last executing test programs:

1m1.462024641s ago: executing program 0 (id=2854):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) (async)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0) (async)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r4, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
syz_io_uring_setup(0x88f, 0x0, 0x0, &(0x7f00000004c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xc12, 0x0, 0x4)
r5 = socket(0x10, 0x803, 0x4)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace(0x10, r6)
ptrace(0x420e, r6) (async)
ptrace(0x420e, r6)
fcntl$lock(0xffffffffffffffff, 0x25, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r7, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000020}, 0xc, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="67577c6711da61d05c5764ff31d50e766d00c6255814a4d936ed5ca7edec5f5209e3206657ed868944b394167442537b1f22df1363795119457eca762024de4f3200d3addaf434bd3a8e221f276c507f787dd0348df3bfd04177fd821a227f670017f4381b81fd0f8b8ce0652fec21325e93d444e302d13850baaa3d6f5ed78665c7e5480794bd9d8fba7c1e0e6b22d8b9ca02ab0d66863a292039c101921bdc248fd5204d"], 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x20044044)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x11, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r8, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x11, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r8, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010)
syz_open_dev$video4linux(&(0x7f0000000180), 0x2, 0x101000)

1m1.347162715s ago: executing program 0 (id=2855):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mount$9p_rdma(0x0, &(0x7f0000000400)='.\x00', &(0x7f0000000440), 0x0, &(0x7f00000005c0)={'trans=rdma,', {'port', 0x3d, 0x4e21}})
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xc, 0x9, &(0x7f0000000540)=ANY=[@ANYRES16=0x0, @ANYRESDEC=r1, @ANYRES16=r2, @ANYBLOB="8e283df5959e9218f5daf682ee7fa0749bcee27eb0c90055cf987a03929ab00c956bf9803eac345c159f783c8e8aa60ddd04e269d491e058d1750bceea7fd1d87cc34e92efdd1e96ae519a5e3087b48ff8aeec150faece63fad49f0001b17fa48729829480db1ca425ae0debf98afff451a3b609958d7fd3bac7354d6ed0c09e3da540838ba6b5535869be45a8563bec1a06aed6f3841dfb34922f361d72c5cc338df4c3c6b7405223fb3d70", @ANYRES32=r0], &(0x7f0000000780)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
r6 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$sock(r6, &(0x7f000000bb00)=[{{&(0x7f0000009fc0)=@un=@file={0x0, './file0\x00'}, 0x80, 0x0, 0x0, &(0x7f000000a300)=[@txtime={{0x18, 0x1, 0x24, 0x1003}}], 0x18}}], 0x1, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c)
r7 = io_uring_setup(0x8000773d, 0x0)
r8 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r8, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
close_range(r7, r8, 0x0)
r9 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
ioctl$USBDEVFS_CONTROL(r9, 0xc0185500, &(0x7f00000003c0)={0x1, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

1m0.509573574s ago: executing program 0 (id=2857):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$CDROMVOLCTRL(r1, 0x31f, &(0x7f0000000000)={0x23, 0x1, 0x8, 0x7})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0xeee50000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000192c0)=@newtaction={0x60, 0x30, 0xcac229faa96ee7df, 0xffffffff, 0xfffffffd, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4000, 0x2}}}]}, {0x4}, {0xc, 0x4}, {0xc}}}]}]}, 0x60}}, 0x0)

1m0.236888814s ago: executing program 0 (id=2859):
creat(&(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x8}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)
r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xef1d, 0x3010, 0x1}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmsg(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000000)=',', 0x1}], 0x1}, 0x8940)
writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000100)="5fc9", 0x2}], 0x1)

1m0.147002175s ago: executing program 0 (id=2860):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r0, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x14) (async)
r1 = dup(r0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000001"], 0x48) (async, rerun: 64)
close(0x3) (async, rerun: 64)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000980)=ANY=[@ANYRES8=r1, @ANYRES16=r4, @ANYBLOB="01762dbd7000fcdbdf251200000008000300", @ANYRES32=r5, @ANYRES32=r1], 0x40}}, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x8, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r6}, 0x10) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, &(0x7f0000000400), &(0x7f0000000440)}, 0x20) (async)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x14, 0x4, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x414)
connect$802154_dgram(r1, &(0x7f0000000040)={0x24, @none={0x0, 0x1}}, 0x14) (async, rerun: 64)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), r1) (rerun: 64)

59.767356675s ago: executing program 0 (id=2861):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
io_setup(0x6, &(0x7f0000001380)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x1000000, 0x0, 0xffff0000, 0x5, 0x8001, r0, 0x0}])

59.767019847s ago: executing program 32 (id=2861):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
io_setup(0x6, &(0x7f0000001380)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x1000000, 0x0, 0xffff0000, 0x5, 0x8001, r0, 0x0}])

43.642790865s ago: executing program 3 (id=2542):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffff7, 0x122c42)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/udp\x00')
pread64(r1, &(0x7f000001a240)=""/102391, 0x18ff7, 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5, 0x12, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000000c0)="9a505ee382da37589ce23f01a4544999651f6c41ebf39d3cb8df8f6865ac91164184a914f3600a56afab8f7515c5fd7887e494f016ba441c77f18834d6cb62f301ac28f8d552230555aa0cce0eb8e37b49b023ee52bb20287d38d50ea4da9a408bfc7173f0011b27420f5371e76a986737a5a9cddae5a203f263a4c5e4383d1ff15f40a6709c275de14814ef2e18ab2097ae60670dde1970da669b34101db3429b7bbc395c0f1d94cd064520666b9df3711e738155c215b7131ff8e76f3b6d383b0a9f0b0ec1207470d3c5414e8c5c10cb55549398e3107d70f82d76cfb2c2968c54048dfc5ffed1f7b8a99b6f9d031a517bb6aeee6d610a41904b3c3b")

36.817069906s ago: executing program 3 (id=2542):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffff7, 0x122c42)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/udp\x00')
pread64(r1, &(0x7f000001a240)=""/102391, 0x18ff7, 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5, 0x12, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000000c0)="9a505ee382da37589ce23f01a4544999651f6c41ebf39d3cb8df8f6865ac91164184a914f3600a56afab8f7515c5fd7887e494f016ba441c77f18834d6cb62f301ac28f8d552230555aa0cce0eb8e37b49b023ee52bb20287d38d50ea4da9a408bfc7173f0011b27420f5371e76a986737a5a9cddae5a203f263a4c5e4383d1ff15f40a6709c275de14814ef2e18ab2097ae60670dde1970da669b34101db3429b7bbc395c0f1d94cd064520666b9df3711e738155c215b7131ff8e76f3b6d383b0a9f0b0ec1207470d3c5414e8c5c10cb55549398e3107d70f82d76cfb2c2968c54048dfc5ffed1f7b8a99b6f9d031a517bb6aeee6d610a41904b3c3b")

29.377913611s ago: executing program 3 (id=2542):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffff7, 0x122c42)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/udp\x00')
pread64(r1, &(0x7f000001a240)=""/102391, 0x18ff7, 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5, 0x12, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000000c0)="9a505ee382da37589ce23f01a4544999651f6c41ebf39d3cb8df8f6865ac91164184a914f3600a56afab8f7515c5fd7887e494f016ba441c77f18834d6cb62f301ac28f8d552230555aa0cce0eb8e37b49b023ee52bb20287d38d50ea4da9a408bfc7173f0011b27420f5371e76a986737a5a9cddae5a203f263a4c5e4383d1ff15f40a6709c275de14814ef2e18ab2097ae60670dde1970da669b34101db3429b7bbc395c0f1d94cd064520666b9df3711e738155c215b7131ff8e76f3b6d383b0a9f0b0ec1207470d3c5414e8c5c10cb55549398e3107d70f82d76cfb2c2968c54048dfc5ffed1f7b8a99b6f9d031a517bb6aeee6d610a41904b3c3b")

20.54924237s ago: executing program 3 (id=2542):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffff7, 0x122c42)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/udp\x00')
pread64(r1, &(0x7f000001a240)=""/102391, 0x18ff7, 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5, 0x12, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000000c0)="9a505ee382da37589ce23f01a4544999651f6c41ebf39d3cb8df8f6865ac91164184a914f3600a56afab8f7515c5fd7887e494f016ba441c77f18834d6cb62f301ac28f8d552230555aa0cce0eb8e37b49b023ee52bb20287d38d50ea4da9a408bfc7173f0011b27420f5371e76a986737a5a9cddae5a203f263a4c5e4383d1ff15f40a6709c275de14814ef2e18ab2097ae60670dde1970da669b34101db3429b7bbc395c0f1d94cd064520666b9df3711e738155c215b7131ff8e76f3b6d383b0a9f0b0ec1207470d3c5414e8c5c10cb55549398e3107d70f82d76cfb2c2968c54048dfc5ffed1f7b8a99b6f9d031a517bb6aeee6d610a41904b3c3b")

12.662072055s ago: executing program 3 (id=2542):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffff7, 0x122c42)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/udp\x00')
pread64(r1, &(0x7f000001a240)=""/102391, 0x18ff7, 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5, 0x12, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000000c0)="9a505ee382da37589ce23f01a4544999651f6c41ebf39d3cb8df8f6865ac91164184a914f3600a56afab8f7515c5fd7887e494f016ba441c77f18834d6cb62f301ac28f8d552230555aa0cce0eb8e37b49b023ee52bb20287d38d50ea4da9a408bfc7173f0011b27420f5371e76a986737a5a9cddae5a203f263a4c5e4383d1ff15f40a6709c275de14814ef2e18ab2097ae60670dde1970da669b34101db3429b7bbc395c0f1d94cd064520666b9df3711e738155c215b7131ff8e76f3b6d383b0a9f0b0ec1207470d3c5414e8c5c10cb55549398e3107d70f82d76cfb2c2968c54048dfc5ffed1f7b8a99b6f9d031a517bb6aeee6d610a41904b3c3b")

7.339697941s ago: executing program 1 (id=3059):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmsg$rds(r0, 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@mcast1}, &(0x7f0000000080)=0xffffffffffffffe1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$LOOP_CTL_GET_FREE(r6, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, r7)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000042000000060000000800000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000eb016b5e7210b7cc2665730ae8e3ee8f81f6ce5d83b0f31371f1bbd85f38d2230ea29944ddef4e663c5848c3e61144b1dd1ab0759bb93a7e7b03ed94f3f813f6ba2db8ddb4fca510fab7cc957613349899234918357298d21dec16378d2465e9b447f12b999406bd5566d4b2c1052aa5bb760d0225dc4b4d98c41e63c6586c2cf3eafea7e4d392dd5"], 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r8, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r9}, 0x38)
r10 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r10, &(0x7f0000000040), 0x10)
listen(r10, 0x0)
r11 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r11, &(0x7f0000000080), 0x10)
sendmmsg(r11, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
recvfrom$unix(0xffffffffffffffff, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0)

7.056913633s ago: executing program 2 (id=3061):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000600)=ANY=[@ANYRESHEX=0x0, @ANYBLOB="bbdf1aba1f0fa58d931ffa3ba6cac84f7c35398258425038c19a1d09b126050f6b21a15bc320cb7e52a91b63354b347b5f7f017567c53e1a2087f2b3a1337cc1f5500e3e543758ac984d59e8a51edad8b2c1528ffb5f681bd80996060875b30f85bcf965105f4acf0e65a80d088f1e", @ANYRES32=r1, @ANYRESDEC=r1], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$cdrom(0xffffff9c, &(0x7f00000012c0), 0x42880, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
mount$9p_xen(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', &(0x7f0000000440), 0x942820, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=xen,euid>', @ANYBLOB=',fowner>', @ANYRESDEC, @ANYBLOB="2c7f626a5f75736572354d6465762f666230002c6f626a5f757365723d7b2c736d61636b66737472616e736d7592c674653d242f5b2625295b24738d4d2c6f626a5f726f6c650b6173796d6d6574726963002c646f6e745f6d656173757265"])
add_key$user(0x0, &(0x7f00000005c0), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)

6.946441001s ago: executing program 4 (id=3062):
r0 = socket$netlink(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r2 = dup(r1)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000180)=ANY=[@ANYBLOB="320200000000000007100000000002040800ff7f00000000000047406c6e0000"], 0x20)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r4 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000280)={&(0x7f000003b000/0x1000)=nil, &(0x7f0000000000/0x3000)=nil, 0x1000, 0x1})
close_range(0xffffffffffffffff, r4, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f0000000640)={'filter\x00', 0x7, 0x4, 0x3c8, 0x10c, 0x10c, 0x0, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback, @loopback, 0x2}}}, {{@uncond, 0xbc, 0xfc}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "53a145c767671fcf0c243d543b9d83f0863f3aac810f97fea80e1b838805"}}, {{@uncond, 0xbc, 0xe0}, @unspec=@NFQUEUE1={0x24, 'NFQUEUE\x00', 0x1, {0x9, 0x7}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x414)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}}, 0x0)
r6 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0)
getpid()
ioctl$SNDRV_PCM_IOCTL_STATUS64(r6, 0xc0884123, &(0x7f0000000080))
creat(&(0x7f00000002c0)='./file0\x00', 0x6)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x200000b, 0x4010, 0xffffffffffffffff, 0xb27e2000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r7, &(0x7f0000000640)={0x2020}, 0x2020)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500), 0x0, 0xff8e}}, 0x3c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_triestat\x00')
read$FUSE(r9, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000000100023ff2cbd70000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c001280090001007866726d000000000c0002800800020001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x24008000}, 0x0)

6.694908746s ago: executing program 1 (id=3063):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x58, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x10, 0x2, 0x1, 0x0, {0x0, 0x2, 0x0, 0x46, 0x0, 0x0, 0x1, 0x3}, 0x1, 0x4, 0x3}}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x58}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="500000df0702110000010802110000000802110000000000000000000000000064000100000a000000020202010882848b960c121824"], 0x36)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r3, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/15, 0xf}, {&(0x7f0000000180)=""/172, 0x2000022c}], 0x3)
sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="e2ebf310", @ANYRES16=r1, @ANYBLOB="20002bbd7000fbdbdf252000000008000300", @ANYRES32=r2, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040000)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1, 0x70bd25}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = dup(r7)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a320000000005000100070000001400078008001340000000000800124009", @ANYBLOB="43d729c968ed183e51aa7fd4", @ANYRES32=r1, @ANYBLOB="887661494b31bddd978aa99cbc30357e3cb761578cf23012d61ccccc44f148e65a0328eb58c2e74f2a9d6da4c12c5d9ae2f4d31262b1f7608befcc931f1197b8de4b8b7bfe2f94fbae163624dce8201daa48deb9c6516f0e047e31bd82f85c86fc6ecb3696f68c9ae50c71c0d240c122baf6d4214e3c1029fa3bfca4abb0eb6b031d24676034797db7e97a4dfba03bcd1a829000f9c580985ff7d1def16ee7be0d2025ff131b1c945afca4eaae2dc67d1f53828a22df7b1b6d30ef2845ee4d67117e02bd968f835017ac", @ANYRESOCT], 0x64}}, 0x0)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
unlink(&(0x7f0000000000)='./file0\x00')
bind$inet6(r9, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

5.983323s ago: executing program 2 (id=3064):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2)
clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f00000000c0)={0x6, 0x1ffffd, 0x0, 0x0, 0x0, 0x2})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x90}, 0x1, 0x0, 0x0, 0x400c041}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c000062000000000000000000000000080000000900020073797a320000000005000100070000dd14000300686173683a69702c706f03e22c72742c6e657400000000050005000a0000080c00d4e108000640000000000500040000000000"], 0x5c}}, 0x0)
r6 = getpid()
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000180)=""/58, 0x3a}, {&(0x7f0000006180)=""/138, 0x98}], 0x2000000000000043, &(0x7f0000000100)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1e, 0x0)

