40/0x60
[  473.243625][T11033]  nfnetlink_rcv_batch+0x1a2a/0x24e0
[  473.243665][T11033]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  473.243697][T11033]  ? __local_bh_enable_ip+0xa4/0x120
[  473.243764][T11033]  ? lockdep_hardirqs_on+0x7c/0x110
[  473.243812][T11033]  ? __pfx___dev_queue_xmit+0x10/0x10
[  473.243864][T11033]  ? __nla_parse+0x40/0x60
[  473.243889][T11033]  nfnetlink_rcv+0x3c3/0x430
[  473.243914][T11033]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  473.243946][T11033]  netlink_unicast+0x53c/0x7f0
[  473.243974][T11033]  ? __pfx_netlink_unicast+0x10/0x10
[  473.243996][T11033]  ? __phys_addr+0xc6/0x150
[  473.244012][T11033]  ? __phys_addr_symbol+0x30/0x80
[  473.244027][T11033]  ? __check_object_size+0x488/0x710
[  473.244049][T11033]  netlink_sendmsg+0x8b8/0xd70
[  473.244077][T11033]  ? __pfx_netlink_sendmsg+0x10/0x10
[  473.244100][T11033]  ? trace_contention_end+0xee/0x140
[  473.244131][T11033]  sock_sendmsg+0x3d3/0x490
[  473.244151][T11033]  ? __pfx_sock_sendmsg+0x10/0x10
[  473.244188][T11033]  splice_to_socket+0xaac/0x1040
[  473.244225][T11033]  ? __pfx_splice_to_socket+0x10/0x10
[  473.244280][T11033]  ? apparmor_file_permission+0x251/0x400
[  473.244303][T11033]  ? bpf_lsm_file_permission+0x9/0x10
[  473.244329][T11033]  ? security_file_permission+0x71/0x210
[  473.244354][T11033]  ? rw_verify_area+0xcf/0x680
[  473.244375][T11033]  ? __pfx_splice_to_socket+0x10/0x10
[  473.244401][T11033]  do_splice+0x146a/0x1f70
[  473.244434][T11033]  ? __pfx_do_splice+0x10/0x10
[  473.244454][T11033]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  473.244474][T11033]  ? __pfx_lock_release+0x10/0x10
[  473.244494][T11033]  ? trace_lock_acquire+0x14e/0x1f0
[  473.244517][T11033]  __do_splice+0x327/0x360
[  473.244542][T11033]  ? __pfx___do_splice+0x10/0x10
[  473.244564][T11033]  ? __fget_files+0x206/0x3a0
[  473.244594][T11033]  __ia32_sys_splice+0x189/0x250
[  473.244620][T11033]  __do_fast_syscall_32+0x73/0x120
[  473.244646][T11033]  do_fast_syscall_32+0x32/0x80
[  473.244668][T11033]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  473.244695][T11033] RIP: 0023:0xf7f03579
[  473.244710][T11033] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  473.244727][T11033] RSP: 002b:00000000f500555c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
[  473.244743][T11033] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  473.244755][T11033] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000007fff
[  473.244764][T11033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  473.244774][T11033] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  473.244783][T11033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  473.244812][T11033]  </TASK>
[  473.940430][ T6009] usb 12-1: new high-speed USB device number 28 using dummy_hcd
[  474.101947][ T6009] usb 12-1: Using ep0 maxpacket: 16
[  474.149341][ T6009] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  474.153651][ T6009] usb 12-1: config 0 has no interfaces?
[  474.158847][ T6009] usb 12-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  474.181565][ T6009] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.200911][ T6009] usb 12-1: Product: syz
[  474.203439][ T6009] usb 12-1: Manufacturer: syz
[  474.205471][ T6009] usb 12-1: SerialNumber: syz
[  474.213995][ T6009] usb 12-1: config 0 descriptor??
[  474.374685][T11050] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  474.487613][ T1221] tipc: Subscription rejected, illegal request
[  474.492191][ T6009] usb 12-1: USB disconnect, device number 28
[  474.965467][T10926] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  475.072549][T10926] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  475.250576][T11069] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  475.329713][T10926] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  475.366237][T10926] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  475.506887][T11069] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  475.589815][T10926] 8021q: adding VLAN 0 to HW filter on device bond0
[  475.637833][T10926] 8021q: adding VLAN 0 to HW filter on device team0
[  475.641735][T11083] siw: device registration error -23
[  475.800891][T11069] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  475.917448][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.934555][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  475.968924][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.972138][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  476.116253][T11069] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  476.438739][T10926] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  476.442906][T10926] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  476.549678][T11069] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  476.588721][T11069] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  476.658057][T11069] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  476.694188][T11069] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  476.870529][T10926] 8021q: adding VLAN 0 to HW filter on device batadv0
[  476.962449][T10926] veth0_vlan: entered promiscuous mode
[  476.969082][T10926] veth1_vlan: entered promiscuous mode
[  477.081942][T10926] veth0_macvtap: entered promiscuous mode
[  477.082474][T11113] netlink: 1276 bytes leftover after parsing attributes in process `syz.7.999'.
[  477.089536][T10926] veth1_macvtap: entered promiscuous mode
[  477.157518][T11113] netlink: 8 bytes leftover after parsing attributes in process `syz.7.999'.
[  477.222404][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  477.242935][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  477.254167][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  477.260403][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  477.271735][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  477.278089][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  477.289596][T10926] batman_adv: batadv0: Interface activated: batadv_slave_0
[  477.295964][T11117] netlink: 1268 bytes leftover after parsing attributes in process `syz.8.1000'.
[  477.305302][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  477.307582][T11127] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1003'.
[  477.307890][T11117] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1000'.
[  477.311030][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  477.323389][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  477.327217][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  477.331237][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  477.337316][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  477.345458][T10926] batman_adv: batadv0: Interface activated: batadv_slave_1
[  477.351503][T10926] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  477.368621][T10926] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  477.392643][T10926] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  477.397307][T10926] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  477.404444][T11127] FAULT_INJECTION: forcing a failure.
[  477.404444][T11127] name failslab, interval 1, probability 0, space 0, times 0
[  477.410149][T11127] CPU: 1 UID: 0 PID: 11127 Comm: syz.5.1003 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  477.410173][T11127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  477.410184][T11127] Call Trace:
[  477.410191][T11127]  <TASK>
[  477.410200][T11127]  dump_stack_lvl+0x16c/0x1f0
[  477.410226][T11127]  should_fail_ex+0x50a/0x650
[  477.410252][T11127]  ? fs_reclaim_acquire+0xae/0x150
[  477.410276][T11127]  ? netdevice_event+0x367/0x9d0
[  477.410296][T11127]  should_failslab+0xc2/0x120
[  477.410312][T11127]  __kmalloc_cache_noprof+0x68/0x410
[  477.410332][T11127]  ? find_held_lock+0x2d/0x110
[  477.410353][T11127]  netdevice_event+0x367/0x9d0
[  477.410375][T11127]  ? __pfx_netdevice_event+0x10/0x10
[  477.410393][T11127]  ? __pfx_del_netdev_ips+0x10/0x10
[  477.410411][T11127]  ? __pfx_pass_all_filter+0x10/0x10
[  477.410436][T11127]  ? cfg802154_netdev_notifier_call+0x391/0xa00
[  477.410460][T11127]  notifier_call_chain+0xb7/0x410
[  477.410487][T11127]  ? __pfx_netdevice_event+0x10/0x10
[  477.410510][T11127]  call_netdevice_notifiers_info+0xbe/0x140
[  477.410531][T11127]  unregister_netdevice_many_notify+0xc8a/0x1f30
[  477.410557][T11127]  ? __pfx___netdev_upper_dev_unlink+0x10/0x10
[  477.410579][T11127]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  477.410602][T11127]  ? __pfx_autoremove_wake_function+0x10/0x10
[  477.410626][T11127]  ? unregister_netdevice_queue+0x22f/0x3f0
[  477.410650][T11127]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  477.410672][T11127]  ? __pfx_netdev_upper_dev_unlink+0x10/0x10
[  477.410698][T11127]  rtnl_dellink+0x3d7/0xaa0
[  477.410716][T11127]  ? __pfx_virt_wifi_dellink+0x10/0x10
[  477.410738][T11127]  ? kasan_save_stack+0x33/0x60
[  477.410758][T11127]  ? kasan_save_track+0x14/0x30
[  477.410778][T11127]  ? kasan_save_free_info+0x3b/0x60
[  477.410794][T11127]  ? __kasan_slab_free+0x51/0x70
[  477.410816][T11127]  ? __pfx_rtnl_dellink+0x10/0x10
[  477.410834][T11127]  ? nlmon_xmit+0xa5/0xe0
[  477.410893][T11127]  ? aa_get_newest_label+0x376/0x680
[  477.410915][T11127]  ? find_held_lock+0x2d/0x110
[  477.410935][T11127]  ? rtnetlink_rcv_msg+0x93a/0xea0
[  477.410956][T11127]  ? __pfx_lock_release+0x10/0x10
[  477.410975][T11127]  ? trace_lock_acquire+0x14e/0x1f0
[  477.410998][T11127]  ? __pfx_rtnl_dellink+0x10/0x10
[  477.411019][T11127]  rtnetlink_rcv_msg+0x95b/0xea0
[  477.411043][T11127]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  477.411075][T11127]  netlink_rcv_skb+0x16b/0x440
[  477.411097][T11127]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  477.411119][T11127]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  477.411153][T11127]  ? netlink_deliver_tap+0x1ae/0xd30
[  477.411196][T11127]  netlink_unicast+0x53c/0x7f0
[  477.411222][T11127]  ? __pfx_netlink_unicast+0x10/0x10
[  477.411241][T11127]  ? __phys_addr_symbol+0x30/0x80
[  477.411256][T11127]  ? __check_object_size+0x488/0x710
[  477.411273][T11127]  netlink_sendmsg+0x8b8/0xd70
[  477.411299][T11127]  ? __pfx_netlink_sendmsg+0x10/0x10
[  477.411327][T11127]  ____sys_sendmsg+0xaaf/0xc90
[  477.411343][T11127]  ? __pfx_____sys_sendmsg+0x10/0x10
[  477.411356][T11127]  ? get_compat_msghdr+0x11b/0x170
[  477.411379][T11127]  ___sys_sendmsg+0x135/0x1e0
[  477.411399][T11127]  ? __pfx____sys_sendmsg+0x10/0x10
[  477.411425][T11127]  ? __pfx_lock_release+0x10/0x10
[  477.411442][T11127]  ? trace_lock_acquire+0x14e/0x1f0
[  477.411464][T11127]  ? __fget_files+0x206/0x3a0
[  477.411496][T11127]  __sys_sendmsg+0x16e/0x220
[  477.411515][T11127]  ? __pfx___sys_sendmsg+0x10/0x10
[  477.411548][T11127]  __do_fast_syscall_32+0x73/0x120
[  477.411570][T11127]  do_fast_syscall_32+0x32/0x80
[  477.411590][T11127]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  477.411614][T11127] RIP: 0023:0xf73ae579
[  477.411629][T11127] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  477.411644][T11127] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  477.411660][T11127] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  477.411670][T11127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  477.411679][T11127] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  477.411738][T11127] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  477.411747][T11127] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  477.411769][T11127]  </TASK>
[  477.964152][T11133] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1004'.
[  478.072665][   T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  478.098298][   T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  478.212151][  T445] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  478.217839][  T445] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  478.531039][T11139] netlink: 1272 bytes leftover after parsing attributes in process `syz.5.1006'.
[  478.668850][T11145] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1008'.
[  478.788957][T11143] netlink: 1268 bytes leftover after parsing attributes in process `syz.8.1007'.
[  478.864088][T11146] ubi: mtd0 is already attached to ubi31
[  479.894268][T11161] syzkaller0: entered promiscuous mode
[  479.915455][T11161] syzkaller0: entered allmulticast mode
[  479.924410][ T1221] syzkaller0: tun_net_xmit 48
[  480.042438][ T1139] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.493164][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  481.552185][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  481.581579][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  481.587871][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  481.611489][ T5950] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  481.616244][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  483.725424][   T66] Bluetooth: hci2: command tx timeout
[  485.813034][   T66] Bluetooth: hci2: command tx timeout
[  487.909708][   T66] Bluetooth: hci2: command tx timeout
[  489.054137][ T1139] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.391144][ T1139] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.764087][ T1139] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.812076][T11166] chnl_net:caif_netlink_parms(): no params data found
[  489.979402][   T66] Bluetooth: hci2: command tx timeout
[  490.435645][T11166] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.450881][T11166] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.460392][T11166] bridge_slave_0: entered allmulticast mode
[  490.468140][T11166] bridge_slave_0: entered promiscuous mode
[  490.507279][T11166] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.510348][T11166] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.513452][T11166] bridge_slave_1: entered allmulticast mode
[  490.525777][T11166] bridge_slave_1: entered promiscuous mode
[  490.791859][T11166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  490.833253][ T1139] bridge_slave_1: left allmulticast mode
[  490.851540][ T1139] bridge_slave_1: left promiscuous mode
[  490.856867][ T1139] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.912026][ T1139] bridge_slave_0: left allmulticast mode
[  490.914463][ T1139] bridge_slave_0: left promiscuous mode
[  490.927250][ T1139] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.384374][T11220] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1023'.
