last executing test programs:

2.026174395s ago: executing program 3 (id=5):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000040), 0x0, 0x38000)
accept4$x25(r1, &(0x7f0000000080)={0x9, @remote}, &(0x7f00000000c0)=0x12, 0x100800)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
listen(r2, 0x0)
connect$unix(r0, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0xfecc)
sendfile(r0, r6, &(0x7f0000000280), 0x10001)
syz_read_part_table(0x1082, &(0x7f0000000000)="$eJzs0L1NxEAUBOAx4B8kIgIkWqCJ64AmSOmAhOuDgIAiqIcA0QEZD92usHBAQIBIvi/xzK79bG/4V9d3m1qpmrIkWXKa5CbZH3KqqlroxozJxdMhPp613SEPz0dDdu2+dVzVS08f6/rw/W29Dm1ijr/WzzO/V6a8vfaNzGNykl3WCWNyNfe2tG+rqv74/Q8/Om3a/rJdbn99XgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz4DAAD//5ucJ7k=")
r7 = syz_open_dev$video(&(0x7f0000000100), 0xfff, 0x0)
ioctl$VIDIOC_S_PARM(r7, 0xc0cc5616, 0x0)

2.015731005s ago: executing program 0 (id=1):
syz_open_dev$dri(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x0, 0x84)
open(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, 0x0)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000002000))
fcntl$lock(0xffffffffffffffff, 0x26, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000180)={0x0, 0x0, 0xd18f})
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'macvlan1\x00'})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d)
ioctl$int_in(r1, 0x5421, &(0x7f0000000000)=0xdb42)
sendfile(r1, r2, 0x0, 0x8000002b)

993.086559ms ago: executing program 3 (id=6):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
r1 = syz_io_uring_setup(0x4a9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x0, 0x0)
setsockopt$sock_int(r4, 0x1, 0x2e, &(0x7f0000000000)=0x400000d2, 0x4)
shutdown(r4, 0x0)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000240), 0x4)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_RCVMTU(r5, 0x112, 0xd, &(0x7f00000000c0), 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'hsr0\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f00000014c0)="3f030e000300120006001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc9", 0x26, 0x0, &(0x7f0000000540)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @multicast}, 0x14)

784.859401ms ago: executing program 0 (id=7):
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
quotactl_fd$Q_QUOTAOFF(0xffffffffffffffff, 0xffffffff80000302, 0x0, 0x0)
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0x530)
unshare(0x8040480)
r1 = syz_open_dev$video(&(0x7f0000000040), 0xffffffff, 0x10500)
socket$nl_route(0x10, 0x3, 0x0)
readv(r1, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/93, 0x5d}, {&(0x7f0000000180)=""/4096, 0x1000}, {&(0x7f0000001180)=""/38, 0x26}, {&(0x7f00000011c0)=""/200, 0xc8}], 0x4)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x2b464cc, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x6}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 3 (id=8):
dup(0xffffffffffffffff)
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x800, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYRESDEC=0x0, @ANYRES64=0x0, @ANYRESDEC=0x0, @ANYRES16], 0x1, 0x1cd, &(0x7f0000000780)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUbEQQ3ZiTk5qUfFChopbySAXMLBct7+m0izB6fBHnsMhSdNBh+mIj0fWjMYSzklSjAxsbJkKZ898kF/HpnGE4dEK5o11nnmNdYWpU/Ma8pKqsqqy5k2cuHFmY2dj48qJdVFpfqsYW1JcNjV1MjI5bFET2MxsqD7JRnvCu/ZVD5McWHs8/JpPGSu9TmW+ZLywSOrUiqqZE74ozWY0/M5wh6dshYSGhpPEFQmLBhPGD///N7iCnJjSwJCmEMaYpMYm1rblzJwQZn42twUKLcknmEKPciydKWFxQKjq5E9LzbcOiW4ztj11YDvDc/g4z5qCPkGj4xIMTgsF/8uAjEloaCjTWMu01HbBlyKNvxJeq42dMhjc7ZmWwQKUpQFEroTyZMF6EpJXeOhoahqlJCc0bJJISHIrMHzJsHUP52qBBgakaFNhYGDYzgiLWwi4BmOMglEwCkbBKBgFo2AUjIJRMApGwSgYEQAQAAD//65Jl5M=")
dup(0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8917, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x0, @local}})
getsockopt$inet6_int(r0, 0x3a, 0x0, 0x0, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TCSETAF(r2, 0x5405, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "8dbfe49e5f0b86c6"})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5}, &(0x7f0000000b00), 0x0}, 0x20)
getsockopt$inet6_mreq(r4, 0x29, 0x15, &(0x7f0000000180)={@initdev}, &(0x7f00000001c0)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="184600"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
sendmsg$netlink(r3, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000640)={0x18, 0x18, 0x9, 0x0, 0x0, "", [@nested={0x4}, @nested={0x4, 0x12}]}, 0x18}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.207' (ED25519) to the list of known hosts.
