last executing test programs:

2m32.878203182s ago: executing program 0 (id=171):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$unix(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000000c0)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$clear(0x11, r1)
flistxattr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r3 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r3, 0x4004510d, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)

2m20.565031218s ago: executing program 0 (id=171):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$unix(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000000c0)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$clear(0x11, r1)
flistxattr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r3 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r3, 0x4004510d, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)

1m50.511333808s ago: executing program 0 (id=171):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$unix(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000000c0)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$clear(0x11, r1)
flistxattr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r3 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r3, 0x4004510d, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)

1m25.394437488s ago: executing program 0 (id=171):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$unix(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000000c0)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$clear(0x11, r1)
flistxattr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r3 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r3, 0x4004510d, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)

54.682902053s ago: executing program 0 (id=171):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$unix(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000000c0)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$clear(0x11, r1)
flistxattr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r3 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r3, 0x4004510d, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)

26.257801297s ago: executing program 0 (id=171):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$unix(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000000c0)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$clear(0x11, r1)
flistxattr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00')
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0)
mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
r3 = openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x20301, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r3, 0x4004510d, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)

8.184062735s ago: executing program 2 (id=502):
r0 = syz_usbip_server_init(0x3)
write$usbip_server(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="00000002"], 0x30)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@delqdisc={0x24, 0x25, 0x2, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x8}, {0x3, 0xd}, {0x8, 0x2}}}, 0x24}}, 0x40004)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/packet\x00')
preadv(r3, &(0x7f0000001200)=[{&(0x7f0000000000)=""/91, 0x5b}], 0x1, 0x801, 0x6)
ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000000)=0x200})
r4 = socket(0x1d, 0x2, 0x6)
memfd_create(&(0x7f0000000440)='gtp\x00', 0x2)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x6a, 0x4, 0x20000002, 0x844)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$gtp(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r6, @ANYBLOB='\a\x00', @ANYRES32, @ANYBLOB="08000400000000000c0003000000000000000100080005000000000008000100", @ANYRES32=0x0, @ANYBLOB="080002"], 0x50}}, 0x0)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f00000000c0)={<r7=>0x0, @loopback, @local}, &(0x7f0000000200)=0xc)
sendmsg$GTP_CMD_GETPDP(r4, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x38, r6, 0x800, 0x70bd2c, 0x25dfdbfd, {}, [@GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_TID={0xc, 0x3, 0x2}, @GTPA_LINK={0x8, 0x1, r7}]}, 0x38}}, 0x4000000)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, 0x0, &(0x7f0000000100))

7.210662803s ago: executing program 2 (id=504):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
bind$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)

7.161505888s ago: executing program 1 (id=505):
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000003c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5e020000", @ANYRES16=0x0, @ANYBLOB="010025bd7000fedbdf2507000000780001802c00028008000200ffff0000080002000700000008000200bae60000080003000900000008000300c87d000008000300090000000800030004000000380004001400010002004e23ac1414aa0000000000000000200002000a004e2100000003ff010000000000000000000000000001fbffffffc40004803c000780080001001e0000000800040001000000080002000900000008000200ff0f00000800020000020000080001001d00000008000100080000000900010073797a31000000000900010073797a3000000000340007800800030003000000080001000c00000008000300feffffff08000400090000000800020001800000080002000000000024000780080002000700000008000300010000000800020006000000080001000f0000001300010062726f6164636173742d6c696e6b0000ec0001800d0001007564703a73797a310000000044000400200001000a004e2000000007fc02000000000000000000000000000008000000200002000a004e2300000006ff020000000000000000000000000001d60500001200010069623a697036677265746170300000000d0001007564703a73797a300000000038000400200001000a004e210000000000000000000000000000ffff64010100018000001400020002004e230a010101000000000000000038000400200001000a004e2000000005fc010000000000000000000000000001020000001400020002004e20e0000002000000000000000034000980080001000600000008000200010000000800010007000000080002000000000008000200040000000800010003000000"], 0x270}, 0x1, 0x0, 0x0, 0x4000010}, 0x4840)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='devices.list\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc0000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000893000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f00000000c0)="0f20c06635000001000f22c00f01c36565d86b6766660f388129a5660fd9430d0f3a0fcc35f20f38f14029f20fc24686490ebc", 0x33}], 0x1, 0x8, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mount$9p_virtio(&(0x7f0000000040), 0x0, 0x0, 0x2, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x64}}, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x108)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000006340)={0x2020, 0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, r6, {0x7, 0x1f, 0x1, 0xc18da8, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r5, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4562d117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffff", 0x42}], 0x1)
syz_fuse_handle_req(r5, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x78, 0x0, 0x0, {0x0, 0x2, 0x0, {0x0, 0x4000000, 0x0, 0x100, 0x0, 0x0, 0x8000000, 0x8000, 0x200, 0x8000, 0x0, r7}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0xa4901, 0x0)
write$tcp_congestion(r9, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r9, r5)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000440))