[  491.461947][T11221] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1023'.
[  491.543022][T11223] random: crng reseeded on system resumption
[  491.842170][    T8] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[  492.030408][    T8] usb 10-1: Using ep0 maxpacket: 16
[  492.050166][    T8] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  492.057276][    T8] usb 10-1: config 0 has no interfaces?
[  492.101813][    T8] usb 10-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  492.106197][    T8] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.117197][    T8] usb 10-1: Product: syz
[  492.119953][    T8] usb 10-1: Manufacturer: syz
[  492.124088][    T8] usb 10-1: SerialNumber: syz
[  492.128978][    T8] usb 10-1: config 0 descriptor??
[  492.306937][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  492.328096][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  492.339350][ T1139] bond0 (unregistering): Released all slaves
[  492.351161][T11166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  492.709420][  T834] usb 10-1: USB disconnect, device number 26
[  493.049380][T11166] team0: Port device team_slave_0 added
[  493.170244][T11166] team0: Port device team_slave_1 added
[  493.187970][T11237] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1025'.
[  493.335281][T11236] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1026'.
[  493.460381][T11166] batman_adv: batadv0: Adding interface: batadv_slave_0
[  493.472094][T11166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  493.492799][T11166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  493.707791][T11166] batman_adv: batadv0: Adding interface: batadv_slave_1
[  493.710521][T11166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  493.745256][T11166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  493.863188][ T1139] hsr_slave_0: left promiscuous mode
[  493.883659][ T1139] hsr_slave_1: left promiscuous mode
[  493.891137][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  493.903169][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0
[  493.922788][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  493.927907][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1
[  493.986365][ T1139] veth1_macvtap: left promiscuous mode
[  493.993156][ T1139] veth0_macvtap: left promiscuous mode
[  494.014712][ T1139] veth1_vlan: left promiscuous mode
[  494.017384][ T1139] veth0_vlan: left promiscuous mode
[  494.172143][T11260] siw: device registration error -23
[  498.965161][ T1139] team0 (unregistering): Port device team_slave_1 removed
[  499.423731][ T1139] team0 (unregistering): Port device team_slave_0 removed
[  500.850279][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  500.853325][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  503.727198][T11166] hsr_slave_0: entered promiscuous mode
[  503.729962][T11166] hsr_slave_1: entered promiscuous mode
[  503.732681][T11166] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  503.737852][T11166] Cannot create hsr debugfs directory
[  503.778351][T11295] fuse: Bad value for 'group_id'
[  503.781321][T11295] fuse: Bad value for 'group_id'
[  503.916430][T11291] fuse: Unknown parameter 'rootmo00000000000000ser_id'
[  504.556176][T11313] overlayfs: failed to resolve './file0': -2
[  504.850422][T11301] fuse: Bad value for 'fd'
[  505.058223][T11318] random: crng reseeded on system resumption
[  506.750104][T11166] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  506.814740][T11166] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  506.914038][T11166] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  506.994801][T11166] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  507.121905][T11166] 8021q: adding VLAN 0 to HW filter on device bond0
[  507.142135][T11166] 8021q: adding VLAN 0 to HW filter on device team0
[  507.171381][T11166] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  507.177752][T11166] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  507.226358][ T1221] bridge0: port 1(bridge_slave_0) entered blocking state
[  507.239972][ T1221] bridge0: port 1(bridge_slave_0) entered forwarding state
[  507.275926][ T1221] bridge0: port 2(bridge_slave_1) entered blocking state
[  507.287457][ T1221] bridge0: port 2(bridge_slave_1) entered forwarding state
[  507.538654][T11166] 8021q: adding VLAN 0 to HW filter on device batadv0
[  507.618176][T11166] veth0_vlan: entered promiscuous mode
[  507.639686][T11166] veth1_vlan: entered promiscuous mode
[  507.676592][T11166] veth0_macvtap: entered promiscuous mode
[  507.705081][T11166] veth1_macvtap: entered promiscuous mode
[  507.789747][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  507.795268][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  507.857141][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  507.861408][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  507.913157][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  507.917693][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  507.974424][T11166] batman_adv: batadv0: Interface activated: batadv_slave_0
[  507.998894][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  508.048672][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.063914][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  508.070550][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.081069][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  508.086819][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  508.095045][T11166] batman_adv: batadv0: Interface activated: batadv_slave_1
[  508.101876][T11166] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  508.142946][T11166] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  508.163792][T11166] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  508.177705][T11166] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  508.499167][  T445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  508.502658][  T445] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  508.550775][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  508.556308][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  508.812266][T11374] netlink: 'syz.7.1050': attribute type 10 has an invalid length.
[  508.902033][T11376] FAULT_INJECTION: forcing a failure.
[  508.902033][T11376] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  508.915625][T11376] CPU: 0 UID: 0 PID: 11376 Comm: syz.8.1049 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  508.915647][T11376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  508.915658][T11376] Call Trace:
[  508.915663][T11376]  <TASK>
[  508.915669][T11376]  dump_stack_lvl+0x16c/0x1f0
[  508.915697][T11376]  should_fail_ex+0x50a/0x650
[  508.915724][T11376]  _copy_to_user+0x32/0xd0
[  508.915742][T11376]  simple_read_from_buffer+0xd0/0x160
[  508.915764][T11376]  proc_fail_nth_read+0x198/0x270
[  508.915784][T11376]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  508.915804][T11376]  ? rw_verify_area+0xcf/0x680
[  508.915822][T11376]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  508.915841][T11376]  vfs_read+0x1df/0xbf0
[  508.915862][T11376]  ? __fget_files+0x1fc/0x3a0
[  508.915884][T11376]  ? __pfx___mutex_lock+0x10/0x10
[  508.915905][T11376]  ? __pfx_vfs_read+0x10/0x10
[  508.915959][T11376]  ? __fget_files+0x206/0x3a0
[  508.915986][T11376]  ksys_read+0x12b/0x250
[  508.916009][T11376]  ? __pfx_ksys_read+0x10/0x10
[  508.916036][T11376]  __do_fast_syscall_32+0x73/0x120
[  508.916058][T11376]  do_fast_syscall_32+0x32/0x80
[  508.916078][T11376]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  508.916103][T11376] RIP: 0023:0xf7f03579
[  508.916115][T11376] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  508.916131][T11376] RSP: 002b:00000000f5026590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  508.916146][T11376] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5026620
[  508.916156][T11376] RDX: 000000000000000f RSI: 00000000f738cff4 RDI: 0000000000000000
[  508.916165][T11376] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  508.916174][T11376] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  508.916183][T11376] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  508.916202][T11376]  </TASK>
[  509.975236][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1054'.
[  510.388129][T11396] syz.5.1056: attempt to access beyond end of device
[  510.388129][T11396] nbd5: rw=2048, sector=0, nr_sectors = 8 limit=0
[  510.415495][T11396] SQUASHFS error: Failed to read block 0x0: -5
[  510.423469][T11396] unable to read squashfs_super_block
[  511.575738][ T1173] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  512.918587][ T1173] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.043474][ T1173] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.044378][    T8] usb 10-1: new high-speed USB device number 27 using dummy_hcd
[  513.101956][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  513.111833][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  513.116583][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  513.143688][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  513.149951][ T5950] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  513.157980][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  513.233831][    T8] usb 10-1: Using ep0 maxpacket: 16
[  513.281546][    T8] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  513.285582][    T8] usb 10-1: config 0 has no interfaces?
[  513.418759][ T1173] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.433468][    T8] usb 10-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  513.439086][    T8] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.443396][    T8] usb 10-1: Product: syz
[  513.445388][    T8] usb 10-1: Manufacturer: syz
[  513.447485][    T8] usb 10-1: SerialNumber: syz
[  513.469711][    T8] usb 10-1: config 0 descriptor??
[  513.546990][T11414] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1058'.
[  513.572151][T11414] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1058'.
[  513.589425][T11408] chnl_net:caif_netlink_parms(): no params data found
[  513.701479][   T12] tipc: Subscription rejected, illegal request
[  514.045281][T11408] bridge0: port 1(bridge_slave_0) entered blocking state
[  514.046363][    T8] usb 10-1: USB disconnect, device number 27
[  514.048528][T11408] bridge0: port 1(bridge_slave_0) entered disabled state
[  514.074851][T11408] bridge_slave_0: entered allmulticast mode
[  514.105005][T11408] bridge_slave_0: entered promiscuous mode
[  514.137183][T11408] bridge0: port 2(bridge_slave_1) entered blocking state
[  514.140525][T11408] bridge0: port 2(bridge_slave_1) entered disabled state
[  514.144343][T11408] bridge_slave_1: entered allmulticast mode
[  514.150189][T11408] bridge_slave_1: entered promiscuous mode
[  514.223247][ T1173] bridge_slave_1: left allmulticast mode
[  514.225197][ T1173] bridge_slave_1: left promiscuous mode
[  514.227334][ T1173] bridge0: port 2(bridge_slave_1) entered disabled state
[  514.234170][ T1173] bridge_slave_0: left allmulticast mode
[  514.237048][ T1173] bridge_slave_0: left promiscuous mode
[  514.239896][ T1173] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.083044][T11436] syz.7.1065: attempt to access beyond end of device
[  515.083044][T11436] nbd7: rw=2048, sector=0, nr_sectors = 8 limit=0
[  515.105540][T11436] SQUASHFS error: Failed to read block 0x0: -5
[  515.159933][T11436] unable to read squashfs_super_block
[  515.268228][ T5950] Bluetooth: hci2: command tx timeout
[  515.899847][ T1173] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  515.965527][T11443] overlayfs: failed to resolve './file0': -2
[  516.005992][ T1173] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  516.033423][ T1173] bond0 (unregistering): Released all slaves
[  516.125695][T11408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  516.152436][T11408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  516.612732][T11408] team0: Port device team_slave_0 added
[  516.678218][T10319] usb 13-1: new high-speed USB device number 6 using dummy_hcd
[  516.697657][T11408] team0: Port device team_slave_1 added
[  516.891112][T10319] usb 13-1: Using ep0 maxpacket: 16
[  516.920324][T10319] usb 13-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  516.936387][T10319] usb 13-1: config 0 has no interfaces?
[  516.945954][T10319] usb 13-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  516.950709][T10319] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.953586][T10319] usb 13-1: Product: syz
[  516.955086][T10319] usb 13-1: Manufacturer: syz
[  516.964124][T10319] usb 13-1: SerialNumber: syz
[  516.974456][T10319] usb 13-1: config 0 descriptor??
[  517.016783][T11408] batman_adv: batadv0: Adding interface: batadv_slave_0
[  517.021140][T11408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  517.052205][T11408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  517.070026][T11408] batman_adv: batadv0: Adding interface: batadv_slave_1
[  517.074193][T11408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  517.090612][T11408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  517.323048][ T5950] Bluetooth: hci2: command tx timeout
[  517.425071][T10319] usb 13-1: USB disconnect, device number 6
[  517.556703][T11467] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1070'.
[  517.643842][T11468] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1070'.
[  517.770980][ T1173] hsr_slave_0: left promiscuous mode
[  517.843877][ T1173] hsr_slave_1: left promiscuous mode
[  517.851660][ T1173] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  517.903009][ T1173] batman_adv: batadv0: Removing interface: batadv_slave_0
[  517.922178][ T1173] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  517.931997][ T1173] batman_adv: batadv0: Removing interface: batadv_slave_1
[  518.006399][ T1173] veth1_macvtap: left promiscuous mode
[  518.009530][ T1173] veth0_macvtap: left promiscuous mode
[  518.033676][ T1173] veth1_vlan: left promiscuous mode
[  518.047670][ T1173] veth0_vlan: left promiscuous mode
[  518.066964][T11462] afs: Unknown parameter 'EË ”?\Õp“é}ÚBß–™òƒ^‹Ó;ôD®ËÝéŒåog˜'
[  519.403027][   T66] Bluetooth: hci2: command tx timeout
[  520.523142][ T5950] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  520.527639][   T66] Bluetooth: hci4: command 0xfc11 tx timeout
[  521.491164][ T5950] Bluetooth: hci2: command tx timeout
[  522.424349][ T1173] team0 (unregistering): Port device team_slave_1 removed
[  522.758423][ T1173] team0 (unregistering): Port device team_slave_0 removed
[  526.258137][T11408] hsr_slave_0: entered promiscuous mode
[  526.270607][T11408] hsr_slave_1: entered promiscuous mode
[  526.294028][T11408] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  526.314237][T11408] Cannot create hsr debugfs directory
[  526.736034][T11489] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1073'.