[   56.577938][ T5211] cgroup: Unknown subsys name 'net'
[   56.690119][ T5211] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.238064][ T5211] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   60.626668][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   60.635746][ T5235] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   60.644985][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   60.652352][ T5235] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   60.660685][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   60.663094][ T5240] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   60.668346][ T5235] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   60.679067][ T5243] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   60.683657][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   60.689649][ T5240] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   60.696638][ T5235] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   60.710607][ T5243] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   60.710947][ T5246] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   60.723257][ T5243] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   60.726945][ T5246] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   60.738776][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   60.743688][ T5243] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   60.762805][ T5246] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   60.771270][ T5243] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   60.779405][ T5240] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   60.789335][ T5246] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   60.791138][ T5240] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   60.797965][ T5246] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   60.804409][ T5240] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   60.811033][ T5246] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   60.818452][ T5240] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   60.825663][ T5246] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   60.831897][ T5240] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   60.857011][ T4620] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   60.869816][ T4620] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   61.243504][ T5227] chnl_net:caif_netlink_parms(): no params data found
[   61.303233][ T5229] chnl_net:caif_netlink_parms(): no params data found
[   61.339854][ T5237] chnl_net:caif_netlink_parms(): no params data found
[   61.477568][ T5225] chnl_net:caif_netlink_parms(): no params data found
[   61.487121][ T5227] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.495537][ T5227] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.503454][ T5227] bridge_slave_0: entered allmulticast mode
[   61.510305][ T5227] bridge_slave_0: entered promiscuous mode
[   61.519597][ T5227] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.526786][ T5227] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.534075][ T5227] bridge_slave_1: entered allmulticast mode
[   61.541018][ T5227] bridge_slave_1: entered promiscuous mode
[   61.587882][ T5224] chnl_net:caif_netlink_parms(): no params data found
[   61.648970][ T5227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.658321][ T5229] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.666924][ T5229] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.677333][ T5229] bridge_slave_0: entered allmulticast mode
[   61.685343][ T5229] bridge_slave_0: entered promiscuous mode
[   61.721226][ T5227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.747246][ T5229] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.754521][ T5229] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.761680][ T5229] bridge_slave_1: entered allmulticast mode
[   61.769302][ T5229] bridge_slave_1: entered promiscuous mode
[   61.776239][ T5237] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.783689][ T5237] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.790865][ T5237] bridge_slave_0: entered allmulticast mode
[   61.798848][ T5237] bridge_slave_0: entered promiscuous mode
[   61.825984][ T5227] team0: Port device team_slave_0 added
[   61.845978][ T5237] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.853260][ T5237] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.860403][ T5237] bridge_slave_1: entered allmulticast mode