4.583390535s ago: executing program 2 (id=508):
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, &(0x7f0000000800))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="240000002000010300000000fbdbdf2502008008000000030800000008000b00ff000000"], 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioperm(0x0, 0x8000, 0x2)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r6)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r7, 0x40045731, &(0x7f0000000140)=0x1)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r6}})
recvmsg(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000300)=@in6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000380)=""/79, 0x4f}, {&(0x7f0000000180)=""/45, 0x2d}, {&(0x7f0000000440)=""/86, 0x56}, {&(0x7f00000004c0)=""/111, 0x6f}, {&(0x7f0000000600)=""/140, 0x8c}, {&(0x7f0000000540)}], 0x6}, 0x1)

4.110420768s ago: executing program 3 (id=509):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x3, 0x5, 0x1000, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={<r3=>0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x0, @loopback={0x0, 0xac14140b}}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000300)={r3}, &(0x7f0000000240)=0x8)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1, r0}, 0xc)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004b74ffec850000006d000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000680)='virtio_transport_alloc_pkt\x00', r4}, 0x10)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r5, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
connect$vsock_stream(r6, &(0x7f0000000000)={0x28, 0x0, 0x8f9528c031f672d5, @my=0x0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000004000000000000000003000000000000000600000000000000020000000000000000000000100200000000"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
openat$hpet(0xffffff9c, &(0x7f0000000040), 0x2200, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x20, 0x0, "7f12ddb357f7adf97affffffff7d1800"})
syz_open_pts(r7, 0x0)
r8 = ioctl$TIOCGPTPEER(r7, 0x5441, 0x0)
close(r8)
r9 = openat$dsp(0xffffff9c, &(0x7f0000000000), 0x200040, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r9, 0x660c)

3.867399825s ago: executing program 1 (id=510):
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x32d181)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4533, 0x10100, 0x0, 0x800000}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000380)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x12, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="19000000040000000800000003"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r6, @ANYRESOCT=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0xda, &(0x7f0000000440)=ANY=[@ANYBLOB="00aaaaaaaaaa0000000000000800450000cc000000000001907864010100ac1414aa0b009078032c00004b000000000000000089000000000000ac1414aa862a00000000000d5e000000ff00000000000400054eb8a600129606053d0006ff00800000b61af93a93831300ac1414247f00000100000000e000000286540000000000074b6cefc500000cdf61168c24ac88ad078c00122189ea43e2149b8444a30300505c09a00012ffd13634eea26b0faffa0dea2e903528060902a20948fd7406070eccf0294e2a3bdb4aa40b249e44040000000000a815a23d364400138ee5348a1e298267bac0dfb9eaec7ac9e5ffb07a04470ea171b13aac0ac2b6d73f51cf2d806d3e08b73139e8701dcb51e93ae16f3f1baafa72ad59fe642cb9aca2d94e9582bd3f5ed048fccdbf7b34da7c154523bf7c32999deb39674036ae0fb18c01f1eb6ff05f0c6fe06adc81eee2c5ef61536d60b3a06bfc6bc2ad9f71010f6e"], 0x0)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x14, r9, 0x1, 0x0, 0xfffffffd, {0x3}}, 0x14}}, 0x0)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
r11 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x286}, &(0x7f0000000000)=<r12=>0x0, &(0x7f0000000280)=<r13=>0x0)
setresgid(0xee00, 0xee01, 0x0)
setregid(0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r11, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r10, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}})
io_uring_enter(r11, 0x3516, 0x0, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))