[  526.774303][T11489] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1073'.
[  526.781041][T11486] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1074'.
[  526.791134][T11489] random: crng reseeded on system resumption
[  527.461667][T11502] FAULT_INJECTION: forcing a failure.
[  527.461667][T11502] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  527.511164][T11502] CPU: 2 UID: 0 PID: 11502 Comm: syz.5.1079 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  527.511191][T11502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  527.511202][T11502] Call Trace:
[  527.511212][T11502]  <TASK>
[  527.511248][T11502]  dump_stack_lvl+0x16c/0x1f0
[  527.511279][T11502]  should_fail_ex+0x50a/0x650
[  527.511303][T11502]  ? __pfx___might_resched+0x10/0x10
[  527.511332][T11502]  should_fail_alloc_page+0xe7/0x130
[  527.511351][T11502]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  527.511373][T11502]  ? kernel_text_address+0x8d/0x100
[  527.511399][T11502]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  527.511425][T11502]  ? hlock_class+0x4e/0x130
[  527.511443][T11502]  ? mark_lock+0xb5/0xc60
[  527.511464][T11502]  ? hlock_class+0x4e/0x130
[  527.511479][T11502]  ? mark_lock+0xb5/0xc60
[  527.511499][T11502]  ? __pfx_mark_lock+0x10/0x10
[  527.511522][T11502]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  527.511548][T11502]  ? rcu_is_watching+0x12/0xc0
[  527.511627][T11502]  ? hlock_class+0x4e/0x130
[  527.511645][T11502]  ? hlock_class+0x4e/0x130
[  527.511660][T11502]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  527.511685][T11502]  ? policy_nodemask+0xea/0x4e0
[  527.511702][T11502]  alloc_pages_mpol+0x1fc/0x540
[  527.511717][T11502]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  527.511730][T11502]  ? __pfx___lock_acquire+0x10/0x10
[  527.511756][T11502]  alloc_pages_noprof+0x131/0x390
[  527.511772][T11502]  pte_alloc_one+0x20/0x390
[  527.511797][T11502]  __pte_alloc+0x6e/0x3d0
[  527.511815][T11502]  ? __pfx___pte_alloc+0x10/0x10
[  527.511833][T11502]  ? __pfx_lock_release+0x10/0x10
[  527.511872][T11502]  ? do_raw_spin_lock+0x12d/0x2c0
[  527.511890][T11502]  do_pte_missing+0x2828/0x3e10
[  527.511913][T11502]  ? _raw_spin_unlock+0x28/0x50
[  527.511930][T11502]  ? __pmd_alloc+0x3c2/0x870
[  527.511952][T11502]  __handle_mm_fault+0x1166/0x2c60
[  527.511981][T11502]  ? __pfx___handle_mm_fault+0x10/0x10
[  527.512002][T11502]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  527.512036][T11502]  ? find_vma+0xc0/0x140
[  527.512063][T11502]  ? __pfx_find_vma+0x10/0x10
[  527.512084][T11502]  handle_mm_fault+0x3fa/0xaa0
[  527.512110][T11502]  do_user_addr_fault+0x7a3/0x13f0
[  527.512138][T11502]  exc_page_fault+0x5c/0xc0
[  527.512158][T11502]  asm_exc_page_fault+0x26/0x30
[  527.512178][T11502] RIP: 0010:_copy_to_user+0xb6/0xd0
[  527.512197][T11502] Code: 89 ee 48 89 ef e8 4a 4c f7 fc 4d 85 ff 75 a8 e8 d0 51 f7 fc 89 de 4c 89 e7 e8 c6 97 59 fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 <f3> a4 0f 1f 00 0f 01 ca 48 89 cb eb 80 66 2e 0f 1f 84 00 00 00 00
[  527.512212][T11502] RSP: 0018:ffffc900060dfe08 EFLAGS: 00050246
[  527.512226][T11502] RAX: 0000000000000001 RBX: 0000000000000038 RCX: 0000000000000038
[  527.512235][T11502] RDX: fffff52000c1bfd3 RSI: ffffc900060dfe60 RDI: 0000000080000180
[  527.512245][T11502] RBP: 0000000080000180 R08: 0000000000000000 R09: fffff52000c1bfd2
[  527.512255][T11502] R10: ffffc900060dfe97 R11: 0000000000000000 R12: ffffc900060dfe60
[  527.512265][T11502] R13: 00000000800001b8 R14: 00007ffffffff000 R15: 0000000000000000
[  527.512286][T11502]  ? _copy_to_user+0xaa/0xd0
[  527.512304][T11502]  __do_sys_sched_getattr+0x246/0x3a0
[  527.512323][T11502]  ? __pfx___do_sys_sched_getattr+0x10/0x10
[  527.512353][T11502]  __do_fast_syscall_32+0x73/0x120
[  527.512374][T11502]  do_fast_syscall_32+0x32/0x80
[  527.512394][T11502]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  527.512512][T11502] RIP: 0023:0xf73ae579
[  527.512526][T11502] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  527.512541][T11502] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000160
[  527.512555][T11502] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000180
[  527.512564][T11502] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[  527.512573][T11502] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  527.512582][T11502] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  527.512592][T11502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  527.512612][T11502]  </TASK>
[  528.107408][ T6605] usb 10-1: new high-speed USB device number 28 using dummy_hcd
[  528.293520][ T6605] usb 10-1: Using ep0 maxpacket: 16
[  528.297628][ T6605] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  528.303476][ T6605] usb 10-1: config 0 has no interfaces?
[  528.309191][ T6605] usb 10-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  528.314844][ T6605] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.318889][ T6605] usb 10-1: Product: syz
[  528.321457][ T6605] usb 10-1: Manufacturer: syz
[  528.325492][ T6605] usb 10-1: SerialNumber: syz
[  528.331302][ T6605] usb 10-1: config 0 descriptor??
[  528.559949][ T1135] tipc: Subscription rejected, illegal request
[  528.575780][ T6605] usb 10-1: USB disconnect, device number 28
[  528.642615][T11524] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  528.652365][T11524] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  528.762206][T11408] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  528.779414][T11408] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  528.799524][T11408] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  528.890348][T11408] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  529.097529][T11408] 8021q: adding VLAN 0 to HW filter on device bond0
[  529.142958][T11408] 8021q: adding VLAN 0 to HW filter on device team0
[  529.180030][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  529.182608][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  529.186868][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  529.199886][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  529.514819][T11543] netlink: 1268 bytes leftover after parsing attributes in process `syz.5.1084'.
[  529.545917][T11543] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1084'.
[  529.753715][T11408] 8021q: adding VLAN 0 to HW filter on device batadv0
[  529.921435][T11408] veth0_vlan: entered promiscuous mode
[  529.931424][T11408] veth1_vlan: entered promiscuous mode
[  529.989102][T11408] veth0_macvtap: entered promiscuous mode
[  529.995692][T11408] veth1_macvtap: entered promiscuous mode
[  530.014845][T11408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  530.028429][T11408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.036278][T11408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  530.042502][T11408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.047901][T11408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  530.053384][T11408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.060527][T11408] batman_adv: batadv0: Interface activated: batadv_slave_0
[  530.073746][T11408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  530.079331][T11408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.087669][T11408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  530.094825][T11408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.101136][T11408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  530.106166][T11408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  530.113233][T11408] batman_adv: batadv0: Interface activated: batadv_slave_1
[  530.125180][T11408] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  530.130447][T11408] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  530.146278][T11408] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  530.173058][T11408] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  530.448808][  T229] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.452196][  T229] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.567862][  T445] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.571991][  T445] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.814752][T11567] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1087'.
[  531.813334][ T6009] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  531.993094][ T6009] usb 10-1: Using ep0 maxpacket: 16
[  531.999754][ T6009] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  532.027449][ T6009] usb 10-1: config 0 has no interfaces?
[  532.066256][ T6009] usb 10-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  532.078110][ T6009] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.081325][ T6009] usb 10-1: Product: syz
[  532.096311][ T6009] usb 10-1: Manufacturer: syz
[  532.098404][ T6009] usb 10-1: SerialNumber: syz
[  532.137869][ T6009] usb 10-1: config 0 descriptor??
[  532.401727][  T445] tipc: Subscription rejected, illegal request
[  532.408162][  T834] usb 10-1: USB disconnect, device number 29
[  532.598585][T11591] overlayfs: missing 'lowerdir'
[  532.686328][T11594] netlink: 'syz.7.1092': attribute type 1 has an invalid length.
[  533.015778][T11601] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1094'.
[  533.112904][T11602] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1094'.
[  533.190597][T11603] random: crng reseeded on system resumption
[  533.348801][ T1221] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.709182][ T1221] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.014670][   T66] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  535.022820][   T66] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  535.041837][   T66] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  535.053837][   T66] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  535.057998][   T66] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  535.066102][   T66] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  535.318971][ T1221] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.338150][T11616] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1095'.
[  535.419260][T11617] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1095'.
[  535.449399][T11616] random: crng reseeded on system resumption
[  535.807444][ T1221] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  535.938730][T11612] chnl_net:caif_netlink_parms(): no params data found
[  536.044426][T11631] netfs: Couldn't get user pages (rc=-14)
[  536.318859][T11635] can: request_module (can-proto-0) failed.
[  536.385201][T11612] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.419421][T11612] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.427282][T11612] bridge_slave_0: entered allmulticast mode
[  536.444495][T11612] bridge_slave_0: entered promiscuous mode
[  536.573188][T11612] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.578352][T11612] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.585338][T11612] bridge_slave_1: entered allmulticast mode
[  536.589427][T11612] bridge_slave_1: entered promiscuous mode
[  536.835726][ T1221] bridge_slave_1: left allmulticast mode
[  536.838364][ T1221] bridge_slave_1: left promiscuous mode
[  536.840692][ T1221] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.894788][ T1221] bridge_slave_0: left allmulticast mode
[  536.910466][ T1221] bridge_slave_0: left promiscuous mode
[  536.914769][ T1221] bridge0: port 1(bridge_slave_0) entered disabled state
[  537.163214][   T66] Bluetooth: hci2: command tx timeout
[  538.635625][ T1221] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  538.707666][ T1221] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  538.734631][ T1221] bond0 (unregistering): Released all slaves
[  539.000622][T11612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  539.145792][T11612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  539.249875][   T66] Bluetooth: hci2: command tx timeout
[  539.255901][T11657] input: syz1 as /devices/virtual/input/input15
[  539.524568][T11612] team0: Port device team_slave_0 added
[  539.560106][T11612] team0: Port device team_slave_1 added
[  539.955839][T11612] batman_adv: batadv0: Adding interface: batadv_slave_0
[  539.958972][T11612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  539.984267][T11612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  540.146134][ T1221] hsr_slave_0: left promiscuous mode
[  540.181297][ T1221] hsr_slave_1: left promiscuous mode
[  540.184632][ T1221] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  540.196035][ T1221] batman_adv: batadv0: Removing interface: batadv_slave_0
[  540.209885][ T1221] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  540.212789][ T1221] batman_adv: batadv0: Removing interface: batadv_slave_1
[  540.357212][T11675] FAULT_INJECTION: forcing a failure.