5.901068805s ago: executing program 4 (id=3065):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2)
clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f00000000c0)={0x6, 0x1ffffd, 0x0, 0x0, 0x0, 0x2})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x90}, 0x1, 0x0, 0x0, 0x400c041}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c000062000000000000000000000000080000000900020073797a320000000005000100070000dd14000300686173683a69702c706f03e22c72742c6e657400000000050005000a0000080c00d4e108000640000000000500040000000000"], 0x5c}}, 0x0)
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000180)=""/58, 0x3a}, {&(0x7f0000006180)=""/138, 0x98}], 0x2000000000000043, &(0x7f0000000100)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1e, 0x0)

4.962721349s ago: executing program 4 (id=3066):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000400)={0x0, 0x7f, 0x700})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000580))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32, @ANYBLOB="ffc300000000000024001280110001006272696467655f736c617665000000000c000580050027"], 0x44}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000480)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in=@remote, 0x0, 0x400, 0x0, 0x0, 0xa, 0x60, 0x0, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, 0x9}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x9200000000000000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000480)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40004)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

4.933614559s ago: executing program 2 (id=3067):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x80200)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000000340)={"8171f879", 0x7, 0xb0, 0x0, 0x9, 0x5, "00800000000000f51000", "00598b00", "0200", "01000800", ["dc001000", "0000000000ffe700005a00", "4a218302000000215c384d00", "790000a5a16706008c00edbf"]})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a3200000000050005"], 0x6c}}, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0xfffffe00, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)

4.638530763s ago: executing program 1 (id=3068):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x80200)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f0000000340)={"8171f879", 0x7, 0xb0, 0x0, 0x9, 0x5, "00800000000000f51000", "00598b00", "0200", "01000800", ["dc001000", "0000000000ffe700005a00", "4a218302000000215c384d00", "790000a5a16706008c00edbf"]})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a3200000000050005"], 0x6c}}, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0xfffffe00, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101080, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)

4.63560516s ago: executing program 3 (id=2542):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffff7, 0x122c42)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/udp\x00')
pread64(r1, &(0x7f000001a240)=""/102391, 0x18ff7, 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5, 0x12, r0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)
ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000000c0)="9a505ee382da37589ce23f01a4544999651f6c41ebf39d3cb8df8f6865ac91164184a914f3600a56afab8f7515c5fd7887e494f016ba441c77f18834d6cb62f301ac28f8d552230555aa0cce0eb8e37b49b023ee52bb20287d38d50ea4da9a408bfc7173f0011b27420f5371e76a986737a5a9cddae5a203f263a4c5e4383d1ff15f40a6709c275de14814ef2e18ab2097ae60670dde1970da669b34101db3429b7bbc395c0f1d94cd064520666b9df3711e738155c215b7131ff8e76f3b6d383b0a9f0b0ec1207470d3c5414e8c5c10cb55549398e3107d70f82d76cfb2c2968c54048dfc5ffed1f7b8a99b6f9d031a517bb6aeee6d610a41904b3c3b")

2.468509344s ago: executing program 4 (id=3069):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@private2, 0x0, 0x0, 0x103, 0x1}, 0x20)

2.459141233s ago: executing program 1 (id=3070):
socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newtclass={0x24, 0x28, 0x1, 0x70bd2a, 0x25dfdc01, {0x0, 0x0, 0x0, 0x0, {0xa, 0x3}, {0x7, 0x1}, {0x2}}}, 0x24}}, 0x2000c044)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)

2.451573123s ago: executing program 2 (id=3071):
r0 = openat$dsp(0xffffff9c, &(0x7f0000000000), 0x464880, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_create_resource$binfmt(0x0)
r2 = socket(0x2a, 0x1, 0x1)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYRESHEX=r2], &(0x7f0000003ff6)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f00000016c0)=""/4126, 0x101e}], 0x1)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)
syz_init_net_socket$ax25(0x3, 0x3, 0x1)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
mmap(&(0x7f0000ff9000/0x1000)=nil, 0x1000, 0x0, 0x80010, 0xffffffffffffffff, 0x11b68000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r3, &(0x7f0000019680)=""/102384, 0x18ff0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x71ba, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r4}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
io_uring_setup(0x18c, &(0x7f0000000200)={0x0, 0x621f, 0x10, 0x3, 0x1a5, 0x0, r5})
r6 = syz_open_dev$evdev(&(0x7f0000000b80), 0x0, 0x0)
ioctl$EVIOCSMASK(r6, 0x40104593, &(0x7f0000000140)={0x0, 0x0, 0x0})
ioctl$EVIOCSKEYCODE_V2(r6, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, "207d3d0040b6000900"})
ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000080)={0x1ff, 0x2, 0x3, "d3417f5ad9a918147e93d21f640d232c11ca25c7301f4bccd07113ce147c247c", 0x56555959})
ioctl$SOUND_MIXER_READ_RECSRC(r0, 0x80044dff, &(0x7f0000000040))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, 0x0, 0x0)

2.385212793s ago: executing program 4 (id=3072):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000000c0)={0x500, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x70}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x891b, &(0x7f0000000280)={'vxcan1\x00', @ifru_mtu=0x3})
ioperm(0x0, 0x6, 0x2da3b9f3)
timer_create(0x38b88a1f4391e3f6, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x62)
r4 = socket$nl_route(0x10, 0x3, 0x0)
mknodat$null(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x2000, 0x103)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6], 0x30}, 0x1, 0x0, 0x0, 0x4880}, 0x40090)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES64=r3], 0x44}}, 0x0)
r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000002c0), 0x20400, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000", <r8=>0xffffffffffffffff})
r9 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r9, 0xc0285700, &(0x7f0000000040)={0x80109, "fa02946a000000001dda524f03000000000000000000003673000000002000", <r10=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r10, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45bebe3f5b53e0ca34dd02acecdc67c5e3126628168", r8, <r11=>0xffffffffffffffff})
close(r9)
ioctl$SW_SYNC_IOC_INC(r7, 0x40045701, &(0x7f0000000280)=0x8000)
ioctl$SYNC_IOC_MERGE(r11, 0x40103e05, &(0x7f0000000080)={"df000000000000000000000000000000000000002000a400", r11})
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, &(0x7f0000000240))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

2.335565938s ago: executing program 1 (id=3073):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0)
openat$cdrom(0xffffff9c, &(0x7f00000012c0), 0x42880, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
syz_usbip_server_init(0x2)
add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
mount$9p_xen(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', &(0x7f0000000440), 0x942820, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=xen,euid>', @ANYBLOB=',fowner>', @ANYRESDEC, @ANYBLOB="2c7f626a5f75736572354d6465762f666230002c6f626a5f757365723d7b2c736d61636b66737472616e736d7592c674653d242f5b2625295b24738d4d2c6f626a5f726f6c650b6173796d6d6574726963002c646f6e745f6d656173757265"])
add_key$user(0x0, &(0x7f00000005c0), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)

829.816241ms ago: executing program 2 (id=3074):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
timerfd_settime(r1, 0x1, &(0x7f0000000080)={{0x0, 0x3938700}, {0x0, 0x3938700}}, &(0x7f0000000100))
listen(0xffffffffffffffff, 0x10000a47)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1})
io_uring_enter(r2, 0x234f, 0xb1e6, 0x1, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$sock(r5, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)=' ', 0x1}], 0x1}}], 0x1, 0x40000)

670.735533ms ago: executing program 1 (id=3075):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2)
clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f00000000c0)={0x6, 0x1ffffd, 0x0, 0x0, 0x0, 0x2})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x90}, 0x1, 0x0, 0x0, 0x400c041}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c000062000000000000000000000000080000000900020073797a320000000005000100070000dd14000300686173683a69702c706f03e22c72742c6e657400000000050005000a0000080c00d4e108000640000000000500040000000000"], 0x5c}}, 0x0)
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000180)=""/58, 0x3a}, {&(0x7f0000006180)=""/138, 0x98}], 0x2000000000000043, &(0x7f0000000100)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1e, 0x0)

97.992983ms ago: executing program 2 (id=3076):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2)
clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f00000000c0)={0x6, 0x1ffffd, 0x0, 0x0, 0x0, 0x2})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x90}, 0x1, 0x0, 0x0, 0x400c041}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c000062000000000000000000000000080000000900020073797a320000000005000100070000dd14000300686173683a69702c706f03e22c72742c6e657400000000050005000a0000080c00d4e108000640000000000500040000000000"], 0x5c}}, 0x0)
r6 = getpid()
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000180)=""/58, 0x3a}, {&(0x7f0000006180)=""/138, 0x98}], 0x2000000000000043, &(0x7f0000000100)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1e, 0x0)

0s ago: executing program 4 (id=3077):
r0 = socket(0x10, 0x3, 0x0)
epoll_create1(0x0) (async)
r1 = epoll_create1(0x0)
r2 = openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0x101000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r3, 0x27, 0xe, 0x0, &(0x7f0000000080)="f8ad48cc02cb29dcc8007f5b88a8", 0x0, 0x4, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x1e)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000580)={0x1a})
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140), 0x1, 0x0, 0xffffffffffffff1e, 0x1f00c00e}, 0x24004080)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x5, &(0x7f00000000c0)=[{0x5, 0xf, 0xf1, 0x2}, {0xe1, 0x1, 0x5, 0x8000}, {0x7, 0x4, 0x3, 0x33bb894}, {0x682, 0x2, 0xbf, 0x9}, {0x1b70, 0x7, 0x7f, 0x6}]}) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x5, &(0x7f00000000c0)=[{0x5, 0xf, 0xf1, 0x2}, {0xe1, 0x1, 0x5, 0x8000}, {0x7, 0x4, 0x3, 0x33bb894}, {0x682, 0x2, 0xbf, 0x9}, {0x1b70, 0x7, 0x7f, 0x6}]})

0s ago: executing program 4 (id=3078):
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_pressure(r1, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x1, 0x40000032, r3, 0x0)
sendfile64(r3, r2, 0x0, 0x8)

kernel console output (not intermixed with test programs):