3.679339967s ago: executing program 3 (id=511):
r0 = fsopen(&(0x7f0000000380)='nfsd\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000080)='nfsd\x00', 0xc, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="01000000030000000200000004"], 0x48)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000000)={'syztnl1\x00', <r2=>0x0, 0x2f, 0x3, 0x7, 0x10, 0x0, @loopback, @empty, 0x7, 0x40, 0x7149, 0x7f}})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, r1, 0x2, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$packet(0x11, 0x3, 0x300)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x300, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xe803}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)
close(0x3)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x8, [@union={0x1, 0x4, 0x0, 0x5, 0x0, 0x53, [{0xb, 0x4, 0x8}, {0x9, 0x1}, {0x6, 0x2, 0x754677bb}, {0xb, 0x5, 0x5}]}]}, {0x0, [0x30, 0x5f, 0x30, 0x61, 0x41, 0x2e]}}, &(0x7f0000000580)=""/165, 0x5c, 0xa5, 0x0, 0x4879, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x8, 0x3, 0xf1e, 0x20000, r3, 0x9, '\x00', r2, r6, 0x3, 0x2, 0x2, 0x4, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000008900000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000007500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000100), 0x1001)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000ac0)='mm_page_free_batched\x00', r7}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000006f80)=ANY=[@ANYBLOB="a03700002d00010026bdc03090199eb47000fcdbdf250400", @ANYRES32, @ANYBLOB="81120c"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

3.445363485s ago: executing program 2 (id=512):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0xfffffffe, 0x10000000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)

3.132482223s ago: executing program 1 (id=513):
creat(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74)
syz_io_uring_setup(0x3546, &(0x7f0000000300)={0x0, 0x400, 0x1, 0x1000001, 0xf7fffffc}, &(0x7f0000000180), &(0x7f0000000200))
socket$inet6(0xa, 0x3, 0x5)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x891c, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x100)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000001280), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r3, &(0x7f0000001380)={0x0, 0xf000, &(0x7f00000013c0)={&(0x7f0000000180)={0x28, r4, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x40000c2}, 0x800c016)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)

2.567287845s ago: executing program 3 (id=514):
accept4$unix(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x6e, 0x80800)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000042c0)={0xb4, r1, 0x1, 0x70bd2a, 0x0, {0x1a}, [@HEADER={0x4}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x200408d0}, 0x240000d0)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff})
read$FUSE(r2, &(0x7f0000000540)={0x2020}, 0x2020)
syz_emit_vhci(&(0x7f0000004200)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1a}, @l2cap_cid_le_signaling={{0x16}, @l2cap_ecred_conn_req={{0x17, 0x4, 0x12}, {0x9, 0xffc0, 0x3, 0x8, [0x8, 0xff, 0x1, 0x63, 0x100]}}}}, 0x1f)