[  540.357212][T11675] name failslab, interval 1, probability 0, space 0, times 0
[  540.361440][T11675] CPU: 3 UID: 0 PID: 11675 Comm: syz.5.1107 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  540.361457][T11675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  540.361466][T11675] Call Trace:
[  540.361470][T11675]  <TASK>
[  540.361476][T11675]  dump_stack_lvl+0x16c/0x1f0
[  540.361500][T11675]  should_fail_ex+0x50a/0x650
[  540.361520][T11675]  ? fs_reclaim_acquire+0xae/0x150
[  540.361539][T11675]  ? nf_tables_addchain.constprop.0+0x2e2/0x1ab0
[  540.361555][T11675]  should_failslab+0xc2/0x120
[  540.361568][T11675]  __kmalloc_cache_noprof+0x68/0x410
[  540.361585][T11675]  ? find_held_lock+0x2d/0x110
[  540.361602][T11675]  nf_tables_addchain.constprop.0+0x2e2/0x1ab0
[  540.361622][T11675]  ? lock_acquire+0x2f/0xb0
[  540.361638][T11675]  ? nft_chain_lookup+0x101/0x3e0
[  540.361658][T11675]  ? __pfx_nf_tables_addchain.constprop.0+0x10/0x10
[  540.361674][T11675]  ? __pfx_nft_chain_lookup+0x10/0x10
[  540.361706][T11675]  ? nla_strcmp+0xff/0x130
[  540.361721][T11675]  ? nft_table_lookup.part.0+0x1e3/0x230
[  540.361740][T11675]  nf_tables_newchain+0x1cc4/0x27f0
[  540.361760][T11675]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  540.361781][T11675]  ? __nla_validate_parse+0x5d1/0x2880
[  540.361798][T11675]  ? __pfx_nf_tables_newchain+0x10/0x10
[  540.361814][T11675]  ? __pfx___nla_validate_parse+0x10/0x10
[  540.361829][T11675]  ? net_generic+0xea/0x2a0
[  540.361848][T11675]  ? __pfx_lock_release+0x10/0x10
[  540.361869][T11675]  ? __nla_parse+0x40/0x60
[  540.361890][T11675]  nfnetlink_rcv_batch+0x1a2a/0x24e0
[  540.361919][T11675]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  540.361942][T11675]  ? __local_bh_enable_ip+0xa4/0x120
[  540.361962][T11675]  ? lockdep_hardirqs_on+0x7c/0x110
[  540.361989][T11675]  ? __pfx___dev_queue_xmit+0x10/0x10
[  540.362022][T11675]  ? __nla_parse+0x40/0x60
[  540.362039][T11675]  nfnetlink_rcv+0x3c3/0x430
[  540.362056][T11675]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  540.362080][T11675]  netlink_unicast+0x53c/0x7f0
[  540.362100][T11675]  ? __pfx_netlink_unicast+0x10/0x10
[  540.362117][T11675]  ? __phys_addr+0xc6/0x150
[  540.362130][T11675]  ? __phys_addr_symbol+0x30/0x80
[  540.362142][T11675]  ? __check_object_size+0x488/0x710
[  540.362157][T11675]  netlink_sendmsg+0x8b8/0xd70
[  540.362177][T11675]  ? __pfx_netlink_sendmsg+0x10/0x10
[  540.362196][T11675]  ? trace_contention_end+0xee/0x140
[  540.362218][T11675]  sock_sendmsg+0x3d3/0x490
[  540.362233][T11675]  ? __pfx_sock_sendmsg+0x10/0x10
[  540.362260][T11675]  splice_to_socket+0xaac/0x1040
[  540.362289][T11675]  ? __pfx_splice_to_socket+0x10/0x10
[  540.362328][T11675]  ? apparmor_file_permission+0x251/0x400
[  540.362345][T11675]  ? bpf_lsm_file_permission+0x9/0x10
[  540.362364][T11675]  ? security_file_permission+0x71/0x210
[  540.362382][T11675]  ? rw_verify_area+0xcf/0x680
[  540.362397][T11675]  ? __pfx_splice_to_socket+0x10/0x10
[  540.362415][T11675]  do_splice+0x146a/0x1f70
[  540.362440][T11675]  ? __pfx_do_splice+0x10/0x10
[  540.362455][T11675]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  540.362470][T11675]  ? __pfx_lock_release+0x10/0x10
[  540.362486][T11675]  ? trace_lock_acquire+0x14e/0x1f0
[  540.362503][T11675]  __do_splice+0x327/0x360
[  540.362521][T11675]  ? __pfx___do_splice+0x10/0x10
[  540.362537][T11675]  ? __fget_files+0x206/0x3a0
[  540.362560][T11675]  __ia32_sys_splice+0x189/0x250
[  540.362579][T11675]  __do_fast_syscall_32+0x73/0x120
[  540.362597][T11675]  do_fast_syscall_32+0x32/0x80
[  540.362614][T11675]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  540.362634][T11675] RIP: 0023:0xf73ae579
[  540.362645][T11675] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  540.362657][T11675] RSP: 002b:00000000f501555c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
[  540.362670][T11675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  540.362679][T11675] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000007fff
[  540.362686][T11675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  540.362694][T11675] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  540.362701][T11675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  540.362717][T11675]  </TASK>
[  540.604006][ T1221] veth1_macvtap: left promiscuous mode
[  540.713340][ T1221] veth0_macvtap: left promiscuous mode
[  540.715608][ T1221] veth1_vlan: left promiscuous mode
[  540.733508][ T1221] veth0_vlan: left promiscuous mode
[  541.342784][   T66] Bluetooth: hci2: command tx timeout
[  541.634605][T11688] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1109'.
[  541.823510][T11690] random: crng reseeded on system resumption
[  542.764441][T11697] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1112'.
[  542.836897][T11698] netlink: 64 bytes leftover after parsing attributes in process `syz.8.1112'.
[  543.428020][   T66] Bluetooth: hci2: command tx timeout
[  545.868988][ T1221] team0 (unregistering): Port device team_slave_1 removed
[  546.294358][ T1221] team0 (unregistering): Port device team_slave_0 removed
[  549.561164][T11612] batman_adv: batadv0: Adding interface: batadv_slave_1
[  549.564281][T11612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  549.574645][T11612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  549.993710][ T5990] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  550.227280][T11612] hsr_slave_0: entered promiscuous mode
[  550.230209][T11612] hsr_slave_1: entered promiscuous mode
[  550.252500][T11612] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  550.256843][T11612] Cannot create hsr debugfs directory
[  551.022434][T11739] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1118'.
[  551.079668][T11741] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1118'.
[  551.159840][T11743] random: crng reseeded on system resumption
[  552.308511][T11756] siw: device registration error -23
[  552.918083][T11612] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  552.924325][T11612] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  552.955499][T11612] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  553.014765][T11612] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  553.333802][T11612] 8021q: adding VLAN 0 to HW filter on device bond0
[  553.378512][T11612] 8021q: adding VLAN 0 to HW filter on device team0
[  553.444009][ T9351] usb 13-1: new high-speed USB device number 7 using dummy_hcd
[  553.454317][T11612] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  553.483143][T11612] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  553.529159][ T1173] bridge0: port 1(bridge_slave_0) entered blocking state
[  553.531777][ T1173] bridge0: port 1(bridge_slave_0) entered forwarding state
[  553.536464][ T1173] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.539333][ T1173] bridge0: port 2(bridge_slave_1) entered forwarding state
[  553.653294][ T9351] usb 13-1: Using ep0 maxpacket: 16
[  553.665147][ T9351] usb 13-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  553.675477][ T9351] usb 13-1: config 0 has no interfaces?
[  553.680936][ T9351] usb 13-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  553.705355][ T9351] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  553.708273][ T9351] usb 13-1: Product: syz
[  553.709777][ T9351] usb 13-1: Manufacturer: syz
[  553.711456][ T9351] usb 13-1: SerialNumber: syz
[  553.738543][ T9351] usb 13-1: config 0 descriptor??
[  554.002797][T11612] 8021q: adding VLAN 0 to HW filter on device batadv0
[  554.242057][T11612] veth0_vlan: entered promiscuous mode
[  554.284880][T11612] veth1_vlan: entered promiscuous mode
[  554.286673][T11779] netlink: 1276 bytes leftover after parsing attributes in process `syz.7.1124'.
[  554.338184][T11790] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1124'.
[  554.355181][T11612] veth0_macvtap: entered promiscuous mode
[  554.361013][T11612] veth1_macvtap: entered promiscuous mode
[  554.372641][T11612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  554.383630][T11612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  554.393670][T11612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  554.414234][T11612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  554.418023][T11612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  554.422438][T11612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  554.452258][T11612] batman_adv: batadv0: Interface activated: batadv_slave_0
[  554.515853][T11612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  554.522246][T11612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  554.538301][ T9351] usb 13-1: USB disconnect, device number 7
[  554.541863][T11612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  554.568529][T11612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  554.573671][T11612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  554.579430][T11612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  554.584824][T11612] batman_adv: batadv0: Interface activated: batadv_slave_1
[  554.597798][T11612] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  554.622988][T11612] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  554.627900][T11612] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  554.634094][T11612] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  554.802071][ T7228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.813477][ T7228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.861316][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.864367][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  555.564931][T11819] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1127'.
[  555.634173][T11821] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1127'.
[  555.690161][T11823] random: crng reseeded on system resumption
[  555.747381][T11817] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1129'.
[  556.133033][T11828] siw: device registration error -23
[  556.162833][T11827] FAULT_INJECTION: forcing a failure.
[  556.162833][T11827] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  556.171080][T11827] CPU: 0 UID: 0 PID: 11827 Comm: syz.5.1131 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  556.171104][T11827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  556.171116][T11827] Call Trace:
[  556.171121][T11827]  <TASK>
[  556.171130][T11827]  dump_stack_lvl+0x16c/0x1f0
[  556.171158][T11827]  should_fail_ex+0x50a/0x650
[  556.171185][T11827]  ? __pfx___might_resched+0x10/0x10
[  556.171216][T11827]  should_fail_alloc_page+0xe7/0x130
[  556.171236][T11827]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  556.171260][T11827]  ? kernel_text_address+0x8d/0x100
[  556.171289][T11827]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  556.171318][T11827]  ? hlock_class+0x4e/0x130
[  556.171337][T11827]  ? mark_lock+0xb5/0xc60
[  556.171360][T11827]  ? hlock_class+0x4e/0x130
[  556.171378][T11827]  ? mark_lock+0xb5/0xc60
[  556.171401][T11827]  ? __pfx_mark_lock+0x10/0x10
[  556.171428][T11827]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  556.171458][T11827]  ? __pfx_mark_lock+0x10/0x10
[  556.171490][T11827]  ? hlock_class+0x4e/0x130
[  556.171511][T11827]  ? hlock_class+0x4e/0x130
[  556.171529][T11827]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  556.171560][T11827]  ? policy_nodemask+0xea/0x4e0
[  556.171580][T11827]  alloc_pages_mpol+0x1fc/0x540
[  556.171617][T11827]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  556.171632][T11827]  ? __pfx___lock_acquire+0x10/0x10
[  556.171664][T11827]  alloc_pages_noprof+0x131/0x390
[  556.171683][T11827]  pte_alloc_one+0x20/0x390
[  556.171710][T11827]  __pte_alloc+0x6e/0x3d0
[  556.171731][T11827]  ? __pfx___pte_alloc+0x10/0x10
[  556.171751][T11827]  ? __pfx_lock_release+0x10/0x10
[  556.171774][T11827]  ? do_raw_spin_lock+0x12d/0x2c0
[  556.171794][T11827]  do_pte_missing+0x2828/0x3e10
[  556.171824][T11827]  ? _raw_spin_unlock+0x28/0x50
[  556.171842][T11827]  ? __pmd_alloc+0x3c2/0x870
[  556.171866][T11827]  __handle_mm_fault+0x1166/0x2c60
[  556.171901][T11827]  ? __pfx___handle_mm_fault+0x10/0x10
[  556.171925][T11827]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  556.171965][T11827]  ? find_vma+0xc0/0x140
[  556.171987][T11827]  ? __pfx_find_vma+0x10/0x10
[  556.172015][T11827]  handle_mm_fault+0x3fa/0xaa0
[  556.172047][T11827]  do_user_addr_fault+0x7a3/0x13f0
[  556.172078][T11827]  exc_page_fault+0x5c/0xc0
[  556.172102][T11827]  asm_exc_page_fault+0x26/0x30
[  556.172126][T11827] RIP: 0010:_copy_to_user+0xb6/0xd0
[  556.172147][T11827] Code: 89 ee 48 89 ef e8 4a 4c f7 fc 4d 85 ff 75 a8 e8 d0 51 f7 fc 89 de 4c 89 e7 e8 c6 97 59 fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 <f3> a4 0f 1f 00 0f 01 ca 48 89 cb eb 80 66 2e 0f 1f 84 00 00 00 00
[  556.172164][T11827] RSP: 0018:ffffc90002f4fbe8 EFLAGS: 00050246
[  556.172179][T11827] RAX: 0000000000000001 RBX: 0000000000000013 RCX: 0000000000000013
[  556.172190][T11827] RDX: ffffed100b8f6c03 RSI: ffff88805c7b6000 RDI: 0000000080000000
[  556.172201][T11827] RBP: 0000000080000000 R08: 0000000000000000 R09: ffffed100b8f6c02
[  556.172212][T11827] R10: ffff88805c7b6012 R11: 0000000000000000 R12: ffff88805c7b6000
[  556.172224][T11827] R13: 0000000080000013 R14: 00007ffffffff000 R15: 0000000000000000
[  556.172248][T11827]  ? _copy_to_user+0xaa/0xd0
[  556.172269][T11827]  syslog_print+0x3e1/0x5d0
[  556.172297][T11827]  ? __pfx_syslog_print+0x10/0x10
[  556.172319][T11827]  ? ksys_write+0x12b/0x250
[  556.172348][T11827]  ? aa_get_newest_label+0x376/0x680
[  556.172368][T11827]  ? __pfx_autoremove_wake_function+0x10/0x10
[  556.172395][T11827]  ? rcu_is_watching+0x12/0xc0
[  556.172424][T11827]  ? bpf_lsm_capable+0x9/0x10
[  556.172442][T11827]  ? security_capable+0x7e/0x260
[  556.172464][T11827]  do_syslog+0x3e1/0x6c0
[  556.172481][T11827]  ? __pfx_do_syslog+0x10/0x10
[  556.172496][T11827]  ? __fget_files+0x206/0x3a0
[  556.172530][T11827]  ? ksys_write+0x1ba/0x250
[  556.172553][T11827]  ? __pfx_ksys_write+0x10/0x10
[  556.172582][T11827]  __ia32_sys_syslog+0x73/0xb0
[  556.172599][T11827]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  556.172623][T11827]  __do_fast_syscall_32+0x73/0x120
[  556.172649][T11827]  do_fast_syscall_32+0x32/0x80
[  556.172673][T11827]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  556.172701][T11827] RIP: 0023:0xf73ae579
[  556.172716][T11827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  556.172732][T11827] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000067
[  556.172748][T11827] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000080000000
[  556.172774][T11827] RDX: 0000000000000013 RSI: 0000000000000000 RDI: 0000000000000000
[  556.172784][T11827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  556.172795][T11827] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  556.172805][T11827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  556.172829][T11827]  </TASK>
[  556.931942][T11835] netlink: 1276 bytes leftover after parsing attributes in process `syz.5.1133'.