[   61.867686][ T5237] bridge_slave_1: entered promiscuous mode
[   61.884151][ T5225] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.891254][ T5225] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.901563][ T5225] bridge_slave_0: entered allmulticast mode
[   61.909401][ T5225] bridge_slave_0: entered promiscuous mode
[   61.920545][ T5227] team0: Port device team_slave_1 added
[   61.949459][ T5225] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.956740][ T5225] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.964262][ T5225] bridge_slave_1: entered allmulticast mode
[   61.970973][ T5225] bridge_slave_1: entered promiscuous mode
[   62.022048][ T5229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.036070][ T5237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.047387][ T5237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.066019][ T5225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.076331][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.083645][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.109725][ T5227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.121834][ T5224] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.129144][ T5224] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.136955][ T5224] bridge_slave_0: entered allmulticast mode
[   62.144166][ T5224] bridge_slave_0: entered promiscuous mode
[   62.152743][ T5224] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.159858][ T5224] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.167142][ T5224] bridge_slave_1: entered allmulticast mode
[   62.174464][ T5224] bridge_slave_1: entered promiscuous mode
[   62.185283][ T5229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.207200][ T5225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.227773][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.237183][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.263902][ T5227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.314132][ T5237] team0: Port device team_slave_0 added
[   62.345043][ T5229] team0: Port device team_slave_0 added
[   62.352451][ T5237] team0: Port device team_slave_1 added
[   62.364416][ T5225] team0: Port device team_slave_0 added
[   62.373750][ T5225] team0: Port device team_slave_1 added
[   62.381317][ T5224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.400148][ T5229] team0: Port device team_slave_1 added
[   62.434530][ T5224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.460414][ T5237] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.467944][ T5237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.494389][ T5237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.506729][ T5237] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.513834][ T5237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.539923][ T5237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.591707][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.598935][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.625681][ T5225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.638311][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.645596][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.671756][ T5225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.691947][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.699300][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.726172][ T5229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.741113][ T5227] hsr_slave_0: entered promiscuous mode
[   62.748614][ T5227] hsr_slave_1: entered promiscuous mode
[   62.762043][ T5224] team0: Port device team_slave_0 added
[   62.768638][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.776013][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.802153][ T5229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.810164][ T4620] Bluetooth: hci3: command tx timeout
[   62.841548][ T5229] hsr_slave_0: entered promiscuous mode
[   62.848763][ T5229] hsr_slave_1: entered promiscuous mode
[   62.855669][ T5229] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   62.863607][ T5244] Bluetooth: hci2: command tx timeout
[   62.864192][ T5229] Cannot create hsr debugfs directory
[   62.869317][ T4620] Bluetooth: hci0: command tx timeout
[   62.889408][ T5224] team0: Port device team_slave_1 added
[   62.916278][ T5237] hsr_slave_0: entered promiscuous mode
[   62.922812][ T5237] hsr_slave_1: entered promiscuous mode