2.071966838s ago: executing program 1 (id=515):
mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x5, 0x0)
mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
ioctl$TIOCGSERIAL(r2, 0x541e, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/152})
r3 = openat$drirender128(0xffffff9c, &(0x7f0000000240), 0xa00, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x8, 0x7, 0x2})
statx(r2, &(0x7f00000002c0)='./file0\x00', 0x2000, 0x81, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
fchown(r1, 0x0, r4)
mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000400)='./cgroup/syz1\x00', 0x1ff)
openat$dma_heap(0xffffff9c, &(0x7f0000000440), 0x442480, 0x0)
r5 = fcntl$getown(r1, 0x9)
sched_setscheduler(r5, 0x7, &(0x7f0000000480)=0x3)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0xe, 0x4, 0x3a4, 0xffffffff, 0xc0, 0x0, 0x210, 0xffffffff, 0xffffffff, 0x310, 0x310, 0x310, 0xffffffff, 0x4, &(0x7f00000004c0), {[{{@ip={@private=0xa010102, @local, 0x0, 0xff000000, 'veth1_to_bond\x00', 'tunl0\x00', {}, {}, 0x73, 0x2, 0x19}, 0x0, 0x9c, 0xc0, 0x0, {}, [@common=@addrtype={{0x2c}, {0x100, 0x205, 0x1}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x1}}}, {{@ip={@local, @dev={0xac, 0x14, 0x14, 0x1e}, 0xff000000, 0xffffffff, 'team0\x00', 'ip6gretap0\x00', {0xff}, {0xff}, 0x6, 0x3, 0x48}, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x4, 0x4, 0x2, 0x6, 0x0, 0x3]}}}, @common=@set={{0x40}, {{0x4, [0x4, 0x0, 0x4, 0x0, 0x0, 0x1], 0x6, 0x2}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x4, 0x4, 0x7, 0x1, 0x8, 0x1], 0x3, 0x7}, {0x0, [0x0, 0x6, 0x0, 0x7, 0x5], 0x0, 0x5}}}}, {{@ip={@multicast2, @local, 0xff000000, 0xffffffff, 'veth0\x00', 'syzkaller0\x00', {}, {}, 0x5c}, 0x0, 0xdc, 0x100, 0x0, {}, [@common=@ah={{0x2c}, {[0x80000000, 0x2], 0x1}}, @common=@set={{0x40}, {{0xffffffffffffffff, [0x6, 0x2, 0x7, 0x4, 0x0, 0x2], 0x3}}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x400)
openat$cgroup_root(0xffffff9c, &(0x7f0000000900)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, r5, 0x2, &(0x7f0000000940))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)={0x1b, 0x0, 0x0, 0xf, 0x0, r2, 0x6829, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
openat$cgroup_root(0xffffff9c, &(0x7f0000000a00)='./cgroup/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000a40)='./cgroup/syz0\x00', 0x1ff)
getsockname(r2, &(0x7f0000000a80)=@ethernet={0x0, @link_local}, &(0x7f0000000b00)=0x80)
r6 = openat$sw_sync(0xffffff9c, &(0x7f0000000b40), 0x18180, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000b80)={0x6, "8fca9a33ca3972ccbbddde38a4d9cb4af2ea9cd591e810b2945f7069e3dc0fef"})
r7 = syz_io_uring_complete(0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000c40)=@nat={'nat\x00', 0x1b, 0x5, 0x5d4, 0x1d8, 0x1d8, 0xffffffff, 0xec, 0x420, 0x50c, 0x50c, 0xffffffff, 0x50c, 0x50c, 0x5, &(0x7f0000000bc0), {[{{@uncond, 0x0, 0xa4, 0xec}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xd, @ipv4=@multicast1, @ipv6=@remote, @port=0x4e24, @port=0x4e21}}}, {{@uncond, 0x0, 0xa4, 0xec}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@multicast1, @ipv6=@mcast2, @icmp_id=0x67, @port=0x4e20}}}, {{@uncond, 0x0, 0x200, 0x248, 0x0, {}, [@common=@mh={{0x24}, {"a027"}}, @common=@rt={{0x138}, {0x4, [0x2, 0x1], 0x3, 0x1, 0x2, [@mcast1, @mcast1, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, @ipv4={'\x00', '\xff\xff', @remote}, @loopback, @private0, @dev={0xfe, 0x80, '\x00', 0x41}, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x14}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, @ipv4={'\x00', '\xff\xff', @loopback}, @private0], 0x6}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@rand_addr=0x64010100, 'xfrm0\x00', {0x375a}}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @private1, [0xff000000, 0xffffff00, 0xff000000, 0xffffffff], [0xffffff00, 0xffffff00, 0xffffff00, 0xff], 'nr0\x00', 'bridge_slave_1\x00', {0xff}, {}, 0x2c, 0xf7, 0x2, 0x12}, 0x0, 0xa4, 0xec}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x1d7d28f118b3d711, @ipv4=@multicast2, @ipv4=@multicast2, @port=0x4e24, @port=0x4e20}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x630)
fsetxattr$security_evm(r3, &(0x7f0000001280), &(0x7f00000012c0)=@ng={0x4, 0x10, "f1091591a38c3db8ec3913096e25"}, 0x10, 0x1)
ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r7, 0xf505, 0x0)
fcntl$lock(r7, 0x5, &(0x7f0000001300)={0x3, 0x0, 0x9, 0xe38, r5})
openat$fuse(0xffffff9c, &(0x7f0000001340), 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000013c0)=@filter={'filter\x00', 0xe, 0x4, 0x328, 0xffffffff, 0x1b8, 0x1b8, 0xf8, 0xffffffff, 0xffffffff, 0x294, 0x294, 0x294, 0xffffffff, 0x4, &(0x7f0000001380), {[{{@uncond, 0x0, 0xd4, 0xf8, 0x0, {}, [@common=@unspec=@physdev={{0x64}, {'batadv_slave_0\x00', {}, 'ipvlan1\x00', {0xff}}}]}, @REJECT={0x24}}, {{@uncond, 0x0, 0x9c, 0xc0, 0x0, {}, [@common=@unspec=@mark={{0x2c}, {0xb, 0x5}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}, {{@ip={@rand_addr=0x64010102, @private=0xa010100, 0xffffffff, 0xffffffff, 'team_slave_1\x00', 'xfrm0\x00', {}, {0xff}, 0x84, 0x2, 0x6c}, 0x0, 0xb8, 0xdc, 0x0, {}, [@common=@inet=@tos={{0x24}, {0x0, 0x8}}, @common=@ttl={{0x24}, {0x1, 0x4}}]}, @REJECT={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x384)

1.827377914s ago: executing program 2 (id=516):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x50c}], 0x1, 0x0, 0x80fe, 0x2c}, 0x44004)