23.257636][T16211] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  623.260545][ T5938] Bluetooth: hci4: failed to read key size for handle 201
[  623.298697][T16203] bridge0: port 1(bridge_slave_0) entered blocking state
[  623.301001][T16203] bridge0: port 1(bridge_slave_0) entered disabled state
[  623.303987][T16203] bridge_slave_0: entered allmulticast mode
[  623.306585][T16203] bridge_slave_0: entered promiscuous mode
[  623.309585][T16203] bridge0: port 2(bridge_slave_1) entered blocking state
[  623.311827][T16203] bridge0: port 2(bridge_slave_1) entered disabled state
[  623.314196][T16203] bridge_slave_1: entered allmulticast mode
[  623.316726][T16203] bridge_slave_1: entered promiscuous mode
[  623.348291][T16203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  623.352665][T16203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  623.385975][T16203] team0: Port device team_slave_0 added
[  623.389780][T16203] team0: Port device team_slave_1 added
[  623.418329][T16203] batman_adv: batadv0: Adding interface: batadv_slave_0
[  623.420626][T16203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  623.430330][T16203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  623.441932][ T1148] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.447862][T16203] batman_adv: batadv0: Adding interface: batadv_slave_1
[  623.450048][T16203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  623.459385][T16203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  623.501210][ T1148] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.508696][T16203] hsr_slave_0: entered promiscuous mode
[  623.510924][T16203] hsr_slave_1: entered promiscuous mode
[  623.513146][T16203] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  623.515439][T16203] Cannot create hsr debugfs directory
[  623.602445][ T1148] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.701561][ T1148] bridge_slave_1: left allmulticast mode
[  623.703390][ T1148] bridge_slave_1: left promiscuous mode
[  623.705255][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state
[  623.708851][ T1148] bridge_slave_0: left allmulticast mode
[  623.710661][ T1148] bridge_slave_0: left promiscuous mode
[  623.712321][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state
[  623.816199][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  623.818349][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  624.007773][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  624.013055][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  624.017386][ T1148] bond0 (unregistering): Released all slaves
[  624.187920][T16227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2780'.
[  624.237561][T16230] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2780'.
[  624.961903][ T1148] hsr_slave_0: left promiscuous mode
[  624.964540][ T1148] hsr_slave_1: left promiscuous mode
[  624.966712][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  624.969039][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_0
[  624.974257][   T40] audit: type=1326 audit(1746856545.656:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16236 comm="syz.0.2783" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f68579 code=0x0
[  624.974362][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  624.984611][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_1
[  625.014147][ T1148] veth1_macvtap: left promiscuous mode
[  625.015411][T16245] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2785'.
[  625.015955][ T1148] veth0_macvtap: left promiscuous mode
[  625.020396][ T1148] veth1_vlan: left promiscuous mode
[  625.022099][ T1148] veth0_vlan: left promiscuous mode
[  625.082990][ T5938] Bluetooth: hci2: command tx timeout
[  625.095821][T16251] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2784'.
[  625.623588][ T1148] team0 (unregistering): Port device team_slave_1 removed
[  625.691081][ T1148] team0 (unregistering): Port device team_slave_0 removed
[  626.177575][T16252] tun0: tun_chr_ioctl cmd 1074025677
[  626.179354][T16252] tun0: linktype set to 773
[  626.211523][T16203] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  626.223470][T16203] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  626.227870][T16203] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  626.236713][T16203] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  626.278149][T16203] 8021q: adding VLAN 0 to HW filter on device bond0
[  626.289580][T16203] 8021q: adding VLAN 0 to HW filter on device team0
[  626.295663][  T215] bridge0: port 1(bridge_slave_0) entered blocking state
[  626.297938][  T215] bridge0: port 1(bridge_slave_0) entered forwarding state
[  626.305462][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  626.307763][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  626.478904][T16203] 8021q: adding VLAN 0 to HW filter on device batadv0
[  626.512313][T16203] veth0_vlan: entered promiscuous mode
[  626.527614][T16203] veth1_vlan: entered promiscuous mode
[  626.545750][T16203] veth0_macvtap: entered promiscuous mode
[  626.549773][T16203] veth1_macvtap: entered promiscuous mode
[  626.557012][T16203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  626.560229][T16203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  626.566722][T16203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  626.569927][T16203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  626.573109][T16203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  626.576333][T16203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  626.580097][T16203] batman_adv: batadv0: Interface activated: batadv_slave_0
[  626.600861][T16273] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2787'.
[  626.608674][T16203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  626.611938][T16203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  626.616384][T16203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  626.619657][T16203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  626.623576][T16203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  626.626934][T16203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  626.630769][T16203] batman_adv: batadv0: Interface activated: batadv_slave_1
[  626.635680][T16203] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  626.638533][T16203] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  626.641364][T16203] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  626.645168][T16203] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  626.690962][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  626.694026][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  626.696447][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  626.698884][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  627.324378][ T5938] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  627.327311][ T5938] Bluetooth: hci4: Injecting HCI hardware error event
[  627.330403][ T5938] Bluetooth: hci4: hardware error 0x00
[  627.497227][T16284] @: renamed from hsr0 (while UP)
[  628.861403][   T40] audit: type=1326 audit(1746856549.536:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16295 comm="syz.0.2795" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f68579 code=0x0
[  629.009737][   T78] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  629.402924][ T5938] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  630.307047][T16303] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2796'.
[  630.374062][ T5949] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  630.378031][ T5949] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  630.381413][ T5949] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  630.385589][ T5949] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  630.389866][ T5949] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  630.413917][T16306] lo speed is unknown, defaulting to 1000
[  630.417878][T16306] lo speed is unknown, defaulting to 1000
[  630.664893][T16313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2798'.
[  630.717464][T16306] chnl_net:caif_netlink_parms(): no params data found
[  630.754460][   T78] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  630.872172][T16306] bridge0: port 1(bridge_slave_0) entered blocking state
[  630.874828][T16306] bridge0: port 1(bridge_slave_0) entered disabled state
[  630.877353][T16306] bridge_slave_0: entered allmulticast mode
[  630.880163][T16306] bridge_slave_0: entered promiscuous mode
[  630.884235][T16306] bridge0: port 2(bridge_slave_1) entered blocking state
[  630.886682][T16306] bridge0: port 2(bridge_slave_1) entered disabled state
[  630.889095][T16306] bridge_slave_1: entered allmulticast mode
[  630.891901][T16306] bridge_slave_1: entered promiscuous mode
[  631.023204][T16306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  631.040575][   T78] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  631.050386][T16306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  631.153301][   T78] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  631.173552][T16306] team0: Port device team_slave_0 added
[  631.177746][T16306] team0: Port device team_slave_1 added
[  631.268467][T16306] batman_adv: batadv0: Adding interface: batadv_slave_0
[  631.270550][T16306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  631.278732][T16306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  631.283097][T16306] batman_adv: batadv0: Adding interface: batadv_slave_1
[  631.291847][T16306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  631.301240][T16306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  631.337692][T16327] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2799'.
[  631.368956][T16327] bridge_slave_1: left allmulticast mode
[  631.371093][T16327] bridge_slave_1: left promiscuous mode
[  631.375121][T16327] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.484536][T16329] netlink: 'syz.2.2800': attribute type 7 has an invalid length.
[  631.560723][T16327] bridge_slave_0: left allmulticast mode
[  631.562551][T16327] bridge_slave_0: left promiscuous mode
[  631.572988][T16327] bridge0: port 1(bridge_slave_0) entered disabled state
[  631.736449][T16332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2801'.
[  631.737231][T16329] : entered promiscuous mode
[  631.748309][T16306] hsr_slave_0: entered promiscuous mode
[  631.750529][T16306] hsr_slave_1: entered promiscuous mode
[  631.760964][T16306] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  631.763550][T16306] Cannot create hsr debugfs directory
[  631.925032][T16342] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2802'.
[  631.927452][T16343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2803'.
[  631.978265][   T78] bridge_slave_1: left allmulticast mode
[  631.980100][   T78] bridge_slave_1: left promiscuous mode
[  631.981870][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.991962][   T78] bridge_slave_0: left allmulticast mode
[  632.003783][   T78] bridge_slave_0: left promiscuous mode
[  632.012611][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  632.224940][T16354] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2804'.
[  632.345293][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  632.349717][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  632.354824][   T78] bond0 (unregistering): Released all slaves
[  632.443936][ T5949] Bluetooth: hci2: command tx timeout
[  632.490604][   T40] audit: type=1326 audit(1746856553.166:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16356 comm="syz.0.2805" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f68579 code=0x0
[  632.799679][   T78] hsr_slave_0: left promiscuous mode
[  632.801906][   T78] hsr_slave_1: left promiscuous mode
[  632.804478][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  632.807214][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  632.810122][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  632.812466][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  632.832206][   T78] veth1_macvtap: left promiscuous mode
[  632.834044][   T78] veth0_macvtap: left promiscuous mode
[  632.835836][   T78] veth1_vlan: left promiscuous mode
[  632.837479][   T78] veth0_vlan: left promiscuous mode
[  633.549814][   T78] team0 (unregistering): Port device team_slave_1 removed
[  633.712340][   T78] team0 (unregistering): Port device team_slave_0 removed
[  634.368135][T16374] hsr0: entered allmulticast mode
[  634.368149][T16374] hsr_slave_0: entered allmulticast mode
[  634.368157][T16374] hsr_slave_1: entered allmulticast mode
[  634.408115][T16385] futex_wake_op: syz.0.2810 tries to shift op by -1; fix this program
[  634.532975][ T5949] Bluetooth: hci2: command tx timeout
[  634.592708][T16306] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  634.605382][T16306] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  634.619603][T16306] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  634.626297][T16392] netlink: 'syz.1.2811': attribute type 7 has an invalid length.
[  634.662280][T16306] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  634.719738][T16392] : entered promiscuous mode
[  634.782238][T16306] 8021q: adding VLAN 0 to HW filter on device bond0
[  634.791891][T16306] 8021q: adding VLAN 0 to HW filter on device team0
[  634.881402][T16405] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2812'.
[  634.900330][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  634.902920][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  634.921581][  T215] bridge0: port 2(bridge_slave_1) entered blocking state
[  634.924437][  T215] bridge0: port 2(bridge_slave_1) entered forwarding state
[  635.075896][T16411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2815'.
[  635.183560][T16306] 8021q: adding VLAN 0 to HW filter on device batadv0
[  635.218441][T16306] veth0_vlan: entered promiscuous mode
[  635.227077][T16306] veth1_vlan: entered promiscuous mode
[  635.265214][T16306] veth0_macvtap: entered promiscuous mode
[  635.270917][T16306] veth1_macvtap: entered promiscuous mode
[  635.288657][T16306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  635.295083][T16306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.299142][T16306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  635.304638][T16306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.308536][T16306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  635.312760][T16306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.318857][T16306] batman_adv: batadv0: Interface activated: batadv_slave_0
[  635.326777][T16419] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2816'.
[  635.327897][T16306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  635.333102][T16306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.336308][T16306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  635.339581][T16306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.342492][T16306] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  635.346444][T16306] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.351220][T16306] batman_adv: batadv0: Interface activated: batadv_slave_1
[  635.387740][T16306] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  635.390431][T16306] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  635.393380][T16306] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  635.396060][T16306] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  635.430130][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  635.432608][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  635.447168][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  635.449570][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  636.112429][T16431] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2817'.
[  636.517365][T16440] vlan2: entered allmulticast mode
[  636.518996][T16440] bond0: entered allmulticast mode
[  636.520581][T16440] bond_slave_0: entered allmulticast mode
[  636.522341][T16440] bond_slave_1: entered allmulticast mode
[  636.526362][T16440] bridge0: port 1(vlan2) entered blocking state
[  636.528481][T16440] bridge0: port 1(vlan2) entered disabled state
[  636.531389][T16440] vlan2: entered promiscuous mode
[  636.533093][T16440] bond0: entered promiscuous mode
[  636.534652][T16440] bond_slave_0: entered promiscuous mode
[  636.536571][T16440] bond_slave_1: entered promiscuous mode
[  636.540324][T16440] bridge0: port 1(vlan2) entered blocking state
[  636.542482][T16440] bridge0: port 1(vlan2) entered forwarding state
[  636.555691][T16440] bond0: (slave bond_slave_0): Releasing backup interface
[  636.558334][T16440] bond_slave_0: left promiscuous mode
[  636.560112][T16440] bond_slave_0: left allmulticast mode
[  636.564848][T16440] bond0: (slave bond_slave_1): Releasing backup interface
[  636.568715][T16440] bond_slave_1: left promiscuous mode
[  636.570521][T16440] bond_slave_1: left allmulticast mode
[  636.582519][T16440] team0: Port device team_slave_0 removed
[  636.589011][T16440] team0: Port device team_slave_1 removed
[  636.592664][T16440] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  636.596912][T16440] batman_adv: batadv0: Removing interface: batadv_slave_0
[  636.600278][T16440] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  636.602528][T16440] batman_adv: batadv0: Removing interface: batadv_slave_1
[  636.609739][T16440] vlan2: left promiscuous mode
[  636.611287][T16440] bond0: left promiscuous mode
[  636.613556][T16440] bridge0: port 1(vlan2) entered disabled state
[  636.630008][T16444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2820'.
[  636.940631][T16458] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2826'.
[  637.259864][T16462] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2827'.
[  637.758847][   T40] audit: type=1326 audit(1746856558.436:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16466 comm="syz.0.2837" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f68579 code=0x0
[  637.798994][ T1148] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.855773][T16468] bridge0: failed insert local address into bridge forwarding table
[  638.027235][T16468] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2829'.
[  639.234946][ T5938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  639.239054][ T5938] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  639.242340][ T5938] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  639.249956][ T5938] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  639.252716][ T5938] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  639.275681][ T1148] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.290245][T16480] lo speed is unknown, defaulting to 1000
[  639.292682][T16480] lo speed is unknown, defaulting to 1000
[  639.359743][ T1148] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.391730][T16480] chnl_net:caif_netlink_parms(): no params data found
[  639.445936][ T1148] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  639.526014][T16480] bridge0: port 1(bridge_slave_0) entered blocking state
[  639.529301][T16480] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.532394][T16480] bridge_slave_0: entered allmulticast mode
[  639.545514][T16480] bridge_slave_0: entered promiscuous mode
[  639.555066][T16480] bridge0: port 2(bridge_slave_1) entered blocking state
[  639.558131][T16480] bridge0: port 2(bridge_slave_1) entered disabled state
[  639.561103][T16480] bridge_slave_1: entered allmulticast mode
[  639.565530][T16480] bridge_slave_1: entered promiscuous mode
[  639.657145][T16480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  639.677402][T16480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  639.730455][ T1148] bridge_slave_1: left allmulticast mode
[  639.732244][ T1148] bridge_slave_1: left promiscuous mode
[  639.736039][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state
[  639.740163][ T1148] bridge_slave_0: left allmulticast mode
[  639.741955][ T1148] bridge_slave_0: left promiscuous mode
[  639.746507][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.023246][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  640.035191][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  640.049970][ T1148] bond0 (unregistering): Released all slaves
[  640.069861][T16480] team0: Port device team_slave_0 added
[  640.095908][T16480] team0: Port device team_slave_1 added
[  640.151763][T16480] batman_adv: batadv0: Adding interface: batadv_slave_0
[  640.155047][T16480] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  640.163380][T16480] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  640.167644][T16480] batman_adv: batadv0: Adding interface: batadv_slave_1
[  640.169807][T16480] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  640.177981][T16480] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  640.245719][T16480] hsr_slave_0: entered promiscuous mode
[  640.248898][T16480] hsr_slave_1: entered promiscuous mode
[  640.251767][T16480] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  640.255232][T16480] Cannot create hsr debugfs directory
[  640.406271][T16508] usb usb1: usbfs: process 16508 (syz.2.2836) did not claim interface 6 before use
[  640.583047][ T1148] hsr_slave_0: left promiscuous mode
[  640.587715][ T1148] hsr_slave_1: left promiscuous mode
[  640.590342][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  640.593493][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_0
[  640.597594][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  640.600575][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_1
[  640.633413][ T1148] veth1_macvtap: left promiscuous mode
[  640.635759][ T1148] veth0_macvtap: left promiscuous mode
[  640.638052][ T1148] veth1_vlan: left promiscuous mode
[  640.640066][ T1148] veth0_vlan: left promiscuous mode
[  641.068919][   T40] audit: type=1326 audit(1746856561.746:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16524 comm="syz.2.2840" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x0
[  641.324888][ T5949] Bluetooth: hci2: command tx timeout
[  641.486625][ T1148] team0 (unregistering): Port device team_slave_1 removed
[  641.564610][ T1148] team0 (unregistering): Port device team_slave_0 removed
[  642.039239][T16539] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2841'.
[  642.437281][T16551] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2845'.
[  642.671644][T16480] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  642.684827][T16480] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  642.696625][T16480] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  642.712711][T16480] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  642.821788][T16480] 8021q: adding VLAN 0 to HW filter on device bond0
[  642.881432][T16480] 8021q: adding VLAN 0 to HW filter on device team0
[  642.900587][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[  642.903025][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  642.919763][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state
[  642.922071][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state
[  642.940872][T16480] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  643.124194][T16480] 8021q: adding VLAN 0 to HW filter on device batadv0
[  643.155738][T16583] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2848'.
[  643.159705][T16480] veth0_vlan: entered promiscuous mode
[  643.206465][T16480] veth1_vlan: entered promiscuous mode
[  643.223463][T16480] veth0_macvtap: entered promiscuous mode
[  643.227413][T16480] veth1_macvtap: entered promiscuous mode
[  643.235527][T16480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  643.239809][T16480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  643.244790][T16480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  643.248065][T16480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  643.252105][T16480] batman_adv: batadv0: Interface activated: batadv_slave_0
[  643.259959][T16480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  643.264281][T16480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  643.267594][T16480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  643.270937][T16480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  643.275190][T16480] batman_adv: batadv0: Interface activated: batadv_slave_1