[   62.928880][ T5237] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   62.936973][ T5237] Cannot create hsr debugfs directory
[   62.942653][ T5244] Bluetooth: hci1: command tx timeout
[   62.948374][ T4620] Bluetooth: hci4: command tx timeout
[   62.997314][ T5225] hsr_slave_0: entered promiscuous mode
[   63.004205][ T5225] hsr_slave_1: entered promiscuous mode
[   63.010219][ T5225] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   63.018101][ T5225] Cannot create hsr debugfs directory
[   63.065717][ T5224] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.073710][ T5224] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.100824][ T5224] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.141237][ T5224] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.148400][ T5224] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.174601][ T5224] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.318447][ T5224] hsr_slave_0: entered promiscuous mode
[   63.324786][ T5224] hsr_slave_1: entered promiscuous mode
[   63.331072][ T5224] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   63.338882][ T5224] Cannot create hsr debugfs directory
[   63.549103][ T5229] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   63.559754][ T5229] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   63.581670][ T5229] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   63.604852][ T5229] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   63.653835][ T5227] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   63.663350][ T5227] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   63.693743][ T5227] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   63.711906][ T5227] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   63.776405][ T5225] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   63.809942][ T5225] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   63.837052][ T5225] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   63.878818][ T5225] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   63.888879][ T5237] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   63.904123][ T5229] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.914489][ T5237] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   63.933254][ T5237] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   63.943815][ T5237] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   64.004466][ T5229] 8021q: adding VLAN 0 to HW filter on device team0
[   64.025668][ T5227] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.049502][  T201] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.056930][  T201] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.095901][  T201] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.103066][  T201] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.115829][ T5224] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   64.144294][ T5224] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   64.157864][ T5224] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   64.170857][ T5224] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   64.214599][ T5227] 8021q: adding VLAN 0 to HW filter on device team0
[   64.266332][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.273578][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.302377][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.309717][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.388743][ T5225] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.465732][ T5237] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.509109][ T5237] 8021q: adding VLAN 0 to HW filter on device team0
[   64.539473][ T5224] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.564556][ T5225] 8021q: adding VLAN 0 to HW filter on device team0
[   64.589086][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.596286][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.606704][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.613899][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.644877][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.652106][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.692169][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.699443][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.737396][ T5224] 8021q: adding VLAN 0 to HW filter on device team0