[  556.949725][T11835] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1133'.
[  557.519245][   T40] audit: type=1326 audit(1741327018.018:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.5.1139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ae579 code=0x7ffc0000
[  557.559753][   T40] audit: type=1326 audit(1741327018.018:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.5.1139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ae579 code=0x7ffc0000
[  557.572696][   T40] audit: type=1326 audit(1741327018.018:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.5.1139" exe="/syz-executor" sig=0 arch=40000003 syscall=364 compat=1 ip=0xf73ae579 code=0x7ffc0000
[  557.606631][   T40] audit: type=1326 audit(1741327018.018:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.5.1139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ae579 code=0x7ffc0000
[  557.644983][   T40] audit: type=1326 audit(1741327018.018:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.5.1139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ae579 code=0x7ffc0000
[  557.660538][T11850] netlink: 'syz.5.1140': attribute type 2 has an invalid length.
[  557.696495][   T40] audit: type=1326 audit(1741327018.018:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.5.1139" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf73ae579 code=0x7ffc0000
[  557.706156][   T40] audit: type=1326 audit(1741327018.018:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.5.1139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ae579 code=0x7ffc0000
[  557.733035][   T40] audit: type=1326 audit(1741327018.018:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.5.1139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ae579 code=0x7ffc0000
[  558.835505][   T70] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.625374][   T70] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.874487][   T70] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.061883][   T70] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.693010][   T70] bridge_slave_1: left allmulticast mode
[  560.713287][   T70] bridge_slave_1: left promiscuous mode
[  560.767248][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[  560.891711][   T70] bridge_slave_0: left allmulticast mode
[  560.897876][   T70] bridge_slave_0: left promiscuous mode
[  560.909125][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[  560.954469][T11871] 9pnet_fd: Insufficient options for proto=fd
[  561.210527][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  561.266087][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  561.272639][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  561.276436][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  561.295019][ T5950] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  561.300922][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  561.970210][T11875] fuse: Unknown parameter ''
[  562.315866][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  562.318008][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[  563.326215][ T5950] Bluetooth: hci2: command tx timeout
[  563.387325][T11882] siw: device registration error -23
[  563.483227][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  563.553422][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  563.634741][   T70] bond0 (unregistering): Released all slaves
[  564.329168][T11872] chnl_net:caif_netlink_parms(): no params data found
[  564.906034][T11912] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1152'.
[  565.003860][   T70] hsr_slave_0: left promiscuous mode
[  565.007865][   T70] hsr_slave_1: left promiscuous mode
[  565.012017][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  565.023755][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[  565.029645][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  565.034734][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[  565.140458][   T70] veth1_macvtap: left promiscuous mode
[  565.143851][   T70] veth0_macvtap: left promiscuous mode
[  565.163842][   T70] veth1_vlan: left promiscuous mode
[  565.166324][   T70] veth0_vlan: left promiscuous mode
[  565.449569][ T5950] Bluetooth: hci2: command tx timeout
[  567.491972][ T5950] Bluetooth: hci2: command tx timeout
[  569.566421][ T5950] Bluetooth: hci2: command tx timeout
[  570.065012][   T70] team0 (unregistering): Port device team_slave_1 removed
[  570.568556][   T70] team0 (unregistering): Port device team_slave_0 removed
[  574.665693][T11872] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.668151][T11872] bridge0: port 1(bridge_slave_0) entered disabled state
[  574.670451][T11872] bridge_slave_0: entered allmulticast mode
[  574.683735][T11872] bridge_slave_0: entered promiscuous mode
[  574.689527][T11872] bridge0: port 2(bridge_slave_1) entered blocking state
[  574.715704][T11872] bridge0: port 2(bridge_slave_1) entered disabled state
[  574.718548][T11872] bridge_slave_1: entered allmulticast mode
[  574.721625][T11872] bridge_slave_1: entered promiscuous mode
[  575.087092][T11872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  575.205733][T11872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  575.404970][T11949] siw: device registration error -23
[  575.491187][T11872] team0: Port device team_slave_0 added
[  575.532895][T11872] team0: Port device team_slave_1 added
[  576.064653][T11872] batman_adv: batadv0: Adding interface: batadv_slave_0
[  576.068081][T11872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.101969][T11872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  576.107758][T11872] batman_adv: batadv0: Adding interface: batadv_slave_1
[  576.125984][T11872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.138933][T11872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  576.336434][T11872] hsr_slave_0: entered promiscuous mode
[  576.340357][T11872] hsr_slave_1: entered promiscuous mode
[  576.348259][T11872] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  576.352309][T11872] Cannot create hsr debugfs directory
[  577.457073][T11981] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1166'.
[  577.521173][T11981] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1166'.
[  579.141600][T12000] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(9)
[  579.150475][T12000] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  579.203887][T12000] vhci_hcd vhci_hcd.0: Device attached
[  579.222454][T12005] netlink: 1268 bytes leftover after parsing attributes in process `syz.8.1169'.
[  579.237990][T12005] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1169'.
[  579.249018][T11872] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  579.266499][T11872] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  579.281526][T11872] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  579.287933][T11872] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  579.302397][T12009] vhci_hcd: unknown pdu 1
[  579.330350][ T1173] vhci_hcd: stop threads
[  579.337862][ T1173] vhci_hcd: release socket
[  579.345679][ T1173] vhci_hcd: disconnect device
[  579.406933][ T1016] vhci_hcd: vhci_device speed not set
[  579.459342][T11872] 8021q: adding VLAN 0 to HW filter on device bond0
[  579.506673][T11872] 8021q: adding VLAN 0 to HW filter on device team0
[  579.548220][  T229] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.551188][  T229] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.556885][  T229] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.561421][  T229] bridge0: port 2(bridge_slave_1) entered forwarding state
[  579.621447][T11872] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  580.127929][T11872] 8021q: adding VLAN 0 to HW filter on device batadv0
[  580.525729][T11872] veth0_vlan: entered promiscuous mode
[  580.588781][T11872] veth1_vlan: entered promiscuous mode
[  580.606084][T11872] veth0_macvtap: entered promiscuous mode
[  580.689914][T11872] veth1_macvtap: entered promiscuous mode
[  580.736286][T11872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  580.830941][T11872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.836886][T11872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  580.843408][T11872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.849643][T11872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  580.858808][T11872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.864796][T11872] batman_adv: batadv0: Interface activated: batadv_slave_0
[  580.893969][T11872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  580.905438][T11872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.912478][T11872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  580.921504][T11872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.930624][T11872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  580.940621][T11872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.948662][T11872] batman_adv: batadv0: Interface activated: batadv_slave_1
[  580.974824][T11872] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  580.983818][T12041] siw: device registration error -23
[  580.998366][T11872] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  581.002685][T11872] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  581.011910][T11872] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  581.529715][  T229] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.578446][  T229] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.660617][ T7228] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.674052][ T7228] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  582.430244][T12062] netlink: 1276 bytes leftover after parsing attributes in process `syz.8.1175'.
[  584.016785][T12080] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1179'.
[  584.244828][  T229] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  584.355044][T10319] usb 10-1: new full-speed USB device number 30 using dummy_hcd
[  584.433485][T12094] siw: device registration error -23
[  584.512288][T10319] usb 10-1: device descriptor read/64, error -71
[  584.763098][T10319] usb 10-1: new full-speed USB device number 31 using dummy_hcd
[  584.955192][T10319] usb 10-1: device descriptor read/64, error -71
[  585.003011][  T229] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  585.068465][T10319] usb usb10-port1: attempt power cycle
[  585.160241][  T229] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  585.432113][  T229] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  585.483622][T10319] usb 10-1: new full-speed USB device number 32 using dummy_hcd
[  585.514452][T10319] usb 10-1: device descriptor read/8, error -71
[  585.664170][  T229] bridge_slave_1: left allmulticast mode
[  585.667530][  T229] bridge_slave_1: left promiscuous mode
[  585.669854][  T229] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.699134][  T229] bridge_slave_0: left allmulticast mode
[  585.704621][  T229] bridge_slave_0: left promiscuous mode
[  585.709204][  T229] bridge0: port 1(bridge_slave_0) entered disabled state
[  585.764333][T10319] usb 10-1: new full-speed USB device number 33 using dummy_hcd
[  585.789037][T10319] usb 10-1: device descriptor read/8, error -71
[  585.935294][T10319] usb usb10-port1: unable to enumerate USB device
[  586.158031][   T66] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  586.177345][   T66] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  586.199305][   T66] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  586.203407][   T66] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  586.208338][   T66] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  586.217303][   T66] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  586.358187][T12103] random: crng reseeded on system resumption
[  587.436050][  T229] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  587.480453][  T229] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  587.497819][  T229] bond0 (unregistering): Released all slaves
[  588.068976][T12100] chnl_net:caif_netlink_parms(): no params data found
[  588.295254][   T66] Bluetooth: hci2: command tx timeout
[  588.311332][T12127] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1189'.
[  588.927306][  T229] hsr_slave_0: left promiscuous mode
[  589.032376][  T229] hsr_slave_1: left promiscuous mode
[  589.041897][  T229] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  589.055215][  T229] batman_adv: batadv0: Removing interface: batadv_slave_0
[  589.107558][  T229] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  589.124195][  T229] batman_adv: batadv0: Removing interface: batadv_slave_1
[  589.228771][  T229] veth1_macvtap: left promiscuous mode
[  589.234199][  T229] veth0_macvtap: left promiscuous mode
[  589.238146][  T229] veth1_vlan: left promiscuous mode
[  589.241446][  T229] veth0_vlan: left promiscuous mode
[  589.286817][T12132] random: crng reseeded on system resumption
[  589.860539][T12161] netlink: 44 bytes leftover after parsing attributes in process `syz.8.1197'.
[  589.973161][   T30] usb 10-1: new full-speed USB device number 34 using dummy_hcd
[  590.163141][   T30] usb 10-1: device descriptor read/64, error -71
[  590.373136][   T66] Bluetooth: hci2: command tx timeout
[  590.436700][   T30] usb 10-1: new full-speed USB device number 35 using dummy_hcd
[  590.623032][   T30] usb 10-1: device descriptor read/64, error -71
[  590.775641][   T30] usb usb10-port1: attempt power cycle
[  591.210915][   T30] usb 10-1: new full-speed USB device number 36 using dummy_hcd
[  591.253867][   T30] usb 10-1: device descriptor read/8, error -71
[  591.541126][   T30] usb 10-1: new full-speed USB device number 37 using dummy_hcd
[  591.585137][   T30] usb 10-1: device descriptor read/8, error -71
[  591.704318][   T30] usb usb10-port1: unable to enumerate USB device
[  592.453482][   T66] Bluetooth: hci2: command tx timeout
[  593.143732][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1199'.