[  643.280934][T16480] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  643.287998][T16480] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  643.292263][T16480] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  643.297578][T16480] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  643.370818][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  643.387108][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  643.402241][  T215] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  643.405748][  T215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  643.413895][ T5949] Bluetooth: hci2: command tx timeout
[  643.691222][   T40] audit: type=1326 audit(1746856564.366:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16591 comm="syz.1.2851" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x0
[  643.851355][T16595] xt_CT: You must specify a L4 protocol and not use inversions on it
[  644.377291][T16602] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2854'.
[  644.687745][T16610] usb usb1: usbfs: process 16610 (syz.0.2855) did not claim interface 6 before use
[  645.088723][T16614] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[  645.090827][T16614] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  645.094387][T16614] vhci_hcd vhci_hcd.0: Device attached
[  645.272932][T14103] vhci_hcd: vhci_device speed not set
[  645.334038][T14103] usb 39-1: new full-speed USB device number 14 using vhci_hcd
[  645.395849][T16615] vhci_hcd: connection reset by peer
[  645.400747][   T78] vhci_hcd: stop threads
[  645.403582][   T78] vhci_hcd: release socket
[  645.406525][   T78] vhci_hcd: disconnect device
[  645.804288][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  646.200894][ T5938] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  646.208572][ T5938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  646.214060][ T5938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  646.216938][ T5938] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  646.218445][T16633] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  646.219878][ T5938] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  646.223627][T16633] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  646.225810][ T5938] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  646.226316][ T5938] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  646.229304][T16633] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  646.269346][T16628] lo speed is unknown, defaulting to 1000
[  646.271815][T16628] lo speed is unknown, defaulting to 1000
[  646.320350][T16630] lo speed is unknown, defaulting to 1000
[  646.327159][T16630] lo speed is unknown, defaulting to 1000
[  646.405762][T16628] chnl_net:caif_netlink_parms(): no params data found
[  646.621473][T16628] bridge0: port 1(bridge_slave_0) entered blocking state
[  646.625436][T16628] bridge0: port 1(bridge_slave_0) entered disabled state
[  646.627940][T16628] bridge_slave_0: entered allmulticast mode
[  646.631429][T16628] bridge_slave_0: entered promiscuous mode
[  646.635536][T16628] bridge0: port 2(bridge_slave_1) entered blocking state
[  646.638036][T16628] bridge0: port 2(bridge_slave_1) entered disabled state
[  646.640649][T16628] bridge_slave_1: entered allmulticast mode
[  646.644134][T16628] bridge_slave_1: entered promiscuous mode
[  646.716334][T16628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  646.726575][T16630] chnl_net:caif_netlink_parms(): no params data found
[  646.734029][T16628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  646.802398][T16628] team0: Port device team_slave_0 added
[  646.809057][T16628] team0: Port device team_slave_1 added
[  646.863869][T16628] batman_adv: batadv0: Adding interface: batadv_slave_0
[  646.866304][T16628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  646.875603][T16628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  646.892154][T16628] batman_adv: batadv0: Adding interface: batadv_slave_1
[  646.894956][T16628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  646.903082][T16628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  646.936487][T16630] bridge0: port 1(bridge_slave_0) entered blocking state
[  646.938775][T16630] bridge0: port 1(bridge_slave_0) entered disabled state
[  646.941051][T16630] bridge_slave_0: entered allmulticast mode
[  646.944045][T16630] bridge_slave_0: entered promiscuous mode
[  646.947969][T16630] bridge0: port 2(bridge_slave_1) entered blocking state
[  646.950254][T16630] bridge0: port 2(bridge_slave_1) entered disabled state
[  646.952404][T16630] bridge_slave_1: entered allmulticast mode
[  646.955980][T16630] bridge_slave_1: entered promiscuous mode
[  647.022965][T16628] hsr_slave_0: entered promiscuous mode
[  647.025490][T16628] hsr_slave_1: entered promiscuous mode
[  647.027747][T16628] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  647.030184][T16628] Cannot create hsr debugfs directory
[  647.034316][T16630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  647.039238][T16630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  647.086856][T16657] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2864'.
[  647.105128][T16630] team0: Port device team_slave_0 added
[  647.207747][T16630] team0: Port device team_slave_1 added
[  647.269301][T16630] batman_adv: batadv0: Adding interface: batadv_slave_0
[  647.271499][T16630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  647.280469][T16630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  647.288445][T16630] batman_adv: batadv0: Adding interface: batadv_slave_1
[  647.291293][T16630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  647.299821][T16630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  647.400370][T16630] hsr_slave_0: entered promiscuous mode
[  647.402612][T16630] hsr_slave_1: entered promiscuous mode
[  647.404981][T16630] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  647.407401][T16630] Cannot create hsr debugfs directory
[  647.635186][T16672] syzkaller1: entered promiscuous mode
[  647.637381][T16672] syzkaller1: entered allmulticast mode
[  647.857640][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  648.019545][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  648.101249][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  648.293070][T16633] Bluetooth: hci0: command tx timeout
[  648.362977][T16633] Bluetooth: hci2: command tx timeout
[  648.657345][   T13] bridge_slave_1: left allmulticast mode
[  648.659195][   T13] bridge_slave_1: left promiscuous mode
[  648.661063][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.685361][   T13] bridge_slave_0: left allmulticast mode
[  648.687162][   T13] bridge_slave_0: left promiscuous mode
[  648.689032][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  648.880889][T16678] syz.2.2873 (16678) used greatest stack depth: 20680 bytes left
[  649.070425][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  649.076281][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  649.080202][   T13] bond0 (unregistering): Released all slaves
[  649.192048][T16704] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2881'.
[  649.535050][   T13] hsr_slave_0: left promiscuous mode
[  649.541396][   T13] hsr_slave_1: left promiscuous mode
[  649.544180][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  649.546650][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  649.549267][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  649.551611][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  649.579594][T16720] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2883'.
[  649.584156][   T13] veth1_macvtap: left promiscuous mode
[  649.588356][   T13] veth0_macvtap: left promiscuous mode
[  649.590181][   T13] veth1_vlan: left promiscuous mode
[  649.591899][   T13] veth0_vlan: left promiscuous mode
[  650.219291][   T13] team0 (unregistering): Port device team_slave_1 removed
[  650.314966][   T13] team0 (unregistering): Port device team_slave_0 removed
[  650.362999][T16633] Bluetooth: hci0: command tx timeout
[  650.432935][T14103] vhci_hcd: vhci_device speed not set
[  650.443395][T16633] Bluetooth: hci2: command tx timeout
[  650.784488][T16628] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  650.789670][T16628] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  650.793863][T16628] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  650.797751][T16628] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  650.829532][T16630] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  650.840749][T16630] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  650.852123][T16630] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  650.859140][T16630] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  650.908012][T16628] 8021q: adding VLAN 0 to HW filter on device bond0
[  650.944932][T16630] 8021q: adding VLAN 0 to HW filter on device bond0
[  650.957787][T16628] 8021q: adding VLAN 0 to HW filter on device team0
[  650.972466][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[  650.975102][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  650.979918][T16630] 8021q: adding VLAN 0 to HW filter on device team0
[  650.985105][  T215] bridge0: port 2(bridge_slave_1) entered blocking state
[  650.987284][  T215] bridge0: port 2(bridge_slave_1) entered forwarding state
[  651.005413][  T215] bridge0: port 1(bridge_slave_0) entered blocking state
[  651.007748][  T215] bridge0: port 1(bridge_slave_0) entered forwarding state
[  651.017234][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  651.019491][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  651.139685][T16628] 8021q: adding VLAN 0 to HW filter on device batadv0
[  651.152417][T16630] 8021q: adding VLAN 0 to HW filter on device batadv0
[  651.167678][T16628] veth0_vlan: entered promiscuous mode
[  651.178184][T16628] veth1_vlan: entered promiscuous mode
[  651.206111][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  651.228142][T16628] veth0_macvtap: entered promiscuous mode
[  651.232070][T16628] veth1_macvtap: entered promiscuous mode
[  651.240759][T16628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  651.245418][T16628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.248541][T16628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  651.251857][T16628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.257706][T16628] batman_adv: batadv0: Interface activated: batadv_slave_0
[  651.270147][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  651.281122][T16628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  651.284805][T16628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.287930][T16628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  651.291298][T16628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.295210][T16628] batman_adv: batadv0: Interface activated: batadv_slave_1
[  651.300217][T16628] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  651.303995][T16628] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  651.306784][T16628] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  651.309465][T16628] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  651.345536][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  651.348077][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  651.368129][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  651.395555][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  651.395847][T16630] veth0_vlan: entered promiscuous mode
[  651.398124][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  651.404075][T16630] veth1_vlan: entered promiscuous mode
[  651.432604][T16630] veth0_macvtap: entered promiscuous mode
[  651.461117][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  651.507762][T16630] veth1_macvtap: entered promiscuous mode
[  651.530730][T16630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  651.535025][T16630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.538124][T16630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  651.541311][T16630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.545177][T16630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  651.548667][T16630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.552495][T16630] batman_adv: batadv0: Interface activated: batadv_slave_0
[  651.558450][T16757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2888'.
[  651.559720][T16630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  651.564638][T16630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.567790][T16630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  651.570973][T16630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.574443][T16630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  651.577679][T16630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  651.581547][T16630] batman_adv: batadv0: Interface activated: batadv_slave_1
[  651.598045][T16630] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  651.600821][T16630] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  651.603916][T16630] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  651.606651][T16630] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  651.687477][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  651.689882][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  651.738867][T16767] FAULT_INJECTION: forcing a failure.
[  651.738867][T16767] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  651.743344][T16767] CPU: 3 UID: 0 PID: 16767 Comm: syz.1.2890 Not tainted 6.15.0-rc5-syzkaller-00204-g0e1329d4045c #0 PREEMPT(full) 
[  651.743359][T16767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  651.743366][T16767] Call Trace:
[  651.743369][T16767]  <TASK>
[  651.743373][T16767]  dump_stack_lvl+0x16c/0x1f0
[  651.743391][T16767]  should_fail_ex+0x512/0x640
[  651.743407][T16767]  should_fail_alloc_page+0xe7/0x130
[  651.743421][T16767]  prepare_alloc_pages+0x3c2/0x610
[  651.743436][T16767]  ? rcu_is_watching+0x12/0xc0
[  651.743447][T16767]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  651.743459][T16767]  ? stack_depot_save_flags+0x3e6/0xa50
[  651.743476][T16767]  ? mon_bin_ioctl+0x470/0xcd0
[  651.743486][T16767]  ? kasan_save_stack+0x42/0x60
[  651.743495][T16767]  ? kasan_save_stack+0x33/0x60
[  651.743504][T16767]  ? kasan_save_track+0x14/0x30
[  651.743513][T16767]  ? __kasan_kmalloc+0xaa/0xb0
[  651.743522][T16767]  ? __kmalloc_noprof+0x223/0x510
[  651.743543][T16767]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  651.743553][T16767]  ? __do_fast_syscall_32+0x73/0x120
[  651.743567][T16767]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  651.743587][T16767]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  651.743602][T16767]  ? policy_nodemask+0xea/0x4e0
[  651.743615][T16767]  alloc_pages_mpol+0x1fb/0x550
[  651.743627][T16767]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  651.743643][T16767]  alloc_pages_noprof+0x131/0x390
[  651.743655][T16767]  get_zeroed_page_noprof+0x14/0x50
[  651.743668][T16767]  mon_alloc_buff+0xbc/0x180
[  651.743685][T16767]  mon_bin_ioctl+0x48e/0xcd0
[  651.743696][T16767]  ? __pfx_mon_bin_ioctl+0x10/0x10
[  651.743708][T16767]  ? find_held_lock+0x2b/0x80
[  651.743717][T16767]  ? hook_file_ioctl_common+0x145/0x410
[  651.743730][T16767]  mon_bin_compat_ioctl+0x25a/0x3b0
[  651.743740][T16767]  ? __pfx_mon_bin_compat_ioctl+0x10/0x10
[  651.743749][T16767]  ? fput+0x10/0xf0
[  651.743762][T16767]  ? __pfx_mon_bin_compat_ioctl+0x10/0x10
[  651.743773][T16767]  __ia32_compat_sys_ioctl+0x24c/0x360
[  651.743788][T16767]  __do_fast_syscall_32+0x73/0x120
[  651.743803][T16767]  do_fast_syscall_32+0x32/0x80
[  651.743817][T16767]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  651.743828][T16767] RIP: 0023:0xf7fd6579
[  651.743837][T16767] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  651.743847][T16767] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  651.743857][T16767] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000009204
[  651.743863][T16767] RDX: 00000000000471c5 RSI: 0000000000000000 RDI: 0000000000000000
[  651.743869][T16767] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  651.743874][T16767] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  651.743880][T16767] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  651.743892][T16767]  </TASK>
[  651.974956][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  651.985643][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  651.992911][   T13] bond0 (unregistering): Released all slaves
[  652.009160][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  652.014940][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  652.106490][   T13] tipc: Disabling bearer <eth:team0>
[  652.112495][   T13] tipc: Left network mode
[  652.532950][T16633] Bluetooth: hci2: command tx timeout
[  652.590675][   T13] hsr_slave_0: left promiscuous mode
[  652.594948][   T13] hsr_slave_1: left promiscuous mode
[  652.597147][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  652.599522][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  652.605387][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  652.608493][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  652.609887][   T40] audit: type=1326 audit(1746856573.286:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.4.2893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  652.618861][   T40] audit: type=1326 audit(1746856573.286:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.4.2893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  652.626309][   T40] audit: type=1326 audit(1746856573.286:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.4.2893" exe="/syz-executor" sig=0 arch=40000003 syscall=293 compat=1 ip=0xf702e579 code=0x7ffc0000
[  652.633877][   T40] audit: type=1326 audit(1746856573.286:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.4.2893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  652.641212][   T40] audit: type=1326 audit(1746856573.286:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.4.2893" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  652.669393][   T13] veth1_macvtap: left promiscuous mode
[  652.671846][   T13] veth0_macvtap: left promiscuous mode
[  652.675004][   T13] veth1_vlan: left promiscuous mode
[  652.677344][   T13] veth0_vlan: left promiscuous mode
[  653.505442][T16817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2899'.
[  653.541003][   T13] team0 (unregistering): Port device team_slave_1 removed
[  653.560310][   T40] audit: type=1800 audit(1746856574.236:683): pid=16818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2900" name="bus" dev="tmpfs" ino=35 res=0 errno=0
[  653.625854][   T13] team0 (unregistering): Port device team_slave_0 removed
[  654.603196][T16633] Bluetooth: hci2: command tx timeout
[  654.706059][T16842] ubi31: attaching mtd0
[  654.713226][T16842] ubi31: scanning is finished
[  654.714790][T16842] ubi31: empty MTD device detected
[  654.826707][T16842] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  654.829212][T16842] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  654.831591][T16842] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  654.833905][T16842] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  654.836352][T16842] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  654.838506][T16842] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  654.840993][T16842] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3310924379
[  654.844115][T16842] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  654.848363][T16849] ubi31: background thread "ubi_bgt31d" started, PID 16849
[  654.923535][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.475409][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.534408][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.614252][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.704071][   T13] bridge_slave_1: left allmulticast mode
[  655.705882][   T13] bridge_slave_1: left promiscuous mode
[  655.707738][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.711238][   T13] bridge_slave_0: left allmulticast mode
[  655.713242][   T13] bridge_slave_0: left promiscuous mode
[  655.715085][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  656.031153][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  656.035178][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  656.038349][   T13] bond0 (unregistering): Released all slaves
[  656.285938][T16896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2907'.
[  656.285951][T16896] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2907'.
[  656.290578][T16896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2907'.
[  656.296052][T16896] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2907'.
[  656.296254][T16896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2907'.
[  656.296263][T16896] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2907'.
[  656.296442][T16896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2907'.
[  656.296450][T16896] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2907'.
[  656.296624][T16896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2907'.
[  656.306462][T11768] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  656.353344][T11768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  656.358713][T11768] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  656.364320][T11768] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  656.368959][T11768] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  656.448981][T16897] lo speed is unknown, defaulting to 1000
[  656.451539][T16897] lo speed is unknown, defaulting to 1000
[  656.578893][   T13] hsr_slave_0: left promiscuous mode
[  656.581256][   T13] hsr_slave_1: left promiscuous mode
[  656.591514][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  656.594210][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  656.599197][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  656.601584][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  656.634705][   T13] veth1_macvtap: left promiscuous mode
[  656.636750][   T13] veth0_macvtap: left promiscuous mode
[  656.638883][   T13] veth1_vlan: left promiscuous mode
[  656.641087][   T13] veth0_vlan: left promiscuous mode
[  657.041799][T16926] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[  657.043933][T16926] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  657.047365][T16926] vhci_hcd vhci_hcd.0: Device attached
[  657.227496][T16927] vhci_hcd: connection closed
[  657.227839][T10557] vhci_hcd: stop threads
[  657.230760][T10557] vhci_hcd: release socket
[  657.232207][T10557] vhci_hcd: disconnect device
[  657.341683][   T29] vhci_hcd: vhci_device speed not set
[  657.530688][   T13] team0 (unregistering): Port device team_slave_1 removed
[  657.671179][   T13] team0 (unregistering): Port device team_slave_0 removed
[  658.253384][T16897] chnl_net:caif_netlink_parms(): no params data found
[  658.357630][T16897] bridge0: port 1(bridge_slave_0) entered blocking state
[  658.359933][T16897] bridge0: port 1(bridge_slave_0) entered disabled state
[  658.362186][T16897] bridge_slave_0: entered allmulticast mode
[  658.365311][T16897] bridge_slave_0: entered promiscuous mode
[  658.368356][T16897] bridge0: port 2(bridge_slave_1) entered blocking state
[  658.370623][T16897] bridge0: port 2(bridge_slave_1) entered disabled state
[  658.372968][T16897] bridge_slave_1: entered allmulticast mode
[  658.375560][T16897] bridge_slave_1: entered promiscuous mode
[  658.417308][T16897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  658.423292][T16897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  658.444561][T11768] Bluetooth: hci0: command tx timeout
[  658.475971][T16897] team0: Port device team_slave_0 added
[  658.481943][T16897] team0: Port device team_slave_1 added
[  658.498466][T16961] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  658.500768][T16961] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  658.504274][T16961] vhci_hcd vhci_hcd.0: Device attached
[  658.516082][T16957] lo speed is unknown, defaulting to 1000
[  658.546323][T16957] lo speed is unknown, defaulting to 1000
[  658.547569][T16897] batman_adv: batadv0: Adding interface: batadv_slave_0