[   64.782364][ T5227] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.808258][ T4296] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.815427][ T4296] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.840622][ T5229] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.873006][ T4620] Bluetooth: hci3: command tx timeout
[   64.895642][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.902835][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.944656][ T4620] Bluetooth: hci0: command tx timeout
[   64.950219][ T4620] Bluetooth: hci2: command tx timeout
[   65.024030][ T5244] Bluetooth: hci1: command tx timeout
[   65.029571][ T4620] Bluetooth: hci4: command tx timeout
[   65.066919][ T5229] veth0_vlan: entered promiscuous mode
[   65.104984][ T5227] veth0_vlan: entered promiscuous mode
[   65.121836][ T5227] veth1_vlan: entered promiscuous mode
[   65.159859][ T5224] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.180882][ T5229] veth1_vlan: entered promiscuous mode
[   65.231811][ T5227] veth0_macvtap: entered promiscuous mode
[   65.289959][ T5229] veth0_macvtap: entered promiscuous mode
[   65.302106][ T5227] veth1_macvtap: entered promiscuous mode
[   65.319674][ T5237] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.331089][ T5225] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.344320][ T5229] veth1_macvtap: entered promiscuous mode
[   65.381262][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.400597][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.434202][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.451491][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.466699][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.497611][ T5227] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.507606][ T5227] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.518441][ T5227] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.529549][ T5227] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.551087][ T5237] veth0_vlan: entered promiscuous mode
[   65.563887][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.577279][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.588740][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.630021][ T5229] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.640588][ T5229] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.649633][ T5229] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.659262][ T5229] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.688153][ T5237] veth1_vlan: entered promiscuous mode
[   65.719981][ T5225] veth0_vlan: entered promiscuous mode
[   65.754458][ T5224] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.794151][ T5225] veth1_vlan: entered promiscuous mode
[   65.898415][  T201] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.920173][  T201] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.956247][ T5225] veth0_macvtap: entered promiscuous mode
[   65.970102][ T5225] veth1_macvtap: entered promiscuous mode
[   65.997622][ T5237] veth0_macvtap: entered promiscuous mode
[   66.018318][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.033658][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.056644][ T5237] veth1_macvtap: entered promiscuous mode
[   66.099195][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.101679][  T201] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.114310][ T5225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.126172][  T201] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.133676][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.143648][ T5225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.154717][ T5225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.166823][ T5225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.178892][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.200509][ T5225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.220029][ T5225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.231641][ T5225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.242437][ T5225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.254380][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.306597][ T5225] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.319576][ T5225] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.329964][ T5225] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.339236][ T5225] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.392106][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.443594][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.473612][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.492360][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.510973][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.530620][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.578829][ T5237] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.906221][ T5317] loop3: detected capacity change from 0 to 8192