1.741335285s ago: executing program 1 (id=517):
open$dir(&(0x7f0000000000)='./file0\x00', 0x4180, 0x60)
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$inet6(0xa, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r2, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)={0x184, 0x12, 0x400, 0x70bd2c, 0x25dfdbfe, {0x11}, [@nested={0x102, 0x103, 0x0, 0x1, [@generic="ad2934d79732bc8fffd0ff59bf526867ff4ca6946038317650785b889d9f45fad57d438bf64d8c2a8141aed4aff102d6d7fe0707bc6d035cfefdcefc5f9b38c7877cf479b1a375db0d976272", @nested={0x4, 0xb8}, @generic="3110d18626ac0b9ac6b33bab1d3220691cc95f4e97f33f17bae0061fce7e3eb8636c9c9d7e9db1250d4dc954650b47cf893b957f87c29dc0bd8dcd21f9faf953843816f8f2", @generic="7a82cf62c986a1416b72f3df83e7f41fbca31e0e406e131789cf24c1bcba18462387b8472425c9b7f24d7675be02c36173c49c1074f86b911930f0de087356138302796238a1c6bb1f37ccc0721488832d726499a1415d52ae", @typed={0xb, 0xeb, 0x0, 0x0, @str='nicvf0\x00'}, @nested={0x4, 0x80}]}, @generic="3de4b070b8c846c58a7d4828192bb638a7371b8bbada62bc351718cb59651fbcb406d3bea08828c036c1b5e11938a9ca793004300f46aba1d32706fa7e1f851816f3716ee42be29eaf22ab9ba5efb43cbe2015d8a22bd5af59dd7d97076654d8d5fb5ad69e35f8f12dc152"]}, 0x184}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
r3 = socket(0x21, 0x2, 0x10000000000002)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f00000016c0)=0x7, 0x4)
getpid()
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe42, 0xf0, 0x8, 0x0, 0x0}}, 0x10)
r4 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000080)={'nicvf0\x00', 0x400})
ioctl$TUNSETTXFILTER(r4, 0x401054d5, &(0x7f0000000380)=ANY=[@ANYBLOB="4504"])
r5 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
recvmmsg(r3, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0)

1.623988896s ago: executing program 2 (id=518):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0300000004000000040000000200020000000000", @ANYRES32, @ANYBLOB="000000000000fba8c4d69f40001a00000000090000000e1ef759612f742576783b359f0000002e50559a94", @ANYRES32=0x0, @ANYBLOB="000000000200"/28], 0x50)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = syz_io_uring_setup(0x4e3, &(0x7f0000000480)={0x0, 0x938c, 0x10100}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x708, 0x41e3, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)

1.490471128s ago: executing program 3 (id=519):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x3, 0x4010, r1, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r1, 0x5008, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/24], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'vlan0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0xf, '\x00', r4, 0xffffffffffffffff, 0x4, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={r5, &(0x7f0000000180)="7182b645d034c8946ed1f84d1fd760fbe2a5df542dc419b19e1fa94cf31fdfc17cfe6f2a", &(0x7f00000001c0)=""/62}, 0x1c)
close(r3)
ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="0200"})

1.304851148s ago: executing program 3 (id=520):
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, &(0x7f0000000800))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="240000002000010300000000fbdbdf2502008008000000030800000008000b00ff000000"], 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioperm(0x0, 0x8000, 0x2)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r6)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r7, 0x40045731, &(0x7f0000000140)=0x1)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r6}})
recvmsg(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000300)=@in6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000380)=""/79, 0x4f}, {&(0x7f0000000180)=""/45, 0x2d}, {&(0x7f0000000440)=""/86, 0x56}, {&(0x7f00000004c0)=""/111, 0x6f}, {&(0x7f0000000600)=""/140, 0x8c}, {&(0x7f0000000540)}], 0x6}, 0x1)