[  658.550417][T16897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.558937][T16897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  658.563021][    T9] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  658.571131][T16897] batman_adv: batadv0: Adding interface: batadv_slave_1
[  658.573576][T16897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.581638][T16897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  658.655019][T16897] hsr_slave_0: entered promiscuous mode
[  658.657532][T16897] hsr_slave_1: entered promiscuous mode
[  658.660443][T16897] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  658.663455][T16897] Cannot create hsr debugfs directory
[  658.712879][    T9] usb 6-1: Using ep0 maxpacket: 8
[  658.719463][    T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  658.735015][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  658.738553][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  658.748533][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  658.756550][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  658.767516][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  658.772951][T14170] usb 45-1: new high-speed USB device number 2 using vhci_hcd
[  658.774182][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.927247][T16975] FAULT_INJECTION: forcing a failure.
[  658.927247][T16975] name failslab, interval 1, probability 0, space 0, times 0
[  658.931099][T16975] CPU: 3 UID: 0 PID: 16975 Comm: syz.2.2917 Not tainted 6.15.0-rc5-syzkaller-00204-g0e1329d4045c #0 PREEMPT(full) 
[  658.931113][T16975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  658.931120][T16975] Call Trace:
[  658.931124][T16975]  <TASK>
[  658.931128][T16975]  dump_stack_lvl+0x16c/0x1f0
[  658.931146][T16975]  should_fail_ex+0x512/0x640
[  658.931160][T16975]  ? __kmalloc_noprof+0xbf/0x510
[  658.931172][T16975]  ? nf_tables_newrule+0xbfd/0x28e0
[  658.931186][T16975]  should_failslab+0xc2/0x120
[  658.931199][T16975]  __kmalloc_noprof+0xd2/0x510
[  658.931209][T16975]  ? nf_tables_newrule+0x8b0/0x28e0
[  658.931226][T16975]  nf_tables_newrule+0xbfd/0x28e0
[  658.931246][T16975]  ? __pfx_nf_tables_newrule+0x10/0x10
[  658.931270][T16975]  ? __nla_parse+0x40/0x60
[  658.931281][T16975]  nfnetlink_rcv_batch+0x1908/0x2350
[  658.931302][T16975]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  658.931315][T16975]  ? consume_skb+0xcc/0x100
[  658.931328][T16975]  ? find_held_lock+0x2b/0x80
[  658.931339][T16975]  ? __local_bh_enable_ip+0xa4/0x120
[  658.931351][T16975]  ? lockdep_hardirqs_on+0x7c/0x110
[  658.931372][T16975]  ? __pfx___dev_queue_xmit+0x10/0x10
[  658.931400][T16975]  ? __nla_parse+0x40/0x60
[  658.931411][T16975]  nfnetlink_rcv+0x3c1/0x430
[  658.931424][T16975]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  658.931441][T16975]  netlink_unicast+0x53a/0x7f0
[  658.931455][T16975]  ? __pfx_netlink_unicast+0x10/0x10
[  658.931471][T16975]  netlink_sendmsg+0x8d1/0xdd0
[  658.931485][T16975]  ? __pfx_netlink_sendmsg+0x10/0x10
[  658.931498][T16975]  ? __import_iovec+0x1c8/0x660
[  658.931516][T16975]  ____sys_sendmsg+0xa95/0xc70
[  658.931531][T16975]  ? __pfx_____sys_sendmsg+0x10/0x10
[  658.931544][T16975]  ? get_compat_msghdr+0x11a/0x170
[  658.931561][T16975]  ___sys_sendmsg+0x134/0x1d0
[  658.931573][T16975]  ? __pfx____sys_sendmsg+0x10/0x10
[  658.931601][T16975]  __sys_sendmsg+0x16d/0x220
[  658.931612][T16975]  ? __pfx___sys_sendmsg+0x10/0x10
[  658.931628][T16975]  ? rcu_is_watching+0x12/0xc0
[  658.931640][T16975]  __do_fast_syscall_32+0x73/0x120
[  658.931655][T16975]  do_fast_syscall_32+0x32/0x80
[  658.931669][T16975]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  658.931681][T16975] RIP: 0023:0xf7f56579
[  658.931689][T16975] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  658.931699][T16975] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  658.931710][T16975] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  658.931716][T16975] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  658.931721][T16975] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  658.931727][T16975] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  658.931732][T16975] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  658.931745][T16975]  </TASK>
[  659.021092][    T9] usb 6-1: GET_CAPABILITIES returned 45
[  659.023920][    T9] usbtmc 6-1:16.0: can't read capabilities
[  659.036058][T16963] vhci_hcd: connection reset by peer
[  659.041087][   T12] vhci_hcd: stop threads
[  659.042716][   T12] vhci_hcd: release socket
[  659.044503][   T12] vhci_hcd: disconnect device
[  659.395317][T17005] __nla_validate_parse: 123 callbacks suppressed
[  659.395357][T17005] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2920'.
[  659.623321][T16897] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  659.627529][T16897] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  659.631788][T16897] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  659.639440][T16897] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  659.697841][T16897] 8021q: adding VLAN 0 to HW filter on device bond0
[  659.714830][T16897] 8021q: adding VLAN 0 to HW filter on device team0
[  659.723996][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  659.726755][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  659.733901][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[  659.736940][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[  659.850339][T16897] 8021q: adding VLAN 0 to HW filter on device batadv0
[  659.869290][T16897] veth0_vlan: entered promiscuous mode
[  659.876309][T16897] veth1_vlan: entered promiscuous mode
[  659.894990][T16897] veth0_macvtap: entered promiscuous mode
[  659.902610][T16897] veth1_macvtap: entered promiscuous mode
[  659.944057][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  659.948789][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.954049][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  659.958177][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.963877][T16897] batman_adv: batadv0: Interface activated: batadv_slave_0
[  659.969296][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  659.973692][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.977313][T16897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  659.980418][T16897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.984812][T16897] batman_adv: batadv0: Interface activated: batadv_slave_1
[  659.989190][T16897] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  659.992027][T16897] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  659.995491][T16897] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  659.998448][T16897] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  660.092275][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  660.096168][T17037] wg1: entered promiscuous mode
[  660.097184][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  660.097833][T17037] wg1: entered allmulticast mode
[  660.120879][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  660.126202][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  660.528396][   T40] audit: type=1326 audit(1746856581.206:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17050 comm="syz.4.2925" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x0
[  661.190628][T17057] program syz.2.2926 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  661.329624][ T7498] usb 6-1: USB disconnect, device number 30
[  661.421079][T17066] netlink: 'syz.4.2928': attribute type 8 has an invalid length.
[  661.725538][T11768] Bluetooth: hci1: command 0x0406 tx timeout
[  662.233598][T10557] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.805492][T17090] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2934'.
[  663.807487][T17092] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2934'.
[  663.882922][T14170] vhci_hcd: vhci_device speed not set
[  663.906033][T11768] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  663.909556][T11768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  663.912338][T11768] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  663.915987][T11768] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  663.918942][T11768] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  663.944047][T17098] lo speed is unknown, defaulting to 1000
[  663.946629][T17098] lo speed is unknown, defaulting to 1000
[  664.029041][T17098] chnl_net:caif_netlink_parms(): no params data found
[  664.125930][T17098] bridge0: port 1(bridge_slave_0) entered blocking state
[  664.126062][T17098] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.126136][T17098] bridge_slave_0: entered allmulticast mode
[  664.126890][T17098] bridge_slave_0: entered promiscuous mode
[  664.128667][T17098] bridge0: port 2(bridge_slave_1) entered blocking state
[  664.128729][T17098] bridge0: port 2(bridge_slave_1) entered disabled state
[  664.128787][T17098] bridge_slave_1: entered allmulticast mode
[  664.129582][T17098] bridge_slave_1: entered promiscuous mode
[  664.171557][T17098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  664.178338][T17098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  664.216109][T17098] team0: Port device team_slave_0 added
[  664.220717][T17094] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[  664.221116][T17098] team0: Port device team_slave_1 added
[  664.222956][T17094] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  664.223149][T17094] vhci_hcd vhci_hcd.0: Device attached
[  664.238058][T17114] vhci_hcd: connection closed
[  664.238223][   T13] vhci_hcd: stop threads
[  664.241212][   T13] vhci_hcd: release socket
[  664.242640][   T13] vhci_hcd: disconnect device
[  664.267700][T17098] batman_adv: batadv0: Adding interface: batadv_slave_0
[  664.269896][T17098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  664.278874][T17098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  664.283616][T17098] batman_adv: batadv0: Adding interface: batadv_slave_1
[  664.285777][T17098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  664.295470][T17098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  664.341131][T10557] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  664.351277][T17098] hsr_slave_0: entered promiscuous mode
[  664.353618][T17098] hsr_slave_1: entered promiscuous mode
[  664.355664][T17098] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  664.358064][T17098] Cannot create hsr debugfs directory
[  664.383766][    T9] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  664.420512][T10557] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  664.481719][T10557] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  664.533014][    T9] usb 7-1: Using ep0 maxpacket: 8
[  664.536045][    T9] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  664.538619][    T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  664.541670][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  664.544854][    T9] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  664.552571][    T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  664.556743][    T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  664.559658][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.616081][T10557] bridge_slave_1: left allmulticast mode
[  664.617951][T10557] bridge_slave_1: left promiscuous mode
[  664.619788][T10557] bridge0: port 2(bridge_slave_1) entered disabled state
[  664.623501][T10557] bridge_slave_0: left allmulticast mode
[  664.625306][T10557] bridge_slave_0: left promiscuous mode
[  664.627178][T10557] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.768365][    T9] usb 7-1: GET_CAPABILITIES returned 45
[  664.770177][    T9] usbtmc 7-1:16.0: can't read capabilities
[  664.921262][T10557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  664.927095][T10557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  664.930936][T10557] bond0 (unregistering): Released all slaves
[  664.979615][T17125] tmpfs: Bad value for 'mpol'
[  665.046303][T17129] netlink: 'syz.1.2939': attribute type 1 has an invalid length.
[  665.049268][T17129] netlink: 'syz.1.2939': attribute type 2 has an invalid length.
[  665.052266][T17129] netlink: 1172 bytes leftover after parsing attributes in process `syz.1.2939'.
[  665.306394][T10557] hsr_slave_0: left promiscuous mode
[  665.308410][T10557] hsr_slave_1: left promiscuous mode
[  665.310437][T10557] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  665.312753][T10557] batman_adv: batadv0: Removing interface: batadv_slave_0
[  665.316122][T10557] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  665.319254][T10557] batman_adv: batadv0: Removing interface: batadv_slave_1
[  665.341666][T10557] veth1_macvtap: left promiscuous mode
[  665.343944][T10557] veth0_macvtap: left promiscuous mode
[  665.346180][T10557] veth1_vlan: left promiscuous mode
[  665.348301][T10557] veth0_vlan: left promiscuous mode
[  665.733009][T17148] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2940'.
[  665.964346][T16633] Bluetooth: hci0: command tx timeout
[  666.025096][T10557] team0 (unregistering): Port device team_slave_1 removed
[  666.097850][T10557] team0 (unregistering): Port device team_slave_0 removed
[  666.690261][T17098] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  666.694746][T17098] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  666.700212][T17098] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  666.705409][T17098] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  666.745754][T17098] 8021q: adding VLAN 0 to HW filter on device bond0
[  666.757187][T17098] 8021q: adding VLAN 0 to HW filter on device team0
[  666.779051][T17098] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  666.782241][T17098] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  666.866788][T17098] 8021q: adding VLAN 0 to HW filter on device batadv0
[  666.926707][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  666.929167][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  666.932369][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[  666.934820][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[  666.972199][T17098] veth0_vlan: entered promiscuous mode
[  666.977886][T17098] veth1_vlan: entered promiscuous mode
[  666.998805][T17098] veth0_macvtap: entered promiscuous mode
[  667.006516][T17098] veth1_macvtap: entered promiscuous mode
[  667.014998][T17098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  667.018230][T17098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  667.021259][T17098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  667.025579][T17098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  667.029475][T17098] batman_adv: batadv0: Interface activated: batadv_slave_0
[  667.039067][T17098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  667.048041][T17098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  667.051005][T17098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  667.055875][T17098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  667.060266][T17098] batman_adv: batadv0: Interface activated: batadv_slave_1
[  667.074754][T17098] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  667.077454][T17098] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  667.080050][T17098] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  667.082625][T17098] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  667.124783][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  667.127326][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  667.129619][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  667.132232][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  667.616691][T17203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2945'.
[  667.717664][   T29] usb 7-1: USB disconnect, device number 27
[  667.871236][T17209] program syz.1.2947 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  667.953150][ T1107] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
[  667.955412][ T1107] ata1.00: irq_stat 0x40000000
[  667.956915][ T1107] ata1.00: failed command: ZAC MANAGEMENT OUT
[  667.958854][ T1107] ata1.00: cmd 9f/02:00:00:00:00/01:00:00:00:00/40 tag 7
[  667.958854][ T1107]          res 41/04:00:00:00:00/00:00:00:00:00/40 Emask 0x1 (device error)
[  667.973843][ T1107] ata1.00: status: { DRDY ERR }
[  667.975599][ T1107] ata1.00: error: { ABRT }
[  667.977169][ T1107] ata1.00: device reported invalid CHS sector 0
[  668.079340][T17215] tmpfs: Bad value for 'mpol'
[  668.110821][T17213] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(13)
[  668.112908][T17213] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  668.116608][T17213] vhci_hcd vhci_hcd.0: Device attached
[  668.134487][T17218] netlink: 'syz.4.2949': attribute type 1 has an invalid length.
[  668.137026][T17218] netlink: 'syz.4.2949': attribute type 2 has an invalid length.
[  668.139463][T17218] netlink: 1172 bytes leftover after parsing attributes in process `syz.4.2949'.
[  668.270478][    C3] ata1: illegal qc_active transition (00000000->00000100)
[  668.333429][   T29] vhci_hcd: vhci_device speed not set
[  668.392879][   T29] usb 41-1: new full-speed USB device number 17 using vhci_hcd
[  668.557679][T17216] vhci_hcd: connection reset by peer
[  668.560400][   T65] vhci_hcd: stop threads
[  668.561731][   T65] vhci_hcd: release socket
[  668.563420][   T65] vhci_hcd: disconnect device
[  668.604772][ T1107] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  668.609706][ T1107] ata1.00: configured for UDMA/100
[  669.157186][  T215] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  669.427366][T17243] lo speed is unknown, defaulting to 1000
[  669.430929][T17243] lo speed is unknown, defaulting to 1000
[  670.803171][T17266] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2955'.
[  670.863880][T11768] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  670.868591][T11768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  670.871417][T11768] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  670.878756][T11768] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  670.888345][T11768] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  670.889809][  T215] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  670.916526][T17270] lo speed is unknown, defaulting to 1000
[  670.919139][T17270] lo speed is unknown, defaulting to 1000
[  670.997891][T17281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2961'.
[  671.006398][T17281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2961'.
[  671.011990][T17270] chnl_net:caif_netlink_parms(): no params data found
[  671.061842][  T215] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  671.113850][T17270] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.116237][T17270] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.118497][T17270] bridge_slave_0: entered allmulticast mode
[  671.121021][T17270] bridge_slave_0: entered promiscuous mode
[  671.147840][  T215] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  671.153974][T17270] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.156148][T17270] bridge0: port 2(bridge_slave_1) entered disabled state
[  671.156429][T17290] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2963'.
[  671.158339][T17270] bridge_slave_1: entered allmulticast mode
[  671.165615][T17270] bridge_slave_1: entered promiscuous mode
[  671.205366][T17270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  671.211404][T17270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  671.267139][T17270] team0: Port device team_slave_0 added
[  671.276609][T17270] team0: Port device team_slave_1 added
[  671.316939][T17270] batman_adv: batadv0: Adding interface: batadv_slave_0
[  671.319126][T17270] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  671.327095][T17270] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  671.337131][T17270] batman_adv: batadv0: Adding interface: batadv_slave_1
[  671.339389][T17270] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  671.348126][T17270] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  671.354998][  T215] bridge_slave_1: left allmulticast mode
[  671.356880][  T215] bridge_slave_1: left promiscuous mode
[  671.358782][  T215] bridge0: port 2(bridge_slave_1) entered disabled state
[  671.362584][  T215] bridge_slave_0: left allmulticast mode
[  671.364555][  T215] bridge_slave_0: left promiscuous mode
[  671.366481][  T215] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.634525][  T215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  671.638828][  T215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  671.645156][  T215] bond0 (unregistering): Released all slaves
[  671.689015][T17270] hsr_slave_0: entered promiscuous mode
[  671.691179][T17270] hsr_slave_1: entered promiscuous mode
[  671.693240][T17270] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  671.695517][T17270] Cannot create hsr debugfs directory
[  671.978715][  T215] hsr_slave_0: left promiscuous mode
[  671.980903][  T215] hsr_slave_1: left promiscuous mode
[  671.983343][  T215] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  671.985685][  T215] batman_adv: batadv0: Removing interface: batadv_slave_0
[  671.988424][  T215] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  671.990799][  T215] batman_adv: batadv0: Removing interface: batadv_slave_1
[  672.019599][  T215] veth1_macvtap: left promiscuous mode
[  672.021378][  T215] veth0_macvtap: left promiscuous mode
[  672.023412][  T215] veth1_vlan: left promiscuous mode
[  672.025063][  T215] veth0_vlan: left promiscuous mode
[  672.428540][   T40] audit: type=1326 audit(1746856593.106:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17319 comm="syz.2.2967" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f56579 code=0x0
[  672.770366][T17337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2971'.
[  672.930722][T16633] Bluetooth: hci0: command tx timeout
[  673.119535][  T215] team0 (unregistering): Port device team_slave_1 removed
[  673.184963][  T215] team0 (unregistering): Port device team_slave_0 removed
[  673.482990][   T29] vhci_hcd: vhci_device speed not set
[  673.542634][T17341] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2972'.
[  674.110447][T17270] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  674.116311][T17270] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  674.120940][T17270] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  674.126770][T17359] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2973'.
[  674.129634][T17359] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2973'.
[  674.134438][T17270] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  674.218048][T17364] syzkaller0: entered promiscuous mode
[  674.219829][T17364] syzkaller0: entered allmulticast mode
[  674.258752][T17270] 8021q: adding VLAN 0 to HW filter on device bond0
[  674.271060][T17270] 8021q: adding VLAN 0 to HW filter on device team0
[  674.278124][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  674.278189][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  674.280996][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  674.281040][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  674.542222][T17270] 8021q: adding VLAN 0 to HW filter on device batadv0
[  674.571375][T17270] veth0_vlan: entered promiscuous mode
[  674.576437][T17270] veth1_vlan: entered promiscuous mode
[  674.590675][T17270] veth0_macvtap: entered promiscuous mode
[  674.595005][T17270] veth1_macvtap: entered promiscuous mode
[  674.603390][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  674.606688][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  674.609745][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  674.613568][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  674.617963][T17270] batman_adv: batadv0: Interface activated: batadv_slave_0
[  674.623288][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  674.626617][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  674.629641][T17270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  674.633907][T17270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  674.637856][T17270] batman_adv: batadv0: Interface activated: batadv_slave_1