[   66.954440][ T4620] Bluetooth: hci3: command tx timeout
[   67.022678][ T4620] Bluetooth: hci2: command tx timeout
[   67.031209][ T4620] Bluetooth: hci0: command tx timeout
[   67.103054][ T4620] Bluetooth: hci1: command tx timeout
[   67.108636][ T5244] Bluetooth: hci4: command tx timeout
[   67.413291][ T5224] veth0_vlan: entered promiscuous mode
[   67.464400][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.511137][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.539157][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.560961][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.580997][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.607416][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.621891][ T5237] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.648521][ T5224] veth1_vlan: entered promiscuous mode
[   67.684520][ T5237] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.712671][ T5237] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.738993][ T5237] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.751435][ T5237] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.211009][ T5326] Zero length message leads to an empty skb
[   68.255251][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   68.381526][ T5224] veth0_macvtap: entered promiscuous mode
[   68.461067][ T5277] ==================================================================
[   68.469161][ T5277] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0xaa/0x140
[   68.478282][ T5277] Read of size 8 at addr ffff8880214b9ec8 by task kworker/0:4/5277
[   68.486156][ T5277] 
[   68.488483][ T5277] CPU: 0 UID: 0 PID: 5277 Comm: kworker/0:4 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0
[   68.498710][ T5277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   68.508772][ T5277] Workqueue:  0x0 (events)
[   68.513209][ T5277] Call Trace:
[   68.516566][ T5277]  <TASK>
[   68.519487][ T5277]  dump_stack_lvl+0x241/0x360
[   68.524252][ T5277]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.529443][ T5277]  ? __pfx__printk+0x10/0x10
[   68.534042][ T5277]  ? _printk+0xd5/0x120
[   68.538193][ T5277]  ? __virt_addr_valid+0x183/0x530
[   68.543309][ T5277]  ? __virt_addr_valid+0x183/0x530
[   68.548417][ T5277]  print_report+0x169/0x550
[   68.552914][ T5277]  ? __virt_addr_valid+0x183/0x530
[   68.558019][ T5277]  ? __virt_addr_valid+0x183/0x530
[   68.563123][ T5277]  ? __virt_addr_valid+0x45f/0x530
[   68.568223][ T5277]  ? __phys_addr+0xba/0x170
[   68.572716][ T5277]  ? __list_del_entry_valid_or_report+0xaa/0x140
[   68.579040][ T5277]  kasan_report+0x143/0x180
[   68.583538][ T5277]  ? __list_del_entry_valid_or_report+0xaa/0x140
[   68.589952][ T5277]  __list_del_entry_valid_or_report+0xaa/0x140
[   68.596110][ T5277]  set_next_task_fair+0x65/0x540
[   68.601132][ T5277]  ? pick_task_fair+0xb5/0x280
[   68.605908][ T5277]  __schedule+0x4253/0x4b30
[   68.610411][ T5277]  ? __pfx___schedule+0x10/0x10
[   68.615252][ T5277]  ? schedule+0x90/0x320
[   68.619485][ T5277]  ? __pfx_lock_release+0x10/0x10
[   68.624507][ T5277]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.630483][ T5277]  ? schedule+0x90/0x320
[   68.634718][ T5277]  ? wq_worker_sleeping+0x66/0x240
[   68.639827][ T5277]  ? schedule+0x90/0x320
[   68.644067][ T5277]  schedule+0x14b/0x320
[   68.648213][ T5277]  worker_thread+0xa2c/0xd10
[   68.652801][ T5277]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   68.658698][ T5277]  ? __kthread_parkme+0x169/0x1d0
[   68.663735][ T5277]  ? __pfx_worker_thread+0x10/0x10
[   68.668839][ T5277]  kthread+0x2f0/0x390
[   68.672898][ T5277]  ? __pfx_worker_thread+0x10/0x10
[   68.678004][ T5277]  ? __pfx_kthread+0x10/0x10
[   68.682601][ T5277]  ret_from_fork+0x4b/0x80
[   68.687014][ T5277]  ? __pfx_kthread+0x10/0x10
[   68.691592][ T5277]  ret_from_fork_asm+0x1a/0x30
[   68.696356][ T5277]  </TASK>
[   68.699363][ T5277] 
[   68.701674][ T5277] Allocated by task 5324:
[   68.705990][ T5277]  kasan_save_track+0x3f/0x80