[  594.046585][  T229] team0 (unregistering): Port device team_slave_1 removed
[  594.413355][  T229] team0 (unregistering): Port device team_slave_0 removed
[  594.539179][   T66] Bluetooth: hci2: command tx timeout
[  598.061452][T12100] bridge0: port 1(bridge_slave_0) entered blocking state
[  598.078607][T12100] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.083850][T12100] bridge_slave_0: entered allmulticast mode
[  598.087560][T12100] bridge_slave_0: entered promiscuous mode
[  598.093861][T12100] bridge0: port 2(bridge_slave_1) entered blocking state
[  598.113410][T12100] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.116655][T12100] bridge_slave_1: entered allmulticast mode
[  598.123520][T12100] bridge_slave_1: entered promiscuous mode
[  598.281667][T12100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  598.299087][T12100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  598.601325][T12100] team0: Port device team_slave_0 added
[  598.609565][T12100] team0: Port device team_slave_1 added
[  598.715946][T12100] batman_adv: batadv0: Adding interface: batadv_slave_0
[  598.719381][T12100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.743433][T12100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  598.798554][T12100] batman_adv: batadv0: Adding interface: batadv_slave_1
[  598.803421][T12100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  598.823088][T12100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  599.183124][    T8] usb 13-1: new full-speed USB device number 8 using dummy_hcd
[  599.195802][T12100] hsr_slave_0: entered promiscuous mode
[  599.199236][T12100] hsr_slave_1: entered promiscuous mode
[  599.203250][T12100] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  599.216184][T12100] Cannot create hsr debugfs directory
[  599.343194][    T8] usb 13-1: device descriptor read/64, error -71
[  599.583012][    T8] usb 13-1: new full-speed USB device number 9 using dummy_hcd
[  599.795235][    T8] usb 13-1: device descriptor read/64, error -71
[  599.907787][    T8] usb usb13-port1: attempt power cycle
[  600.243309][    T8] usb 13-1: new full-speed USB device number 10 using dummy_hcd
[  600.274165][    T8] usb 13-1: device descriptor read/8, error -71
[  600.443146][T12234] netlink: 1268 bytes leftover after parsing attributes in process `syz.5.1211'.
[  600.500142][T12239] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1211'.
[  600.516232][    T8] usb 13-1: new full-speed USB device number 11 using dummy_hcd
[  600.564123][    T8] usb 13-1: device descriptor read/8, error -71
[  600.610172][T12244] netlink: 'syz.7.1213': attribute type 1 has an invalid length.
[  600.621829][T12244] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1213'.
[  600.637274][T12244] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1213'.
[  600.683321][    T8] usb usb13-port1: unable to enumerate USB device
[  600.905962][T12100] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  600.927315][T12100] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  600.945369][T12100] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  601.007722][T12100] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  601.124643][T12255] netlink: 'syz.5.1214': attribute type 11 has an invalid length.
[  601.207578][T12100] 8021q: adding VLAN 0 to HW filter on device bond0
[  601.236625][T12100] 8021q: adding VLAN 0 to HW filter on device team0
[  601.314712][  T229] bridge0: port 1(bridge_slave_0) entered blocking state
[  601.327057][  T229] bridge0: port 1(bridge_slave_0) entered forwarding state
[  601.345707][  T229] bridge0: port 2(bridge_slave_1) entered blocking state
[  601.349017][  T229] bridge0: port 2(bridge_slave_1) entered forwarding state
[  601.561977][T12270] syzkaller0: entered promiscuous mode
[  601.572334][T12270] syzkaller0: entered allmulticast mode
[  601.590792][T12270] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487
[  602.085435][T12100] 8021q: adding VLAN 0 to HW filter on device batadv0
[  602.168245][T12100] veth0_vlan: entered promiscuous mode
[  602.194959][T12100] veth1_vlan: entered promiscuous mode
[  602.278273][T12100] veth0_macvtap: entered promiscuous mode
[  602.296755][T12100] veth1_macvtap: entered promiscuous mode
[  602.333874][T12100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  602.348235][T12290] siw: device registration error -23
[  602.350824][T12100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.367852][T12100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  602.372089][T12100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.392561][T12100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  602.397058][T12100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.403583][T12100] batman_adv: batadv0: Interface activated: batadv_slave_0
[  602.409587][T12100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  602.433479][T12100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.450499][T12100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  602.467413][T12100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.472662][T12100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  602.478952][T12100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  602.493697][T12100] batman_adv: batadv0: Interface activated: batadv_slave_1
[  602.581416][T12100] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  602.584844][T12100] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  602.589847][T12100] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  602.675727][T12100] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  603.020630][T12305] netlink: 'syz.8.1223': attribute type 21 has an invalid length.
[  603.026629][T12305] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1223'.
[  603.046278][  T229] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  603.050084][  T229] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  603.082555][  T229] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  603.091752][  T229] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  603.127565][T12306] netlink: 1272 bytes leftover after parsing attributes in process `syz.7.1222'.
[  603.152085][T12306] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1222'.
[  603.474342][T12312] Mount JFS Failure: -22
[  604.139343][    T8] usb 10-1: new full-speed USB device number 38 using dummy_hcd
[  604.324464][    T8] usb 10-1: no configurations
[  604.345383][    T8] usb 10-1: can't read configurations, error -22
[  604.494021][    T8] usb 10-1: new full-speed USB device number 39 using dummy_hcd
[  604.807553][    T8] usb 10-1: no configurations
[  604.809522][    T8] usb 10-1: can't read configurations, error -22
[  604.812786][    T8] usb usb10-port1: attempt power cycle
[  604.930914][T12329] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1229'.
[  604.935982][T12329] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1229'.
[  604.944760][T12329] random: crng reseeded on system resumption
[  605.916252][    T8] usb 10-1: new full-speed USB device number 40 using dummy_hcd
[  605.934597][    T8] usb 10-1: no configurations
[  605.963021][    T8] usb 10-1: can't read configurations, error -22
[  606.013349][ T1135] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.101331][    T8] usb 10-1: new full-speed USB device number 41 using dummy_hcd
[  606.126985][    T8] usb 10-1: no configurations
[  606.129432][    T8] usb 10-1: can't read configurations, error -22
[  606.136811][    T8] usb usb10-port1: unable to enumerate USB device
[  606.617184][ T1135] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.715333][ T1135] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  606.835936][ T1135] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.091219][ T1135] bridge_slave_1: left allmulticast mode
[  607.094561][ T1135] bridge_slave_1: left promiscuous mode
[  607.097210][ T1135] bridge0: port 2(bridge_slave_1) entered disabled state
[  607.106230][ T1135] bridge_slave_0: left allmulticast mode
[  607.108777][ T1135] bridge_slave_0: left promiscuous mode
[  607.120733][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.034153][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  608.062961][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  608.077692][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  608.086698][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  608.093966][ T5950] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  608.100252][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  608.250673][T12356] siw: device registration error -23
[  608.882282][ T1135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  608.919927][ T1135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  608.945879][ T1135] bond0 (unregistering): Released all slaves
[  609.249933][T12366] netlink: 1272 bytes leftover after parsing attributes in process `syz.8.1235'.
[  609.307756][T12366] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1235'.
[  610.026078][T12352] chnl_net:caif_netlink_parms(): no params data found
[  610.215235][ T1135] hsr_slave_0: left promiscuous mode
[  610.217970][ T1135] hsr_slave_1: left promiscuous mode
[  610.221668][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  610.223078][ T5950] Bluetooth: hci2: command tx timeout
[  610.226376][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_0
[  610.236089][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  610.239493][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_1
[  610.352116][ T1135] veth1_macvtap: left promiscuous mode
[  610.365872][ T1135] veth0_macvtap: left promiscuous mode
[  610.370976][ T1135] veth1_vlan: left promiscuous mode
[  610.374519][ T1135] veth0_vlan: left promiscuous mode
[  610.913204][T10319] usb 12-1: new full-speed USB device number 29 using dummy_hcd
[  611.115528][T10319] usb 12-1: no configurations
[  611.117970][T10319] usb 12-1: can't read configurations, error -22
[  611.265664][T10319] usb 12-1: new full-speed USB device number 30 using dummy_hcd
[  611.510859][T10319] usb 12-1: no configurations
[  611.512541][T10319] usb 12-1: can't read configurations, error -22
[  611.521265][T10319] usb usb12-port1: attempt power cycle
[  611.863227][T10319] usb 12-1: new full-speed USB device number 31 using dummy_hcd
[  611.884428][T10319] usb 12-1: no configurations
[  611.886616][T10319] usb 12-1: can't read configurations, error -22
[  612.023339][T10319] usb 12-1: new full-speed USB device number 32 using dummy_hcd
[  612.045768][T10319] usb 12-1: no configurations
[  612.047953][T10319] usb 12-1: can't read configurations, error -22
[  612.051177][T10319] usb usb12-port1: unable to enumerate USB device
[  612.152934][T12409] siw: device registration error -23
[  612.314920][ T5950] Bluetooth: hci2: command tx timeout
[  613.756111][T12414] netlink: 'syz.7.1245': attribute type 10 has an invalid length.
[  613.759240][T12414] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1245'.
[  614.365573][ T5950] Bluetooth: hci2: command tx timeout
[  614.856139][ T1135] team0 (unregistering): Port device team_slave_1 removed
[  615.487120][ T1135] team0 (unregistering): Port device team_slave_0 removed
[  616.443709][ T5950] Bluetooth: hci2: command tx timeout
[  619.493327][T12352] bridge0: port 1(bridge_slave_0) entered blocking state
[  619.496662][T12352] bridge0: port 1(bridge_slave_0) entered disabled state
[  619.499802][T12352] bridge_slave_0: entered allmulticast mode
[  619.503219][T12352] bridge_slave_0: entered promiscuous mode
[  619.512517][T12352] bridge0: port 2(bridge_slave_1) entered blocking state
[  619.518506][T12352] bridge0: port 2(bridge_slave_1) entered disabled state
[  619.521830][T12352] bridge_slave_1: entered allmulticast mode
[  619.526965][T12352] bridge_slave_1: entered promiscuous mode
[  619.551609][T12414] batman_adv: batadv0: Adding interface: vlan1
[  619.553842][T12414] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  619.572040][T12414] batman_adv: batadv0: Interface activated: vlan1
[  619.873777][T12352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  619.892398][T12352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  619.966534][T12422] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1247'.
[  620.069132][T12352] team0: Port device team_slave_0 added
[  620.098716][T12352] team0: Port device team_slave_1 added
[  620.215681][T12430] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1248'.
[  620.297544][T12432] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1248'.
[  620.388428][T12433] random: crng reseeded on system resumption
[  620.573510][T12352] batman_adv: batadv0: Adding interface: batadv_slave_0
[  620.578487][T12352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  620.677730][T12352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  620.830096][T12352] batman_adv: batadv0: Adding interface: batadv_slave_1
[  620.863446][T12352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  620.879567][T12352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  621.300716][T12352] hsr_slave_0: entered promiscuous mode
[  621.313596][T12352] hsr_slave_1: entered promiscuous mode
[  621.316938][T12352] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  621.321133][T12352] Cannot create hsr debugfs directory
[  621.782722][T10319] usb 12-1: new high-speed USB device number 33 using dummy_hcd
[  621.906953][ T8297] usb 10-1: new full-speed USB device number 42 using dummy_hcd
[  621.969283][T10319] usb 12-1: Using ep0 maxpacket: 16
[  621.980582][T10319] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  621.985829][T10319] usb 12-1: config 0 has no interfaces?
[  622.008270][T10319] usb 12-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  622.012613][T10319] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.029884][T10319] usb 12-1: Product: syz
[  622.032392][T10319] usb 12-1: Manufacturer: syz
[  622.035487][T10319] usb 12-1: SerialNumber: syz
[  622.040213][T10319] usb 12-1: config 0 descriptor??
[  622.153640][ T8297] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  622.158385][ T8297] usb 10-1: config 0 has no interfaces?
[  622.160622][ T8297] usb 10-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  622.172956][ T8297] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.190750][ T8297] usb 10-1: config 0 descriptor??