[  674.644458][T17270] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  674.647237][T17270] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  674.649948][T17270] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  674.652661][T17270] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  674.693668][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  674.696164][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  674.710060][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  674.712591][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  675.232965][ T5981] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  675.375454][ T5981] usb 6-1: device descriptor read/64, error -71
[  675.613129][ T5981] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  675.753441][ T5981] usb 6-1: device descriptor read/64, error -71
[  675.863118][ T5981] usb usb6-port1: attempt power cycle
[  676.202927][ T5981] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  676.223427][ T5981] usb 6-1: device descriptor read/8, error -71
[  676.452599][   T65] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  676.463016][ T5981] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  676.501584][ T5981] usb 6-1: device descriptor read/8, error -71
[  676.548983][T17395] team0: Device gtp0 is of different type
[  676.749974][ T5981] usb usb6-port1: unable to enumerate USB device
[  677.367320][   T65] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.215770][   T65] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.304243][   T65] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.394993][T11768] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  678.398942][T11768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  678.401725][T11768] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  678.404548][T11768] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  678.407094][T11768] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  678.435757][T17412] lo speed is unknown, defaulting to 1000
[  678.438243][T17412] lo speed is unknown, defaulting to 1000
[  678.745322][   T65] bridge_slave_1: left allmulticast mode
[  678.747182][   T65] bridge_slave_1: left promiscuous mode
[  678.749027][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  678.763666][   T65] bridge_slave_0: left allmulticast mode
[  678.765894][   T65] bridge_slave_0: left promiscuous mode
[  678.767760][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  678.868894][T17416] netlink: zone id is out of range
[  678.872895][T17416] netlink: zone id is out of range
[  678.875235][T17416] netlink: zone id is out of range
[  678.877024][T17416] netlink: zone id is out of range
[  678.878733][T17416] netlink: zone id is out of range
[  678.880465][T17416] netlink: zone id is out of range
[  678.882720][T17416] netlink: zone id is out of range
[  678.884555][T17416] netlink: zone id is out of range
[  678.886251][T17416] netlink: zone id is out of range
[  678.887852][T17416] netlink: zone id is out of range
[  679.044606][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  679.049821][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  679.054072][   T65] bond0 (unregistering): Released all slaves
[  679.154293][T17412] chnl_net:caif_netlink_parms(): no params data found
[  679.394220][T17412] bridge0: port 1(bridge_slave_0) entered blocking state
[  679.396597][T17412] bridge0: port 1(bridge_slave_0) entered disabled state
[  679.398918][T17412] bridge_slave_0: entered allmulticast mode
[  679.402304][T17412] bridge_slave_0: entered promiscuous mode
[  679.415491][T17412] bridge0: port 2(bridge_slave_1) entered blocking state
[  679.417881][T17412] bridge0: port 2(bridge_slave_1) entered disabled state
[  679.420698][T17412] bridge_slave_1: entered allmulticast mode
[  679.426001][T17412] bridge_slave_1: entered promiscuous mode
[  679.527135][T17412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  679.583538][T17412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  679.788727][T17446] loop6: detected capacity change from 0 to 524287999
[  679.914972][   T65] hsr_slave_0: left promiscuous mode
[  679.924050][   T65] hsr_slave_1: left promiscuous mode
[  679.928681][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  679.936719][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  679.943742][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  679.946350][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  679.964142][   T65] veth1_macvtap: left promiscuous mode
[  679.965954][   T65] veth0_macvtap: left promiscuous mode
[  679.968172][   T65] veth1_vlan: left promiscuous mode
[  679.969952][   T65] veth0_vlan: left promiscuous mode
[  680.004304][    T9] usb 6-1: new low-speed USB device number 35 using dummy_hcd
[  680.165111][    T9] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  680.167476][    T9] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  680.170685][    T9] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  680.176678][    T9] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  680.180143][    T9] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  680.184987][    T9] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  680.187388][    T9] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  680.195922][    T9] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  680.204140][    T9] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  680.208381][    T9] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  680.213194][    T9] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  680.215535][    T9] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  680.227577][    T9] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  680.231150][    T9] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  680.235113][    T9] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  680.245008][    T9] usb 6-1: string descriptor 0 read error: -22
[  680.254262][    T9] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  680.257126][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.282454][    T9] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  680.443004][T11768] Bluetooth: hci0: command tx timeout
[  680.502632][T17448] xt_CT: No such helper "pptp"
[  680.508764][T15086] usb 6-1: USB disconnect, device number 35
[  680.808357][   T65] team0 (unregistering): Port device team_slave_1 removed
[  680.893622][   T65] team0 (unregistering): Port device team_slave_0 removed
[  681.056488][T17463] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  681.147022][T17463] ipt_REJECT: TCP_RESET invalid for non-tcp
[  681.454029][T17412] team0: Port device team_slave_0 added
[  681.465231][T17463] netdevsim netdevsim1: Firmware load for '..' refused, path contains '..' component
[  681.466566][T17412] team0: Port device team_slave_1 added
[  681.504955][T17412] batman_adv: batadv0: Adding interface: batadv_slave_0
[  681.520950][T17412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  681.532955][T17412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  681.539133][T17412] batman_adv: batadv0: Adding interface: batadv_slave_1
[  681.542000][T17412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  681.556206][T17412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  681.649108][T17412] hsr_slave_0: entered promiscuous mode
[  681.651698][T17412] hsr_slave_1: entered promiscuous mode
[  681.661085][T17412] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  681.666796][T17412] Cannot create hsr debugfs directory
[  681.676622][T17476] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2999'.
[  682.039804][T17496] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3003'.
[  682.137603][T17502] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3004'.
[  682.313502][T17506] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[  682.315630][T17506] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  682.371854][T17506] vhci_hcd vhci_hcd.0: Device attached
[  682.422041][T17412] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  682.426636][T17412] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  682.431138][T17412] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  682.436234][T17412] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  682.507940][T17412] 8021q: adding VLAN 0 to HW filter on device bond0
[  682.527868][T17412] 8021q: adding VLAN 0 to HW filter on device team0
[  682.536966][T11768] Bluetooth: hci0: command tx timeout
[  682.544761][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  682.547721][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  682.553481][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  682.555725][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  682.572904][   T29] vhci_hcd: vhci_device speed not set
[  682.632901][   T29] usb 39-1: new full-speed USB device number 16 using vhci_hcd
[  682.673888][T17412] 8021q: adding VLAN 0 to HW filter on device batadv0
[  682.705787][T17412] veth0_vlan: entered promiscuous mode
[  682.710716][T17412] veth1_vlan: entered promiscuous mode
[  682.726655][T17412] veth0_macvtap: entered promiscuous mode
[  682.730229][T17412] veth1_macvtap: entered promiscuous mode
[  682.742765][T17412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.747588][T17412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.750560][T17412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.753931][T17412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.757817][T17412] batman_adv: batadv0: Interface activated: batadv_slave_0
[  682.765357][T17412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.768554][T17412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.771536][T17412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.775771][T17412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.781541][T17412] batman_adv: batadv0: Interface activated: batadv_slave_1
[  682.788340][T17412] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.791078][T17412] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.794419][T17412] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.797153][T17412] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  682.824286][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.826755][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.840732][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.846550][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.868598][T17508] vhci_hcd: connection reset by peer
[  682.871545][   T13] vhci_hcd: stop threads
[  682.873982][   T13] vhci_hcd: release socket
[  682.876726][   T13] vhci_hcd: disconnect device
[  683.269232][T17562] FAULT_INJECTION: forcing a failure.
[  683.269232][T17562] name failslab, interval 1, probability 0, space 0, times 0
[  683.275124][T17562] CPU: 3 UID: 0 PID: 17562 Comm: syz.2.3011 Not tainted 6.15.0-rc5-syzkaller-00204-g0e1329d4045c #0 PREEMPT(full) 
[  683.275149][T17562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  683.275159][T17562] Call Trace:
[  683.275166][T17562]  <TASK>
[  683.275172][T17562]  dump_stack_lvl+0x16c/0x1f0
[  683.275200][T17562]  should_fail_ex+0x512/0x640
[  683.275221][T17562]  ? fs_reclaim_acquire+0xae/0x150
[  683.275245][T17562]  ? tomoyo_encode2+0x100/0x3e0
[  683.275265][T17562]  should_failslab+0xc2/0x120
[  683.275284][T17562]  __kmalloc_noprof+0xd2/0x510
[  683.275301][T17562]  ? d_absolute_path+0x136/0x1a0
[  683.275323][T17562]  tomoyo_encode2+0x100/0x3e0
[  683.275345][T17562]  tomoyo_encode+0x29/0x50
[  683.275364][T17562]  tomoyo_realpath_from_path+0x18f/0x6e0
[  683.275393][T17562]  tomoyo_mount_acl+0x1ae/0x850
[  683.275412][T17562]  ? kernel_text_address+0x8d/0x100
[  683.275438][T17562]  ? __kernel_text_address+0xd/0x40
[  683.275461][T17562]  ? unwind_get_return_address+0x59/0xa0
[  683.275480][T17562]  ? arch_stack_walk+0xa6/0x100
[  683.275501][T17562]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  683.275544][T17562]  ? tomoyo_domain+0xbb/0x150
[  683.275566][T17562]  ? tomoyo_profile+0x47/0x60
[  683.275591][T17562]  tomoyo_mount_permission+0x16d/0x420
[  683.275610][T17562]  ? tomoyo_mount_permission+0x14f/0x420
[  683.275631][T17562]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  683.275662][T17562]  security_sb_mount+0x9b/0x260
[  683.275682][T17562]  path_mount+0x128/0x1f20
[  683.275701][T17562]  ? kmem_cache_free+0x2d4/0x4d0
[  683.275717][T17562]  ? __pfx_path_mount+0x10/0x10
[  683.275738][T17562]  ? putname+0x154/0x1a0
[  683.275760][T17562]  __ia32_sys_mount+0x28b/0x310
[  683.275778][T17562]  ? __pfx___ia32_sys_mount+0x10/0x10
[  683.275795][T17562]  ? rcu_is_watching+0x12/0xc0
[  683.275814][T17562]  __do_fast_syscall_32+0x73/0x120
[  683.275840][T17562]  do_fast_syscall_32+0x32/0x80
[  683.275862][T17562]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  683.275882][T17562] RIP: 0023:0xf7f56579
[  683.275895][T17562] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  683.275910][T17562] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  683.275926][T17562] RAX: ffffffffffffffda RBX: 00000000800000c0 RCX: 0000000080000280
[  683.275936][T17562] RDX: 0000000080000040 RSI: 0000000000018001 RDI: 0000000000000000
[  683.275945][T17562] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  683.275955][T17562] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  683.275964][T17562] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  683.275987][T17562]  </TASK>
[  683.276012][T17562] ERROR: Out of memory at tomoyo_realpath_from_path.
[  683.788084][T17569] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  683.790252][T17569] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  683.804063][T17569] vhci_hcd vhci_hcd.0: Device attached
[  683.858751][T17572] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  683.860852][T17572] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  683.863507][T17572] vhci_hcd vhci_hcd.0: Device attached
[  684.244028][T17570] vhci_hcd: connection closed
[  684.244188][   T13] vhci_hcd: stop threads
[  684.247866][   T13] vhci_hcd: release socket
[  684.249361][   T13] vhci_hcd: disconnect device
[  684.303148][   T64] vhci_hcd: vhci_device speed not set
[  684.382606][T17573] vhci_hcd: connection closed
[  684.382701][  T215] vhci_hcd: stop threads
[  684.385714][  T215] vhci_hcd: release socket
[  684.387449][  T215] vhci_hcd: disconnect device
[  684.979190][   T40] audit: type=1326 audit(1746856606.652:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  684.986167][   T40] audit: type=1326 audit(1746856606.652:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  684.990113][T17588] netlink: 'syz.1.3018': attribute type 2 has an invalid length.
[  684.993555][   T40] audit: type=1326 audit(1746856606.652:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  684.995840][T17588] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3018'.
[  685.002468][   T40] audit: type=1326 audit(1746856606.652:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  685.012192][   T40] audit: type=1326 audit(1746856606.652:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  685.020176][   T40] audit: type=1326 audit(1746856606.652:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  685.027173][   T40] audit: type=1326 audit(1746856606.652:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  685.036312][   T40] audit: type=1326 audit(1746856606.652:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  685.043045][   T40] audit: type=1326 audit(1746856606.652:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  685.049495][   T40] audit: type=1326 audit(1746856606.652:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17587 comm="syz.1.3018" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7fd6579 code=0x7ffc0000
[  685.255182][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  685.257350][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  685.288617][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.413585][T17599] usb usb1: usbfs: process 17599 (syz.4.3020) did not claim interface 6 before use
[  686.873251][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  686.976122][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  687.037281][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  687.127976][   T13] bridge_slave_1: left allmulticast mode
[  687.130393][   T13] bridge_slave_1: left promiscuous mode
[  687.133023][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  687.137936][   T13] bridge_slave_0: left allmulticast mode
[  687.140327][   T13] bridge_slave_0: left promiscuous mode
[  687.142215][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  687.475426][T16633] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  687.476754][T16633] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  687.477525][T16633] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  687.482176][T16633] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  687.482523][T16633] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  687.518962][T17616] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  687.521067][T17616] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  687.525349][T17616] vhci_hcd vhci_hcd.0: Device attached
[  687.544657][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  687.548970][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  687.552611][   T13] bond0 (unregistering): Released all slaves
[  687.608526][T17614] lo speed is unknown, defaulting to 1000
[  687.634988][T17614] lo speed is unknown, defaulting to 1000
[  687.669532][T17624] input: syz0 as /devices/virtual/input/input44
[  687.722920][   T29] vhci_hcd: vhci_device speed not set
[  687.724749][T14103] vhci_hcd: vhci_device speed not set
[  687.782978][T14103] usb 41-1: new full-speed USB device number 19 using vhci_hcd
[  687.849701][T17614] chnl_net:caif_netlink_parms(): no params data found
[  687.930591][T17614] bridge0: port 1(bridge_slave_0) entered blocking state
[  687.935536][T17614] bridge0: port 1(bridge_slave_0) entered disabled state
[  687.937984][T17614] bridge_slave_0: entered allmulticast mode
[  687.940660][T17614] bridge_slave_0: entered promiscuous mode
[  687.944236][T17614] bridge0: port 2(bridge_slave_1) entered blocking state
[  687.946676][T17614] bridge0: port 2(bridge_slave_1) entered disabled state
[  687.948947][T17614] bridge_slave_1: entered allmulticast mode
[  687.951651][T17614] bridge_slave_1: entered promiscuous mode
[  687.958438][   T13] hsr_slave_0: left promiscuous mode
[  687.960466][   T13] hsr_slave_1: left promiscuous mode
[  687.962450][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  687.967864][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  687.973359][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  687.975704][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  687.994027][   T13] veth1_macvtap: left promiscuous mode
[  687.995778][   T13] veth0_macvtap: left promiscuous mode
[  687.997608][   T13] veth1_vlan: left promiscuous mode
[  687.999876][   T13] veth0_vlan: left promiscuous mode
[  688.274206][T17618] vhci_hcd: connection reset by peer
[  688.276144][   T12] vhci_hcd: stop threads
[  688.277497][   T12] vhci_hcd: release socket
[  688.279025][   T12] vhci_hcd: disconnect device
[  688.499934][T17652] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3029'.
[  688.632370][   T13] team0 (unregistering): Port device team_slave_1 removed
[  688.706203][   T13] team0 (unregistering): Port device team_slave_0 removed
[  688.813778][T17656] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3030'.
[  689.423241][T17614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  689.428302][T17614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  689.474687][T17614] team0: Port device team_slave_0 added
[  689.478791][T17614] team0: Port device team_slave_1 added
[  689.510483][T17614] batman_adv: batadv0: Adding interface: batadv_slave_0
[  689.512872][T17614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  689.521611][T17614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  689.526131][T17614] batman_adv: batadv0: Adding interface: batadv_slave_1
[  689.528336][T17614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  689.536391][T17614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  689.563138][T16633] Bluetooth: hci0: command tx timeout
[  689.586818][T17614] hsr_slave_0: entered promiscuous mode
[  689.590391][T17614] hsr_slave_1: entered promiscuous mode
[  689.592599][T17614] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  689.597508][T17614] Cannot create hsr debugfs directory
[  689.963417][T17682] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3032'.
[  690.284170][T17614] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  690.301512][T17614] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  690.306912][T17614] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  690.311115][T17614] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  690.347073][T17614] 8021q: adding VLAN 0 to HW filter on device bond0
[  690.355380][T17614] 8021q: adding VLAN 0 to HW filter on device team0
[  690.371676][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  690.374509][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  690.380565][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  690.382935][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  690.525499][T17614] 8021q: adding VLAN 0 to HW filter on device batadv0
[  690.559038][T17614] veth0_vlan: entered promiscuous mode
[  690.566516][T17614] veth1_vlan: entered promiscuous mode
[  690.586709][T17614] veth0_macvtap: entered promiscuous mode
[  690.592396][T17709] ip6erspan0: entered promiscuous mode
[  690.654764][T17614] veth1_macvtap: entered promiscuous mode
[  690.676455][T17614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  690.679791][T17614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.693299][T17614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  690.696647][T17614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.702226][T17614] batman_adv: batadv0: Interface activated: batadv_slave_0
[  690.711941][T17614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  690.715477][T17614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.718658][T17614] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  690.721915][T17614] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  690.727155][T17614] batman_adv: batadv0: Interface activated: batadv_slave_1
[  690.731332][T17614] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  690.735369][T17614] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  690.738296][T17614] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  690.742378][T17614] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  690.815251][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  690.823662][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  690.840871][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  690.848198][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  691.613661][T17738] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  691.615807][T17738] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  691.618912][T17738] vhci_hcd vhci_hcd.0: Device attached
[  691.727700][T17748] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3041'.
[  691.802932][    T9] vhci_hcd: vhci_device speed not set
[  691.873019][    T9] usb 39-1: new full-speed USB device number 17 using vhci_hcd
[  691.875555][T17745] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  691.877640][T17744] vhci_hcd: connection closed
[  691.932904][   T13] vhci_hcd: stop threads
[  691.935982][   T13] vhci_hcd: release socket
[  691.937499][   T13] vhci_hcd: disconnect device
[  692.933194][T14103] vhci_hcd: vhci_device speed not set
[  693.223527][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.860218][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.924390][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.004357][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.115619][   T12] bridge_slave_1: left allmulticast mode
[  695.118038][   T12] bridge_slave_1: left promiscuous mode
[  695.120499][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  695.125256][   T12] bridge_slave_0: left allmulticast mode
[  695.126880][   T12] bridge_slave_0: left promiscuous mode