[   68.710669][ T5277]  __kasan_slab_alloc+0x66/0x80
[   68.715512][ T5277]  kmem_cache_alloc_node_noprof+0x16b/0x320
[   68.721396][ T5277]  dup_task_struct+0x57/0x8c0
[   68.726080][ T5277]  copy_process+0x5d1/0x3d50
[   68.730665][ T5277]  kernel_clone+0x226/0x8f0
[   68.735162][ T5277]  __se_sys_clone3+0x2cb/0x350
[   68.739969][ T5277]  do_syscall_64+0xf3/0x230
[   68.744551][ T5277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.750438][ T5277] 
[   68.752761][ T5277] Freed by task 5237:
[   68.756739][ T5277]  kasan_save_track+0x3f/0x80
[   68.761405][ T5277]  kasan_save_free_info+0x40/0x50
[   68.766432][ T5277]  __kasan_slab_free+0x59/0x70
[   68.771183][ T5277]  kmem_cache_free+0x195/0x3d0
[   68.775940][ T5277]  delayed_put_task_struct+0x125/0x300
[   68.781386][ T5277]  rcu_core+0xaaa/0x17a0
[   68.785618][ T5277]  handle_softirqs+0x2c5/0x980
[   68.790371][ T5277]  do_softirq+0x11b/0x1e0
[   68.794688][ T5277]  __local_bh_enable_ip+0x1bb/0x200
[   68.799873][ T5277]  __fib6_clean_all+0x327/0x4b0
[   68.804730][ T5277]  rt6_sync_up+0x186/0x200
[   68.809137][ T5277]  addrconf_notify+0xb47/0x1020
[   68.813982][ T5277]  notifier_call_chain+0x19f/0x3e0
[   68.819097][ T5277]  __dev_notify_flags+0x207/0x400
[   68.824112][ T5277]  dev_change_flags+0xf0/0x1a0
[   68.828867][ T5277]  do_setlink+0xcd0/0x41f0
[   68.833277][ T5277]  rtnl_newlink+0x180d/0x20a0
[   68.839592][ T5277]  rtnetlink_rcv_msg+0x73f/0xcf0
[   68.845603][ T5277]  netlink_rcv_skb+0x1e3/0x430
[   68.850372][ T5277]  netlink_unicast+0x7f6/0x990
[   68.855145][ T5277]  netlink_sendmsg+0x8e4/0xcb0
[   68.859904][ T5277]  __sock_sendmsg+0x221/0x270
[   68.864577][ T5277]  __sys_sendto+0x3a8/0x500
[   68.869082][ T5277]  __x64_sys_sendto+0xde/0x100
[   68.873846][ T5277]  do_syscall_64+0xf3/0x230
[   68.878367][ T5277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.884278][ T5277] 
[   68.886591][ T5277] Last potentially related work creation:
[   68.892385][ T5277]  kasan_save_stack+0x3f/0x60
[   68.897051][ T5277]  __kasan_record_aux_stack+0xac/0xc0
[   68.902430][ T5277]  call_rcu+0x167/0xa70
[   68.906573][ T5277]  __schedule+0x1852/0x4b30
[   68.911067][ T5277]  schedule+0x14b/0x320
[   68.915229][ T5277]  worker_thread+0xa2c/0xd10
[   68.919815][ T5277]  kthread+0x2f0/0x390
[   68.923872][ T5277]  ret_from_fork+0x4b/0x80
[   68.928282][ T5277]  ret_from_fork_asm+0x1a/0x30
[   68.933057][ T5277] 
[   68.935371][ T5277] Second to last potentially related work creation:
[   68.941952][ T5277]  kasan_save_stack+0x3f/0x60
[   68.946621][ T5277]  __kasan_record_aux_stack+0xac/0xc0
[   68.951988][ T5277]  task_work_add+0xb8/0x450
[   68.956483][ T5277]  sched_tick+0x322/0x610
[   68.960801][ T5277]  update_process_times+0x202/0x230
[   68.965994][ T5277]  tick_nohz_handler+0x37c/0x500
[   68.970937][ T5277]  __hrtimer_run_queues+0x551/0xd50
[   68.976131][ T5277]  hrtimer_interrupt+0x396/0x990
[   68.981074][ T5277]  __sysvec_apic_timer_interrupt+0x110/0x3f0
[   68.987040][ T5277]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   68.992662][ T5277]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   68.998638][ T5277] 
[   69.000947][ T5277] The buggy address belongs to the object at ffff8880214b9e00
[   69.000947][ T5277]  which belongs to the cache task_struct of size 7424
[   69.015072][ T5277] The buggy address is located 200 bytes inside of
[   69.015072][ T5277]  freed 7424-byte region [ffff8880214b9e00, ffff8880214bbb00)
[   69.028958][ T5277] 
[   69.031271][ T5277] The buggy address belongs to the physical page:
[   69.037676][ T5277] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x214b8
[   69.046426][ T5277] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   69.054909][ T5277] memcg:ffff88801ff9f141
[   69.059135][ T5277] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   69.067102][ T5277] page_type: 0xfdffffff(slab)
[   69.071771][ T5277] raw: 00fff00000000040 ffff8880166fb500 0000000000000000 dead000000000001
[   69.080342][ T5277] raw: 0000000000000000 0000000000040004 00000001fdffffff ffff88801ff9f141
[   69.088927][ T5277] head: 00fff00000000040 ffff8880166fb500 0000000000000000 dead000000000001
[   69.097584][ T5277] head: 0000000000000000 0000000000040004 00000001fdffffff ffff88801ff9f141
[   69.106245][ T5277] head: 00fff00000000003 ffffea0000852e01 ffffffffffffffff 0000000000000000
[   69.114900][ T5277] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   69.123642][ T5277] page dumped because: kasan: bad access detected