[  622.441288][   T30] usb 10-1: USB disconnect, device number 42
[  622.801943][    C0] ==================================================================
[  622.809930][    C0] BUG: KASAN: slab-use-after-free in __lock_acquire+0x2d90/0x3c40
[  622.828572][    C0] Read of size 8 at addr ffff88805ba2d418 by task kworker/u32:7/1135
[  622.852872][    C0] 
[  622.853756][    C0] CPU: 0 UID: 0 PID: 1135 Comm: kworker/u32:7 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  622.853776][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  622.853787][    C0] Workqueue: bat_events batadv_nc_worker
[  622.853816][    C0] Call Trace:
[  622.853822][    C0]  <IRQ>
[  622.853830][    C0]  dump_stack_lvl+0x116/0x1f0
[  622.853852][    C0]  print_report+0xc3/0x670
[  622.853867][    C0]  ? __virt_addr_valid+0x5e/0x590
[  622.853883][    C0]  ? __phys_addr+0xc6/0x150
[  622.853899][    C0]  kasan_report+0xd9/0x110
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  622.853913][    C0]  ? __lock_acquire+0x2d90/0x3c40
[  622.853934][    C0]  ? __lock_acquire+0x2d90/0x3c40
[  622.853956][    C0]  __lock_acquire+0x2d90/0x3c40
[  622.853976][    C0]  ? __pfx_lock_release+0x10/0x10
[  622.853995][    C0]  ? rcu_is_watching+0x12/0xc0
[  622.854011][    C0]  ? ttwu_queue_wakelist+0x26d/0x400
[  622.854032][    C0]  ? __smp_call_single_queue+0x174/0x1e0
[  622.854048][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  622.854067][    C0]  ? do_raw_spin_unlock+0x172/0x230
[  622.854082][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  622.854102][    C0]  lock_acquire.part.0+0x11b/0x380
[  622.854122][    C0]  ? p9_req_put+0xaf/0x250
[  622.854139][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  622.854159][    C0]  ? rcu_is_watching+0x12/0xc0
[  622.854174][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  622.854191][    C0]  ? p9_req_put+0xaf/0x250
[  622.854207][    C0]  ? lock_acquire+0x2f/0xb0
[  622.854225][    C0]  ? p9_req_put+0xaf/0x250
[  622.854241][    C0]  _raw_spin_lock_irqsave+0x3a/0x60
[  622.854257][    C0]  ? p9_req_put+0xaf/0x250
[  622.854272][    C0]  p9_req_put+0xaf/0x250
[  622.854288][    C0]  req_done+0x1e7/0x2f0
[  622.854311][    C0]  ? __pfx_req_done+0x10/0x10
[  622.854332][    C0]  ? __pfx_req_done+0x10/0x10
[  622.854378][    C0]  vring_interrupt+0x31b/0x400
[  622.854395][    C0]  ? __pfx_vring_interrupt+0x10/0x10
[  622.854411][    C0]  __handle_irq_event_percpu+0x229/0x7d0
[  622.854429][    C0]  handle_irq_event+0xab/0x1e0
[  622.854445][    C0]  handle_edge_irq+0x263/0xd10
[  622.854462][    C0]  __common_interrupt+0xdf/0x250
[  622.854481][    C0]  common_interrupt+0x61/0xe0
[  622.854504][    C0]  asm_common_interrupt+0x26/0x40
[  622.854524][    C0] RIP: 0010:handle_softirqs+0x1da/0x8f0
[  622.854546][    C0] Code: 89 44 24 18 48 89 6c 24 10 48 c7 c7 40 82 6b 8b e8 eb 3d d9 09 65 66 c7 05 79 bb 87 7e 00 00 e8 0c 8a 45 00 fb bb ff ff ff ff <49> c7 c6 c0 b0 e0 8d 41 0f bc dc 83 c3 01 0f 85 a4 00 00 00 e9 b1
[  622.854561][    C0] RSP: 0018:ffffc90000007f28 EFLAGS: 00000202
[  622.854574][    C0] RAX: 0000000000c999dc RBX: 00000000ffffffff RCX: 1ffffffff2de4120
[  622.854585][    C0] RDX: 0000000000000000 RSI: ffffffff8b6cfb00 RDI: ffffffff8bd357a0
[  622.854595][    C0] RBP: ffff8880254e2440 R08: 0000000000000001 R09: fffffbfff2dd7fb6
[  622.854605][    C0] R10: ffffffff96ebfdb7 R11: 0000000000000003 R12: 0000000000000382
[  622.854614][    C0] R13: 000000000000000a R14: 0000000000000001 R15: 0000000000000000
[  622.854629][    C0]  ? handle_softirqs+0x1d4/0x8f0
[  622.854649][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  622.854670][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  622.854692][    C0]  __irq_exit_rcu+0x109/0x170
[  622.854713][    C0]  irq_exit_rcu+0x9/0x30
[  622.854732][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  622.854750][    C0]  </IRQ>
[  622.854755][    C0]  <TASK>
[  622.854761][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  622.854781][    C0] RIP: 0010:preempt_schedule_irq+0x4c/0x90
[  622.854799][    C0] Code: df 55 65 48 8b 2d a4 66 ad 74 53 48 89 eb 48 c1 eb 03 48 01 c3 bf 01 00 00 00 e8 1f e8 31 f6 e8 4a 35 6b f6 fb bf 01 00 00 00 <e8> 4f 9f ff ff 9c 58 fa f6 c4 02 75 1e bf 01 00 00 00 e8 ed 92 31
[  622.854813][    C0] RSP: 0018:ffffc9000662f928 EFLAGS: 00000202
[  622.854825][    C0] RAX: 0000000000c999d9 RBX: ffffed1004a9c488 RCX: 1ffffffff2de4120
[  622.854835][    C0] RDX: 0000000000000000 RSI: ffffffff8b6cfb00 RDI: 0000000000000001
[  622.854844][    C0] RBP: ffff8880254e2440 R08: 0000000000000001 R09: fffffbfff2dd7fb6
[  622.854853][    C0] R10: ffffffff96ebfdb7 R11: 0000000000000000 R12: 0000000000000000
[  622.854862][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  622.854877][    C0]  ? preempt_schedule_irq+0x46/0x90
[  622.854894][    C0]  irqentry_exit+0x36/0x90
[  622.854912][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  622.854932][    C0] RIP: 0010:lock_release+0x129/0x6f0
[  622.854951][    C0] Code: 0f 85 d6 02 00 00 65 4c 8b 35 63 27 6d 7e 49 8d be ec 0a 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 50 05 00 00 41
[  622.854965][    C0] RSP: 0018:ffffc9000662f9f0 EFLAGS: 00000a03
[  622.854975][    C0] RAX: dffffc0000000000 RBX: 1ffff92000cc5f40 RCX: ffffffff8196b2b9
[  622.854985][    C0] RDX: 0000000000000000 RSI: ffffffff8bd35720 RDI: ffff8880254e2f2c
[  622.854995][    C0] RBP: ffffffff9062b514 R08: 0000000000000000 R09: fffffbfff20c5042
[  622.855005][    C0] R10: ffffffff90628217 R11: 0000000000000002 R12: ffffffff8e1bd0c0
[  622.855015][    C0] R13: ffff88804bf7d8a8 R14: ffff8880254e2440 R15: ffffffff8b23c090
[  622.855025][    C0]  ? __pfx_batadv_nc_fwd_flush+0x10/0x10
[  622.855046][    C0]  ? lock_release+0xa9/0x6f0
[  622.855067][    C0]  ? batadv_nc_process_nc_paths.part.0+0x215/0x3e0
[  622.855089][    C0]  ? __pfx_lock_release+0x10/0x10
[  622.855108][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  622.855125][    C0]  ? mark_held_locks+0x9f/0xe0
[  622.855142][    C0]  ? batadv_nc_process_nc_paths.part.0+0xde/0x3e0
[  622.855164][    C0]  ? lock_acquire+0x2f/0xb0
[  622.855182][    C0]  ? batadv_nc_process_nc_paths.part.0+0xde/0x3e0
[  622.855205][    C0]  ? __pfx_batadv_nc_fwd_flush+0x10/0x10
[  622.855225][    C0]  batadv_nc_process_nc_paths.part.0+0x21a/0x3e0
[  622.855249][    C0]  batadv_nc_worker+0xcc8/0x1060
[  622.855271][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[  622.855289][    C0]  ? rcu_is_watching+0x12/0xc0
[  622.855302][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  622.855316][    C0]  ? process_one_work+0x921/0x1ba0
[  622.855334][    C0]  ? lock_acquire+0x2f/0xb0
[  622.855354][    C0]  ? process_one_work+0x921/0x1ba0
[  622.855371][    C0]  process_one_work+0x9c5/0x1ba0
[  622.855390][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[  622.855407][    C0]  ? __pfx_process_one_work+0x10/0x10
[  622.855426][    C0]  ? assign_work+0x1a0/0x250
[  622.855442][    C0]  worker_thread+0x6c8/0xf00
[  622.855461][    C0]  ? __pfx_worker_thread+0x10/0x10
[  622.855477][    C0]  kthread+0x3af/0x750
[  622.855493][    C0]  ? __pfx_kthread+0x10/0x10
[  622.855508][    C0]  ? lock_acquire+0x2f/0xb0
[  622.855526][    C0]  ? __pfx_kthread+0x10/0x10
[  622.855541][    C0]  ret_from_fork+0x45/0x80
[  622.855557][    C0]  ? __pfx_kthread+0x10/0x10
[  622.855572][    C0]  ret_from_fork_asm+0x1a/0x30
[  622.855590][    C0]  </TASK>
[  622.855595][    C0] 
[  622.872012][   T30] usb 12-1: USB disconnect, device number 33
[  622.880478][    C0] Allocated by task 12472:
[  622.880500][    C0]  kasan_save_stack+0x33/0x60
[  622.880534][    C0]  kasan_save_track+0x14/0x30
[  622.880557][    C0]  __kasan_kmalloc+0xaa/0xb0
[  622.880579][    C0]  p9_client_create+0xc8/0x1200
[  622.880601][    C0]  v9fs_session_init+0x1f8/0x1a80
[  622.880621][    C0]  v9fs_mount+0xc6/0xa30
[  622.880643][    C0]  legacy_get_tree+0x109/0x220
[  622.880667][    C0]  vfs_get_tree+0x8b/0x340
[  622.880685][    C0]  path_mount+0x14e6/0x1f10
[  622.880709][    C0]  __ia32_sys_mount+0x28d/0x310
[  622.880723][    C0]  __do_fast_syscall_32+0x73/0x120
[  622.880746][    C0]  do_fast_syscall_32+0x32/0x80
[  622.880768][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  622.880797][    C0] 
[  623.510020][    C0] Freed by task 12472:
[  623.512268][    C0]  kasan_save_stack+0x33/0x60
[  623.514845][    C0]  kasan_save_track+0x14/0x30
[  623.527320][    C0]  kasan_save_free_info+0x3b/0x60
[  623.530370][    C0]  __kasan_slab_free+0x51/0x70
[  623.533451][    C0]  kfree+0x2c4/0x4d0
[  623.535521][    C0]  p9_client_create+0xa58/0x1200
[  623.537940][    C0]  v9fs_session_init+0x1f8/0x1a80
[  623.547706][    C0]  v9fs_mount+0xc6/0xa30
[  623.552511][    C0]  legacy_get_tree+0x109/0x220
[  623.560719][    C0]  vfs_get_tree+0x8b/0x340
[  623.562837][    C0]  path_mount+0x14e6/0x1f10
[  623.575898][    C0]  __ia32_sys_mount+0x28d/0x310
[  623.578198][    C0]  __do_fast_syscall_32+0x73/0x120
[  623.580695][    C0]  do_fast_syscall_32+0x32/0x80
[  623.583301][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  623.587190][    C0] 
[  623.588578][    C0] The buggy address belongs to the object at ffff88805ba2d400
[  623.588578][    C0]  which belongs to the cache kmalloc-512 of size 512
[  623.602462][    C0] The buggy address is located 24 bytes inside of
[  623.602462][    C0]  freed 512-byte region [ffff88805ba2d400, ffff88805ba2d600)
[  623.610191][    C0] 
[  623.611747][    C0] The buggy address belongs to the physical page:
[  623.614911][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ba2c
[  623.619325][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  623.623971][    C0] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  623.628359][    C0] page_type: f5(slab)
[  623.630493][    C0] raw: 04fff00000000040 ffff88801b042c80 0000000000000000 dead000000000001
[  623.635663][    C0] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  623.640259][    C0] head: 04fff00000000040 ffff88801b042c80 0000000000000000 dead000000000001
[  623.644770][    C0] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  623.648518][    C0] head: 04fff00000000002 ffffea00016e8b01 ffffffffffffffff 0000000000000000
[  623.652724][    C0] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  623.657294][    C0] page dumped because: kasan: bad access detected
[  623.660552][    C0] page_owner tracks the page as allocated
[  623.663673][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5948, tgid 5948 (syz-executor), ts 46280547004, free_ts 46261856566
[  623.677150][    C0]  post_alloc_hook+0x181/0x1b0
[  623.679477][    C0]  get_page_from_freelist+0xfce/0x2f80
[  623.682171][    C0]  __alloc_frozen_pages_noprof+0x221/0x2470
[  623.685798][    C0]  alloc_pages_mpol+0x1fc/0x540
[  623.688857][    C0]  new_slab+0x23d/0x330
[  623.691098][    C0]  ___slab_alloc+0xc5d/0x1720
[  623.693658][    C0]  __slab_alloc.constprop.0+0x56/0xb0
[  623.696489][    C0]  __kmalloc_cache_noprof+0xfa/0x410
[  623.699694][    C0]  inetdev_init+0x66/0x5a0
[  623.702666][    C0]  inetdev_event+0xc61/0x18a0
[  623.705076][    C0]  notifier_call_chain+0xb7/0x410
[  623.707545][    C0]  call_netdevice_notifiers_info+0xbe/0x140