[  695.128541][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  695.366799][T11768] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  695.374400][T11768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  695.378142][T11768] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  695.387214][T11768] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  695.391431][T11768] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  695.402001][T17785] 9pnet_virtio: no channels available for device ./file0/file0
[  695.791772][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  695.797384][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  695.801109][   T12] bond0 (unregistering): Released all slaves
[  695.819473][T17780] lo speed is unknown, defaulting to 1000
[  695.824326][T17780] lo speed is unknown, defaulting to 1000
[  695.846307][T17790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3051'.
[  696.006638][T17780] chnl_net:caif_netlink_parms(): no params data found
[  696.256479][T17780] bridge0: port 1(bridge_slave_0) entered blocking state
[  696.264377][T17780] bridge0: port 1(bridge_slave_0) entered disabled state
[  696.266734][T17780] bridge_slave_0: entered allmulticast mode
[  696.269526][T17780] bridge_slave_0: entered promiscuous mode
[  696.276296][T17780] bridge0: port 2(bridge_slave_1) entered blocking state
[  696.280285][T17780] bridge0: port 2(bridge_slave_1) entered disabled state
[  696.283699][T17780] bridge_slave_1: entered allmulticast mode
[  696.286691][T17780] bridge_slave_1: entered promiscuous mode
[  696.292481][   T12] hsr_slave_0: left promiscuous mode
[  696.298325][   T12] hsr_slave_1: left promiscuous mode
[  696.300327][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  696.302686][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.306753][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  696.309089][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.327863][   T12] veth1_macvtap: left promiscuous mode
[  696.329669][   T12] veth0_macvtap: left promiscuous mode
[  696.331467][   T12] veth1_vlan: left promiscuous mode
[  696.333239][   T12] veth0_vlan: left promiscuous mode
[  696.343678][T17813] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3052'.
[  696.395539][T17822] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3052'.
[  696.436274][T17824] afs: Unknown parameter 'dyn:u'�$2��Ґ1�/>|�	?\77�L���Bb..��E��'
[  696.994764][    T9] vhci_hcd: vhci_device speed not set
[  697.038820][   T12] team0 (unregistering): Port device team_slave_1 removed
[  697.107019][   T12] team0 (unregistering): Port device team_slave_0 removed
[  697.264578][T17831] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3055'.
[  697.413621][T16633] Bluetooth: hci0: command tx timeout
[  697.670869][T17813] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  697.694856][T17780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  697.704760][T17780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  697.764969][T17780] team0: Port device team_slave_0 added
[  697.777676][T17780] team0: Port device team_slave_1 added
[  697.783482][T17843] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3057'.
[  697.890492][T17780] batman_adv: batadv0: Adding interface: batadv_slave_0
[  697.892785][T17780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  697.904771][T17780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  697.908926][T17780] batman_adv: batadv0: Adding interface: batadv_slave_1
[  697.911122][T17780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  697.921194][T17780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  698.098636][T17780] hsr_slave_0: entered promiscuous mode
[  698.102604][T17780] hsr_slave_1: entered promiscuous mode
[  698.109931][T17852] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3058'.
[  698.113793][T17780] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  698.116420][T17780] Cannot create hsr debugfs directory
[  698.760921][T17780] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  698.767056][T17780] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  698.802979][T17780] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  698.818263][T17780] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  698.954647][T17780] 8021q: adding VLAN 0 to HW filter on device bond0
[  698.970765][T17780] 8021q: adding VLAN 0 to HW filter on device team0
[  698.976870][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.979105][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  698.985847][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.988055][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  699.009766][T17780] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  699.018660][T17780] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  699.142239][T17887] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  699.179315][T17780] 8021q: adding VLAN 0 to HW filter on device batadv0
[  699.200409][T17780] veth0_vlan: entered promiscuous mode
[  699.206683][T17780] veth1_vlan: entered promiscuous mode
[  699.219911][T17780] veth0_macvtap: entered promiscuous mode
[  699.234417][T17780] veth1_macvtap: entered promiscuous mode
[  699.315721][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  699.322245][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  699.329559][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  699.337718][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  699.344470][T17780] batman_adv: batadv0: Interface activated: batadv_slave_0
[  699.355799][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  699.359452][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  699.363806][T17780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  699.367141][T17780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  699.370946][T17780] batman_adv: batadv0: Interface activated: batadv_slave_1
[  699.380230][T17780] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  699.383361][T17780] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  699.386125][T17780] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  699.388781][T17780] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  699.428788][T10557] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  699.431284][T10557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  699.450275][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  699.455615][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  699.482920][T16633] Bluetooth: hci0: command tx timeout
[  700.927959][T17923] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3066'.
[  700.933137][T17923] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3066'.
[  701.237172][   T65] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  702.526909][   T65] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  702.665154][   T65] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  702.738053][   T65] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  702.849418][   T65] bridge_slave_1: left allmulticast mode
[  702.851831][   T65] bridge_slave_1: left promiscuous mode
[  702.855202][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  702.860941][   T65] bridge_slave_0: left allmulticast mode
[  702.863877][   T65] bridge_slave_0: left promiscuous mode
[  702.866385][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.146725][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  703.151506][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  703.158860][   T65] bond0 (unregistering): Released all slaves
[  703.486652][   T65] hsr_slave_0: left promiscuous mode
[  703.488897][   T65] hsr_slave_1: left promiscuous mode
[  703.490902][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  703.498452][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  703.584559][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  703.587742][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  703.591965][T17957] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3072'.
[  703.613673][T17960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  703.709299][T11768] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  703.714396][T11768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  703.718087][T11768] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  703.720695][   T65] veth1_macvtap: left promiscuous mode
[  703.725103][T11768] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  703.725713][   T65] veth0_macvtap: left promiscuous mode
[  703.729364][   T65] veth1_vlan: left promiscuous mode
[  703.729870][T11768] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  703.731607][   T65] veth0_vlan: left promiscuous mode
[  704.033213][T17964] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  704.035503][T17964] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  704.040915][T17964] vhci_hcd vhci_hcd.0: Device attached
[  704.222976][   T29] vhci_hcd: vhci_device speed not set
[  704.283471][   T29] usb 39-1: new full-speed USB device number 18 using vhci_hcd
[  704.560472][T17966] vhci_hcd: connection reset by peer
[  704.562678][   T12] vhci_hcd: stop threads
[  704.565381][   T12] vhci_hcd: release socket
[  704.566934][   T12] vhci_hcd: disconnect device
[  704.680865][   T65] team0 (unregistering): Port device team_slave_1 removed
[  704.749355][   T65] team0 (unregistering): Port device team_slave_0 removed
[  705.637969][T17962] lo speed is unknown, defaulting to 1000
[  705.640474][T17962] lo speed is unknown, defaulting to 1000
[  705.733396][T17962] chnl_net:caif_netlink_parms(): no params data found
[  705.885277][T17962] bridge0: port 1(bridge_slave_0) entered blocking state
[  705.888265][T17962] bridge0: port 1(bridge_slave_0) entered disabled state
[  705.891506][T17962] bridge_slave_0: entered allmulticast mode
[  705.892993][T16633] Bluetooth: hci0: command tx timeout
[  705.895036][T17962] bridge_slave_0: entered promiscuous mode
[  705.908487][T17962] bridge0: port 2(bridge_slave_1) entered blocking state
[  705.911476][T17962] bridge0: port 2(bridge_slave_1) entered disabled state
[  705.914648][T17962] bridge_slave_1: entered allmulticast mode
[  705.918187][T17962] bridge_slave_1: entered promiscuous mode
[  705.925437][T17997] 
[  705.926511][T17997] ======================================================
[  705.929269][T17997] WARNING: possible circular locking dependency detected
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  705.932103][T17997] 6.15.0-rc5-syzkaller-00204-g0e1329d4045c #0 Not tainted
[  705.936684][T17997] ------------------------------------------------------
[  705.939519][T17997] syz.4.3078/17997 is trying to acquire lock:
[  705.942006][T17997] ffff88801f4338e8 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0
[  705.945269][T17997] 
[  705.945269][T17997] but task is already holding lock:
[  705.948208][T17997] ffff88804e915868 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[  705.951589][T17997] 
[  705.951589][T17997] which lock already depends on the new lock.
[  705.951589][T17997] 
[  705.955827][T17997] 
[  705.955827][T17997] the existing dependency chain (in reverse order) is:
[  705.959487][T17997] 
[  705.959487][T17997] -> #5 (&pipe->mutex){+.+.}-{4:4}:
[  705.962555][T17997]        __mutex_lock+0x199/0xb90
[  705.964663][T17997]        pipe_lock+0x64/0x80
[  705.966579][T17997]        iter_file_splice_write+0x1ea/0x1150
[  705.969033][T17997]        do_splice+0x1475/0x1fc0
[  705.971183][T17997]        __do_splice+0x32a/0x360
[  705.973331][T17997]        __ia32_sys_splice+0x189/0x250
[  705.975684][T17997]        __do_fast_syscall_32+0x73/0x120
[  705.978120][T17997]        do_fast_syscall_32+0x32/0x80
[  705.980348][T17997]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  705.983238][T17997] 
[  705.983238][T17997] -> #4 (sb_writers#5){.+.+}-{0:0}:
[  705.986269][T17997]        mnt_want_write+0x6f/0x450
[  705.988367][T17997]        ovl_create_object+0x12c/0x300
[  705.990632][T17997]        lookup_open.isra.0+0x11d0/0x1580
[  705.992933][T17997]        path_openat+0x905/0x2d40
[  705.995069][T17997]        do_filp_open+0x20b/0x470
[  705.997254][T17997]        do_sys_openat2+0x11b/0x1d0
[  705.999501][T17997]        __ia32_sys_creat+0xcb/0x120
[  706.001804][T17997]        __do_fast_syscall_32+0x73/0x120
[  706.004151][T17997]        do_fast_syscall_32+0x32/0x80
[  706.006475][T17997]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  706.009376][T17997] 
[  706.009376][T17997] -> #3 (&ovl_i_mutex_dir_key[depth]#2){++++}-{4:4}:
[  706.013171][T17997]        down_read+0x9b/0x480
[  706.015248][T17997]        lookup_one_unlocked+0x131/0x160
[  706.017417][T17997]        ovl_lookup_single+0x1fe/0xfb0
[  706.019776][T17997]        ovl_lookup_layer+0x3d4/0x480
[  706.022109][T17997]        ovl_lookup+0x1417/0x2270
[  706.024283][T17997]        __lookup_slow+0x24e/0x460
[  706.026420][T17997]        walk_component+0x353/0x5b0
[  706.028592][T17997]        path_lookupat+0x17e/0x780
[  706.030764][T17997]        filename_lookup+0x224/0x5f0
[  706.032967][T17997]        kern_path+0x35/0x50
[  706.034923][T17997]        lookup_bdev+0xd8/0x280
[  706.036983][T17997]        resume_store+0x1d6/0x460
[  706.039082][T17997]        kobj_attr_store+0x55/0x80
[  706.041200][T17997]        sysfs_kf_write+0xef/0x150
[  706.043357][T17997]        kernfs_fop_write_iter+0x351/0x510
[  706.045816][T17997]        vfs_write+0x5ba/0x1180
[  706.047881][T17997]        ksys_write+0x12a/0x240
[  706.049958][T17997]        __do_fast_syscall_32+0x73/0x120
[  706.052368][T17997]        do_fast_syscall_32+0x32/0x80
[  706.054660][T17997]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  706.057580][T17997] 
[  706.057580][T17997] -> #2 (&ovl_i_mutex_dir_key[depth]){.+.+}-{4:4}:
[  706.061211][T17997]        down_read+0x9b/0x480
[  706.063259][T17997]        walk_component+0x345/0x5b0
[  706.065441][T17997]        path_lookupat+0x17e/0x780
[  706.067604][T17997]        filename_lookup+0x224/0x5f0
[  706.069833][T17997]        kern_path+0x35/0x50
[  706.071808][T17997]        lookup_bdev+0xd8/0x280
[  706.073806][T17997]        resume_store+0x1d6/0x460
[  706.075914][T17997]        kobj_attr_store+0x55/0x80
[  706.078019][T17997]        sysfs_kf_write+0xef/0x150
[  706.080115][T17997]        kernfs_fop_write_iter+0x351/0x510
[  706.082516][T17997]        vfs_write+0x5ba/0x1180
[  706.084516][T17997]        ksys_write+0x12a/0x240
[  706.086497][T17997]        __do_fast_syscall_32+0x73/0x120
[  706.088776][T17997]        do_fast_syscall_32+0x32/0x80
[  706.091017][T17997]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  706.093843][T17997] 
[  706.093843][T17997] -> #1 (&of->mutex){+.+.}-{4:4}:
[  706.096916][T17997]        __mutex_lock+0x199/0xb90
[  706.099062][T17997]        kernfs_seq_start+0x4d/0x240
[  706.101090][T17997]        traverse.part.0.constprop.0+0xac/0x640
[  706.103417][T17997]        seq_read_iter+0x932/0x12c0
[  706.105412][T17997]        kernfs_fop_read_iter+0x40f/0x5a0
[  706.107581][T17997]        do_iter_readv_writev+0x735/0x950
[  706.109683][T17997]        vfs_readv+0x4c5/0x8a0
[  706.111495][T17997]        do_readv+0x132/0x330
[  706.113235][T17997]        __do_fast_syscall_32+0x73/0x120
[  706.114958][T17997]        do_fast_syscall_32+0x32/0x80
[  706.116666][T17997]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  706.119097][T17997] 
[  706.119097][T17997] -> #0 (&p->lock){+.+.}-{4:4}:
[  706.121862][T17997]        __lock_acquire+0x1173/0x1ba0
[  706.123977][T17997]        lock_acquire+0x179/0x350
[  706.126001][T17997]        __mutex_lock+0x199/0xb90
[  706.127929][T17997]        seq_read_iter+0xe1/0x12c0
[  706.129863][T17997]        kernfs_fop_read_iter+0x40f/0x5a0
[  706.131849][T17997]        copy_splice_read+0x615/0xba0
[  706.133803][T17997]        do_splice_read+0x282/0x370
[  706.135751][T17997]        splice_file_to_pipe+0x109/0x120
[  706.137936][T17997]        do_sendfile+0x400/0xe50
[  706.139910][T17997]        __ia32_sys_sendfile64+0x1d7/0x220
[  706.141937][T17997]        __do_fast_syscall_32+0x73/0x120
[  706.144016][T17997]        do_fast_syscall_32+0x32/0x80
[  706.146175][T17997]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  706.148790][T17997] 
[  706.148790][T17997] other info that might help us debug this:
[  706.148790][T17997] 
[  706.152119][T17997] Chain exists of:
[  706.152119][T17997]   &p->lock --> sb_writers#5 --> &pipe->mutex
[  706.152119][T17997] 
[  706.156510][T17997]  Possible unsafe locking scenario:
[  706.156510][T17997] 
[  706.159423][T17997]        CPU0                    CPU1
[  706.161358][T17997]        ----                    ----
[  706.163184][T17997]   lock(&pipe->mutex);
[  706.164652][T17997]                                lock(sb_writers#5);
[  706.167057][T17997]                                lock(&pipe->mutex);
[  706.169577][T17997]   lock(&p->lock);
[  706.171033][T17997] 
[  706.171033][T17997]  *** DEADLOCK ***
[  706.171033][T17997] 
[  706.173954][T17997] 1 lock held by syz.4.3078/17997:
[  706.175556][T17997]  #0: ffff88804e915868 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[  706.178296][T17997] 
[  706.178296][T17997] stack backtrace:
[  706.180134][T17997] CPU: 0 UID: 0 PID: 17997 Comm: syz.4.3078 Not tainted 6.15.0-rc5-syzkaller-00204-g0e1329d4045c #0 PREEMPT(full) 
[  706.180148][T17997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  706.180154][T17997] Call Trace:
[  706.180159][T17997]  <TASK>
[  706.180165][T17997]  dump_stack_lvl+0x116/0x1f0
[  706.180181][T17997]  print_circular_bug+0x275/0x350
[  706.180194][T17997]  check_noncircular+0x14c/0x170
[  706.180208][T17997]  __lock_acquire+0x1173/0x1ba0
[  706.180222][T17997]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  706.180235][T17997]  lock_acquire+0x179/0x350
[  706.180251][T17997]  ? seq_read_iter+0xe1/0x12c0
[  706.180271][T17997]  ? __pfx___might_resched+0x10/0x10
[  706.180286][T17997]  ? kasan_save_track+0x14/0x30
[  706.180297][T17997]  ? __kmalloc_noprof+0x223/0x510
[  706.180309][T17997]  __mutex_lock+0x199/0xb90
[  706.180322][T17997]  ? seq_read_iter+0xe1/0x12c0
[  706.180336][T17997]  ? seq_read_iter+0xe1/0x12c0
[  706.180349][T17997]  ? __pfx___mutex_lock+0x10/0x10
[  706.180364][T17997]  ? alloc_pages_bulk_noprof+0xa4e/0x13b0
[  706.180377][T17997]  ? seq_read_iter+0xe1/0x12c0
[  706.180390][T17997]  seq_read_iter+0xe1/0x12c0
[  706.180403][T17997]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  706.180416][T17997]  kernfs_fop_read_iter+0x40f/0x5a0
[  706.180430][T17997]  copy_splice_read+0x615/0xba0
[  706.180445][T17997]  ? __mutex_lock+0x1ca/0xb90
[  706.180459][T17997]  ? __pfx_copy_splice_read+0x10/0x10
[  706.180473][T17997]  ? __pfx___mutex_lock+0x10/0x10
[  706.180488][T17997]  ? __fget_files+0x204/0x3c0
[  706.180503][T17997]  ? __pfx_copy_splice_read+0x10/0x10
[  706.180517][T17997]  do_splice_read+0x282/0x370
[  706.180531][T17997]  splice_file_to_pipe+0x109/0x120
[  706.180547][T17997]  do_sendfile+0x400/0xe50
[  706.180563][T17997]  ? __pfx_do_sendfile+0x10/0x10
[  706.180578][T17997]  ? __pfx___seccomp_filter+0x10/0x10
[  706.180589][T17997]  __ia32_sys_sendfile64+0x1d7/0x220
[  706.180601][T17997]  ? __pfx___ia32_sys_sendfile64+0x10/0x10
[  706.180614][T17997]  ? __secure_computing+0x21c/0x320
[  706.180625][T17997]  __do_fast_syscall_32+0x73/0x120
[  706.180640][T17997]  do_fast_syscall_32+0x32/0x80
[  706.180654][T17997]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  706.180667][T17997] RIP: 0023:0xf702e579
[  706.180675][T17997] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  706.180685][T17997] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000ef
[  706.180695][T17997] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000005
[  706.180701][T17997] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
[  706.180707][T17997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  706.180713][T17997] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  706.180719][T17997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  706.180728][T17997]  </TASK>
[  706.283649][    C0] vkms_vblank_simulate: vblank timer overrun
[  706.299914][T17962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  706.311251][T17962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  706.608077][   T65] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.675837][   T65] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.743259][   T65] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.807275][   T65] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.867038][   T65] bridge_slave_1: left allmulticast mode
[  706.868872][   T65] bridge_slave_1: left promiscuous mode
[  706.870784][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  706.874111][   T65] bridge_slave_0: left allmulticast mode
[  706.875972][   T65] bridge_slave_0: left promiscuous mode
[  706.877816][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.017855][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  707.021437][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  707.024957][   T65] bond0 (unregistering): Released all slaves
[  707.319866][   T65] hsr_slave_0: left promiscuous mode
[  707.322278][   T65] hsr_slave_1: left promiscuous mode
[  707.325037][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  707.327221][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  707.334540][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  707.337234][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  707.342183][   T65] veth1_macvtap: left promiscuous mode
[  707.345017][   T65] veth0_macvtap: left promiscuous mode
[  707.346768][   T65] veth1_vlan: left promiscuous mode
[  707.348418][   T65] veth0_vlan: left promiscuous mode
[  707.537898][   T65] team0 (unregistering): Port device team_slave_1 removed
[  707.573377][   T65] team0 (unregistering): Port device team_slave_0 removed
[  708.090837][   T65] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.167479][   T65] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.259020][   T65] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.317440][   T65] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.396867][   T65] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.446806][   T65] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.517075][   T65] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.586092][   T65] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.647888][   T65] bridge_slave_1: left allmulticast mode
[  708.651149][   T65] bridge_slave_1: left promiscuous mode
[  708.654129][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.661848][   T65] bridge_slave_0: left allmulticast mode
[  708.663835][   T65] bridge_slave_0: left promiscuous mode
[  708.665858][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  708.846836][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  708.851594][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  708.855149][   T65] bond0 (unregistering): Released all slaves
[  708.859728][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  708.863451][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  708.866966][   T65] bond0 (unregistering): Released all slaves
[  708.939629][   T65] bond0 (unregistering): Released all slaves
[  709.033506][   T65] : left promiscuous mode
[  709.085660][   T65] : left promiscuous mode
[  709.392875][   T29] vhci_hcd: vhci_device speed not set
[  709.490680][   T65] hsr_slave_0: left promiscuous mode
[  709.493744][   T65] hsr_slave_1: left promiscuous mode
[  709.496058][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  709.498891][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  709.502061][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  709.506199][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  709.513041][   T65] hsr_slave_0: left promiscuous mode
[  709.515485][   T65] hsr_slave_1: left promiscuous mode
[  709.521814][   T65] veth1_macvtap: left promiscuous mode
[  709.524066][   T65] veth0_macvtap: left promiscuous mode
[  709.526257][   T65] veth1_vlan: left promiscuous mode
[  709.528298][   T65] veth0_vlan: left promiscuous mode
[  709.530783][   T65] veth1_macvtap: left promiscuous mode
[  709.533037][   T65] veth0_macvtap: left promiscuous mode
[  709.535224][   T65] veth1_vlan: left promiscuous mode
[  709.537302][   T65] veth0_vlan: left promiscuous mode
[  709.737599][   T65] team0 (unregistering): Port device team_slave_1 removed
[  709.772934][   T65] team0 (unregistering): Port device team_slave_0 removed
[  711.380407][   T65] IPVS: stop unused estimator thread 0...