[   69.130232][ T5277] page_owner tracks the page as allocated
[   69.135944][ T5277] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 8882068515, free_ts 0
[   69.155479][ T5277]  post_alloc_hook+0x1f3/0x230
[   69.160245][ T5277]  get_page_from_freelist+0x3004/0x30c0
[   69.165781][ T5277]  __alloc_pages_noprof+0x29e/0x780
[   69.170979][ T5277]  alloc_slab_page+0x5f/0x120
[   69.175646][ T5277]  allocate_slab+0x5a/0x2f0
[   69.180138][ T5277]  ___slab_alloc+0xcd1/0x14b0
[   69.184808][ T5277]  __slab_alloc+0x58/0xa0
[   69.189132][ T5277]  kmem_cache_alloc_node_noprof+0x1fe/0x320
[   69.195019][ T5277]  dup_task_struct+0x57/0x8c0
[   69.199690][ T5277]  copy_process+0x5d1/0x3d50
[   69.204273][ T5277]  kernel_clone+0x226/0x8f0
[   69.208769][ T5277]  kernel_thread+0x1bc/0x240
[   69.213352][ T5277]  kthreadd+0x60d/0x810
[   69.217502][ T5277]  ret_from_fork+0x4b/0x80
[   69.221929][ T5277]  ret_from_fork_asm+0x1a/0x30
[   69.226688][ T5277] page_owner free stack trace missing
[   69.232037][ T5277] 
[   69.234346][ T5277] Memory state around the buggy address:
[   69.239959][ T5277]  ffff8880214b9d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   69.248004][ T5277]  ffff8880214b9e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.256054][ T5277] >ffff8880214b9e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.264104][ T5277]                                               ^
[   69.270499][ T5277]  ffff8880214b9f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.278545][ T5277]  ffff8880214b9f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.286607][ T5277] ==================================================================
[   69.294665][ T5277] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.301842][ T5277] CPU: 0 UID: 0 PID: 5277 Comm: kworker/0:4 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0
[   69.312066][ T5277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   69.322125][ T5277] Workqueue:  0x0 (events)
[   69.326644][ T5277] Call Trace:
[   69.329920][ T5277]  <TASK>
[   69.332848][ T5277]  dump_stack_lvl+0x241/0x360
[   69.337548][ T5277]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.342747][ T5277]  ? __pfx__printk+0x10/0x10
[   69.347332][ T5277]  ? rcu_is_watching+0x15/0xb0
[   69.352100][ T5277]  ? lock_release+0xbf/0xa30
[   69.356699][ T5277]  ? vscnprintf+0x5d/0x90
[   69.361115][ T5277]  panic+0x349/0x870
[   69.365024][ T5277]  ? check_panic_on_warn+0x21/0xb0
[   69.370145][ T5277]  ? __pfx_panic+0x10/0x10
[   69.374555][ T5277]  ? do_raw_spin_unlock+0x13c/0x8b0
[   69.379750][ T5277]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.385636][ T5277]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.391956][ T5277]  ? print_report+0x502/0x550
[   69.396645][ T5277]  check_panic_on_warn+0x86/0xb0
[   69.401597][ T5277]  ? __list_del_entry_valid_or_report+0xaa/0x140
[   69.408013][ T5277]  end_report+0x77/0x160
[   69.412254][ T5277]  kasan_report+0x154/0x180
[   69.416751][ T5277]  ? __list_del_entry_valid_or_report+0xaa/0x140
[   69.423077][ T5277]  __list_del_entry_valid_or_report+0xaa/0x140
[   69.429228][ T5277]  set_next_task_fair+0x65/0x540
[   69.434168][ T5277]  ? pick_task_fair+0xb5/0x280
[   69.438926][ T5277]  __schedule+0x4253/0x4b30
[   69.443428][ T5277]  ? __pfx___schedule+0x10/0x10
[   69.448269][ T5277]  ? schedule+0x90/0x320
[   69.452521][ T5277]  ? __pfx_lock_release+0x10/0x10
[   69.457584][ T5277]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.463672][ T5277]  ? schedule+0x90/0x320
[   69.467917][ T5277]  ? wq_worker_sleeping+0x66/0x240
[   69.473042][ T5277]  ? schedule+0x90/0x320
[   69.477292][ T5277]  schedule+0x14b/0x320
[   69.481444][ T5277]  worker_thread+0xa2c/0xd10
[   69.486035][ T5277]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.491918][ T5277]  ? __kthread_parkme+0x169/0x1d0
[   69.496940][ T5277]  ? __pfx_worker_thread+0x10/0x10
[   69.502059][ T5277]  kthread+0x2f0/0x390
[   69.506219][ T5277]  ? __pfx_worker_thread+0x10/0x10
[   69.511353][ T5277]  ? __pfx_kthread+0x10/0x10
[   69.515957][ T5277]  ret_from_fork+0x4b/0x80
[   69.520384][ T5277]  ? __pfx_kthread+0x10/0x10
[   69.524965][ T5277]  ret_from_fork_asm+0x1a/0x30
[   69.529733][ T5277]  </TASK>
[   70.676706][ T5277] Shutting down cpus with NMI
[   70.681753][ T5277] Kernel Offset: disabled
[   70.686078][ T5277] Rebooting in 86400 seconds..