[  623.710460][    C0]  register_netdevice+0x17c2/0x1eb0
[  623.713712][    C0]  vxcan_newlink+0x2e9/0x540
[  623.716031][    C0]  rtnl_newlink+0xb95/0x1d60
[  623.718226][    C0]  rtnetlink_rcv_msg+0x95b/0xea0
[  623.720881][    C0] page last free pid 5947 tgid 5947 stack trace:
[  623.727073][    C0]  free_frozen_pages+0x6db/0xfb0
[  623.729710][    C0]  qlist_free_all+0x4e/0x120
[  623.732127][    C0]  kasan_quarantine_reduce+0x195/0x1e0
[  623.735144][    C0]  __kasan_slab_alloc+0x69/0x90
[  623.737739][    C0]  __kmalloc_cache_noprof+0x243/0x410
[  623.740496][    C0]  ref_tracker_alloc+0x17c/0x5b0
[  623.742976][    C0]  netdev_queue_update_kobjects+0x24c/0x5b0
[  623.745788][    C0]  netdev_register_kobject+0x28c/0x3a0
[  623.748432][    C0]  register_netdevice+0x147b/0x1eb0
[  623.751103][    C0]  veth_newlink+0x3c2/0x8f0
[  623.753921][    C0]  rtnl_newlink+0xb95/0x1d60
[  623.756560][    C0]  rtnetlink_rcv_msg+0x95b/0xea0
[  623.759397][    C0]  netlink_rcv_skb+0x16b/0x440
[  623.762176][    C0]  netlink_unicast+0x53c/0x7f0
[  623.764996][    C0]  netlink_sendmsg+0x8b8/0xd70
[  623.767446][    C0]  __sys_sendto+0x488/0x4f0
[  623.769738][    C0] 
[  623.771204][    C0] Memory state around the buggy address:
[  623.774455][    C0]  ffff88805ba2d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  623.778840][    C0]  ffff88805ba2d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  623.783727][    C0] >ffff88805ba2d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  623.788707][    C0]                             ^
[  623.791214][    C0]  ffff88805ba2d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  623.795829][    C0]  ffff88805ba2d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  623.799785][    C0] ==================================================================
[  623.803713][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  623.807267][    C0] CPU: 0 UID: 0 PID: 1135 Comm: kworker/u32:7 Not tainted 6.14.0-rc5-syzkaller-00105-gf315296c92fd #0
[  623.810637][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  623.815497][    C0] Workqueue: bat_events batadv_nc_worker
[  623.817911][    C0] Call Trace:
[  623.819159][    C0]  <IRQ>
[  623.820206][    C0]  dump_stack_lvl+0x3d/0x1f0
[  623.821956][    C0]  panic+0x71d/0x800
[  623.823430][    C0]  ? __pfx_panic+0x10/0x10
[  623.824944][    C0]  ? rcu_is_watching+0x12/0xc0
[  623.826698][    C0]  ? __pfx_lock_release+0x10/0x10
[  623.828275][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  623.830020][    C0]  check_panic_on_warn+0xab/0xb0
[  623.832617][    C0]  end_report+0x117/0x180
[  623.834857][    C0]  kasan_report+0xe9/0x110
[  623.837107][    C0]  ? __lock_acquire+0x2d90/0x3c40
[  623.839530][    C0]  ? __lock_acquire+0x2d90/0x3c40
[  623.842059][    C0]  __lock_acquire+0x2d90/0x3c40
[  623.846603][    C0]  ? __pfx_lock_release+0x10/0x10
[  623.854089][    C0]  ? rcu_is_watching+0x12/0xc0
[  623.856708][    C0]  ? ttwu_queue_wakelist+0x26d/0x400
[  623.863163][    C0]  ? __smp_call_single_queue+0x174/0x1e0
[  623.865318][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  623.873874][    C0]  ? do_raw_spin_unlock+0x172/0x230
[  623.875830][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  623.878972][    C0]  lock_acquire.part.0+0x11b/0x380
[  623.884136][    C0]  ? p9_req_put+0xaf/0x250
[  623.885660][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  623.887644][    C0]  ? rcu_is_watching+0x12/0xc0
[  623.889535][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  623.891691][    C0]  ? p9_req_put+0xaf/0x250
[  623.903474][    C0]  ? lock_acquire+0x2f/0xb0
[  623.905102][    C0]  ? p9_req_put+0xaf/0x250
[  623.906659][    C0]  _raw_spin_lock_irqsave+0x3a/0x60
[  623.908444][    C0]  ? p9_req_put+0xaf/0x250
[  623.910067][    C0]  p9_req_put+0xaf/0x250
[  623.911730][    C0]  req_done+0x1e7/0x2f0
[  623.923503][    C0]  ? __pfx_req_done+0x10/0x10
[  623.925383][    C0]  ? __pfx_req_done+0x10/0x10
[  623.933932][    C0]  vring_interrupt+0x31b/0x400
[  623.936014][    C0]  ? __pfx_vring_interrupt+0x10/0x10
[  623.938560][    C0]  __handle_irq_event_percpu+0x229/0x7d0
[  623.941207][    C0]  handle_irq_event+0xab/0x1e0
[  623.943476][    C0]  handle_edge_irq+0x263/0xd10
[  623.946069][    C0]  __common_interrupt+0xdf/0x250
[  623.948941][    C0]  common_interrupt+0x61/0xe0
[  623.951480][    C0]  asm_common_interrupt+0x26/0x40
[  623.954207][    C0] RIP: 0010:handle_softirqs+0x1da/0x8f0
[  623.957467][    C0] Code: 89 44 24 18 48 89 6c 24 10 48 c7 c7 40 82 6b 8b e8 eb 3d d9 09 65 66 c7 05 79 bb 87 7e 00 00 e8 0c 8a 45 00 fb bb ff ff ff ff <49> c7 c6 c0 b0 e0 8d 41 0f bc dc 83 c3 01 0f 85 a4 00 00 00 e9 b1
[  623.967215][    C0] RSP: 0018:ffffc90000007f28 EFLAGS: 00000202
[  623.970444][    C0] RAX: 0000000000c999dc RBX: 00000000ffffffff RCX: 1ffffffff2de4120
[  623.974224][    C0] RDX: 0000000000000000 RSI: ffffffff8b6cfb00 RDI: ffffffff8bd357a0
[  623.978821][    C0] RBP: ffff8880254e2440 R08: 0000000000000001 R09: fffffbfff2dd7fb6
[  623.984182][    C0] R10: ffffffff96ebfdb7 R11: 0000000000000003 R12: 0000000000000382
[  623.988344][    C0] R13: 000000000000000a R14: 0000000000000001 R15: 0000000000000000
[  623.992563][    C0]  ? handle_softirqs+0x1d4/0x8f0
[  623.995553][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  623.998498][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  624.001063][    C0]  __irq_exit_rcu+0x109/0x170
[  624.003332][    C0]  irq_exit_rcu+0x9/0x30
[  624.005669][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  624.009077][    C0]  </IRQ>
[  624.010855][    C0]  <TASK>
[  624.012532][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  624.015869][    C0] RIP: 0010:preempt_schedule_irq+0x4c/0x90
[  624.019285][    C0] Code: df 55 65 48 8b 2d a4 66 ad 74 53 48 89 eb 48 c1 eb 03 48 01 c3 bf 01 00 00 00 e8 1f e8 31 f6 e8 4a 35 6b f6 fb bf 01 00 00 00 <e8> 4f 9f ff ff 9c 58 fa f6 c4 02 75 1e bf 01 00 00 00 e8 ed 92 31
[  624.029210][    C0] RSP: 0018:ffffc9000662f928 EFLAGS: 00000202
[  624.032086][    C0] RAX: 0000000000c999d9 RBX: ffffed1004a9c488 RCX: 1ffffffff2de4120
[  624.036220][    C0] RDX: 0000000000000000 RSI: ffffffff8b6cfb00 RDI: 0000000000000001
[  624.040478][    C0] RBP: ffff8880254e2440 R08: 0000000000000001 R09: fffffbfff2dd7fb6
[  624.044609][    C0] R10: ffffffff96ebfdb7 R11: 0000000000000000 R12: 0000000000000000
[  624.049252][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  624.053886][    C0]  ? preempt_schedule_irq+0x46/0x90
[  624.056472][    C0]  irqentry_exit+0x36/0x90
[  624.058715][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  624.061701][    C0] RIP: 0010:lock_release+0x129/0x6f0
[  624.064330][    C0] Code: 0f 85 d6 02 00 00 65 4c 8b 35 63 27 6d 7e 49 8d be ec 0a 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 50 05 00 00 41
[  624.074985][    C0] RSP: 0018:ffffc9000662f9f0 EFLAGS: 00000a03
[  624.078263][    C0] RAX: dffffc0000000000 RBX: 1ffff92000cc5f40 RCX: ffffffff8196b2b9
[  624.082367][    C0] RDX: 0000000000000000 RSI: ffffffff8bd35720 RDI: ffff8880254e2f2c
[  624.087065][    C0] RBP: ffffffff9062b514 R08: 0000000000000000 R09: fffffbfff20c5042
[  624.091159][    C0] R10: ffffffff90628217 R11: 0000000000000002 R12: ffffffff8e1bd0c0
[  624.094934][    C0] R13: ffff88804bf7d8a8 R14: ffff8880254e2440 R15: ffffffff8b23c090
[  624.098934][    C0]  ? __pfx_batadv_nc_fwd_flush+0x10/0x10
[  624.101793][    C0]  ? lock_release+0xa9/0x6f0
[  624.104216][    C0]  ? batadv_nc_process_nc_paths.part.0+0x215/0x3e0
[  624.116410][    C0]  ? __pfx_lock_release+0x10/0x10
[  624.119064][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  624.121733][    C0]  ? mark_held_locks+0x9f/0xe0
[  624.124407][    C0]  ? batadv_nc_process_nc_paths.part.0+0xde/0x3e0
[  624.136482][    C0]  ? lock_acquire+0x2f/0xb0
[  624.139086][    C0]  ? batadv_nc_process_nc_paths.part.0+0xde/0x3e0
[  624.143257][    C0]  ? __pfx_batadv_nc_fwd_flush+0x10/0x10
[  624.146401][    C0]  batadv_nc_process_nc_paths.part.0+0x21a/0x3e0
[  624.158801][    C0]  batadv_nc_worker+0xcc8/0x1060
[  624.161408][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[  624.164753][    C0]  ? rcu_is_watching+0x12/0xc0
[  624.167887][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  624.177935][    C0]  ? process_one_work+0x921/0x1ba0
[  624.180850][    C0]  ? lock_acquire+0x2f/0xb0
[  624.183552][    C0]  ? process_one_work+0x921/0x1ba0
[  624.198860][    C0]  process_one_work+0x9c5/0x1ba0
[  624.200823][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[  624.218693][    C0]  ? __pfx_process_one_work+0x10/0x10
[  624.220914][    C0]  ? assign_work+0x1a0/0x250
[  624.222559][    C0]  worker_thread+0x6c8/0xf00
[  624.224352][    C0]  ? __pfx_worker_thread+0x10/0x10
[  624.226324][    C0]  kthread+0x3af/0x750
[  624.227606][    C0]  ? __pfx_kthread+0x10/0x10
[  624.229132][    C0]  ? lock_acquire+0x2f/0xb0
[  624.230661][    C0]  ? __pfx_kthread+0x10/0x10
[  624.232243][    C0]  ret_from_fork+0x45/0x80
[  624.233743][    C0]  ? __pfx_kthread+0x10/0x10
[  624.251322][    C0]  ret_from_fork_asm+0x1a/0x30
[  624.253066][    C0]  </TASK>
[  624.254923][    C0] Kernel Offset: disabled
[  624.257121][    C0] Rebooting in 86400 seconds..

VM DIAGNOSIS:
05:58:03  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff853e7eb5 RDI=ffffffff9ab6fe60 RBP=ffffffff9ab6fe20 RSP=ffffc90000007410
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6162353038386552
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ab6fe20 R15=0000000000000000
RIP=ffffffff853e7edf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000081000000 CR3=000000006974c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000018800000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
EAX=f6af56d8 EBX=ffffffff ECX=ffffffff EDX=8227b8c0
ESI=8227c306 EDI=ffffffff EBP=f6a7ab90 ESP=fff2c140
EIP=f70b79d5 EFL=00000293 [--S-A-C] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA]
SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 00000000 ffffffff 00c00000
GS =0063 57e16440 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 00000000 ffffffff 00c00000
TR =0040 0004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f4fe4da4 CR3=0000000058fe2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=ffffffffffdfc000 RBX=0000000000000000 RCX=0000000000000016 RDX=0000000000000000
RSI=0000000000000004 RDI=ffffffff9381c554 RBP=ffff8880212bb440 RSP=ffffc90000548f38
R8 =0000000000000001 R9 =fffff520000a91d5 R10=0000000000000003 R11=0000000000000001
R12=0000000000204000 R13=0000000000000016 R14=ffff8880212bb480 R15=dffffc0000000000
RIP=ffffffff8167696e RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f509696e CR3=000000006b340000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73acff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000003 RBX=1ffff920000bf1b5 RCX=0000000000000002 RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff9a8be1c8 RBP=0000000000000000 RSP=ffffc900005f8d70
R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90628217 R11=0000000000000001
R12=0000000000000000 R13=ffffffff9a8be1c8 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff819670f0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000007615c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000