VM DIAGNOSIS:
05:57:06  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854c18f5 RDI=ffffffff9addfbc0 RBP=ffffffff9addfb80 RSP=ffffc900030af258
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000005b14
R12=0000000000000000 R13=0000000000000030 R14=ffffffff9addfb80 R15=ffffffff854c1890
RIP=ffffffff854c191f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977ec000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7352f74 CR3=000000006a591000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000004800000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000001768d34 RBX=0000000000000001 RCX=ffffffff8b6943e9 RDX=ffffed10056665be
RSI=ffffffff8bf46c20 RDI=ffffffff81912251 RBP=ffffed1003ad9488 RSP=ffffc9000046fdf8
R8 =0000000000000000 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000000000
R12=0000000000000001 R13=ffff88801d6ca440 R14=ffffffff90850e10 R15=0000000000000000
RIP=ffffffff8b692c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978ec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f72d2f04 CR3=0000000065065000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000008d60c4 RBX=0000000000000002 RCX=ffffffff8b6943e9 RDX=ffffed10056865be
RSI=ffffffff8bf46c20 RDI=ffffffff81912251 RBP=ffffed1003ad9910 RSP=ffffc9000047fdf8
R8 =0000000000000000 R9 =ffffed10056865bd R10=ffff88802b432deb R11=0000000000000000
R12=0000000000000002 R13=ffff88801d6cc880 R14=ffffffff90850e10 R15=0000000000000000
RIP=ffffffff8b692c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979ec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ff51e4d85d0 CR3=0000000048d52000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=adbe268d766d3219 9717bbe99b1954ff adbe268d766d3219 9717bbe99b1954ff adbe268d766d3219 9717bbe99b1954ff adbe268d766d3219 9717bbe99b1954ff
ZMM18=5a0b4def4c4026cb b658edb799b5ab81 5a0b4def4c4026cb b658edb799b5ab81 5a0b4def4c4026cb b658edb799b5ab81 5a0b4def4c4026cb b658edb799b5ab81
ZMM19=2d22000000000000 0000000000000005 2d22000000000000 0000000000000004 2d22000000000000 0000000000000003 2d22000000000000 0000000000000002
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000232400806 8003010000000806 020204c401a0c482 08000408000b8002
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0600748e00234423 436964696d2f646e 732f7665642f01ff ffffffffffffffdb
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 080b80030fffffff ff02040800000800 0208007c08000a01 4ba40c0800060800
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0700000000000016 ffffffe8000003e6 0000000800040000 0008000800000020
ZMM25=8cd25adf8cd25adf 8cd25adf8cd25adf 8cd25adf8cd25adf 8cd25adf8cd25adf 8cd25adf8cd25adf 8cd25adf8cd25adf 8cd25adf8cd25adf 8cd25adf8cd25adf
ZMM26=174bc8aa174bc8aa 174bc8aa174bc8aa 174bc8aa174bc8aa 174bc8aa174bc8aa 174bc8aa174bc8aa 174bc8aa174bc8aa 174bc8aa174bc8aa 174bc8aa174bc8aa
ZMM27=4a43e0694a43e069 4a43e0694a43e069 4a43e0694a43e069 4a43e0694a43e069 4a43e0694a43e069 4a43e0694a43e069 4a43e0694a43e069 4a43e0694a43e069
ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=5d1600005d160000 5d1600005d160000 5d1600005d160000 5d1600005d160000 5d1600005d160000 5d1600005d160000 5d1600005d160000 5d1600005d160000
info registers vcpu 3

CPU#3
RAX=0000000000000003 RBX=ffffffff8e3bf440 RCX=0000000000000002 RDX=0000000000000000
RSI=ffffffff8bf46c20 RDI=ffffffff8bf46c60 RBP=0000000000000002 RSP=ffffc9000316f6c8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000007c16
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8b694b70 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097aec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7fa6e40 CR3=000000004aafd000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7442ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000