183.479555ms ago: executing program 3 (id=521):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x82, 0x0)
r1 = dup(0xffffffffffffffff)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r1, 0x8004510b, &(0x7f0000000240))
writev(r0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x8, 0x0, 0xb}}, 0x1c}, 0x1, 0x0, 0x0, 0x2004c044}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
socket$inet_tcp(0x2, 0x1, 0x0)
io_submit(0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8003, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xff7fff01, 0x6, 0x3, 0x7, 0x7, 0x4, 0x0, 0x7, 0x3c5e, 0x1, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0xffffebf2, 0x7, 0x3, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xb, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8e, 0x2, 0x106, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x9, 0x0, 0x5, 0x2006, 0x8, 0x4000074, 0x1, 0xe], [0x10000007, 0x9, 0x8000012f, 0x100, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0x384, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x4007, 0x7fff, 0x6, 0x400, 0x401, 0x4, 0x1, 0xff, 0x5, 0x7, 0x5f31, 0xd, 0x4e0, 0x80000002, 0x4, 0xb, 0x4, 0x5662, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x80, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x80b, 0x4, 0x5, 0x800, 0x0, 0x4d4, 0x5, 0x8, 0x86, 0x3, 0xcc, 0x3e7, 0xb, 0x5, 0x2, 0x6, 0x3, 0x2000000b, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0x10000ac8, 0xbf, 0x2, 0x3, 0x3, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x7, 0x120000, 0x3, 0x6, 0x712, 0xc, 0x25], [0x9, 0xbb35, 0x7b304120, 0x3ff, 0x5, 0x938, 0x6, 0x6, 0x0, 0x8, 0x7f, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x3f51, 0x4, 0x1, 0xffff, 0xa620, 0x1, 0x5, 0x2000001, 0x2000002, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0x9, 0x3, 0x7e, 0x100, 0xa, 0x7, 0xaf, 0x8, 0xa, 0x226, 0x5, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x6, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x1000d5, 0x200, 0x9, 0xfff]}, 0x45c)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r4, 0x80047458, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
socket(0x15, 0x4, 0xffffbfff)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020e0000150000000000000000000000030005000000000002004e24ac1e00010000000000000000030006003c000000020000fc34000000000000000000000001001800000000000800120000000200fcffffff0000000006003300000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000040003"], 0xa8}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x3ef, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200401, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d6673"])

0s ago: executing program 1 (id=522):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x8, 0x252}]}, 0x8) (fail_nth: 8)

kernel console output (not intermixed with test programs):

_cache_noprof+0x6a/0x3e0
[   79.963897][ T6971]  ? snd_seq_oss_open+0x55/0xa20
[   79.963911][ T6971]  snd_seq_oss_open+0x55/0xa20
[   79.963926][ T6971]  odev_open+0x6f/0x90
[   79.963936][ T6971]  ? __pfx_odev_open+0x10/0x10
[   79.963947][ T6971]  soundcore_open+0x409/0x580
[   79.963959][ T6971]  ? __pfx_soundcore_open+0x10/0x10
[   79.963970][ T6971]  chrdev_open+0x231/0x6a0
[   79.963981][ T6971]  ? __pfx_chrdev_open+0x10/0x10
[   79.963992][ T6971]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[   79.964009][ T6971]  do_dentry_open+0x741/0x1c10
[   79.964019][ T6971]  ? __pfx_chrdev_open+0x10/0x10
[   79.964031][ T6971]  vfs_open+0x82/0x3f0
[   79.964045][ T6971]  path_openat+0x1e5e/0x2d40
[   79.964059][ T6971]  ? __pfx_path_openat+0x10/0x10
[   79.964071][ T6971]  do_filp_open+0x20b/0x470
[   79.964080][ T6971]  ? __pfx_do_filp_open+0x10/0x10
[   79.964098][ T6971]  ? alloc_fd+0x471/0x7d0
[   79.964116][ T6971]  do_sys_openat2+0x11b/0x1d0
[   79.964129][ T6971]  ? __pfx_do_sys_openat2+0x10/0x10
[   79.964143][ T6971]  ? __fget_files+0x20e/0x3c0
[   79.964159][ T6971]  __ia32_compat_sys_openat+0x16d/0x210
[   79.964173][ T6971]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[   79.964186][ T6971]  ? ksys_write+0x1b9/0x240
[   79.964196][ T6971]  ? rcu_is_watching+0x12/0xc0
[   79.964208][ T6971]  __do_fast_syscall_32+0x73/0x120
[   79.964222][ T6971]  do_fast_syscall_32+0x32/0x80
[   79.964235][ T6971]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   79.964247][ T6971] RIP: 0023:0xf7f61579
[   79.964255][ T6971] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   79.964264][ T6971] RSP: 002b:00000000f506555c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[   79.964273][ T6971] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000
[   79.964279][ T6971] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[   79.964284][ T6971] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   79.964289][ T6971] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   79.964295][ T6971] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   79.964307][ T6971]  </TASK>
[   80.387452][ T6858] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.416973][ T6858] veth0_vlan: entered promiscuous mode
[   80.424049][ T6858] veth1_vlan: entered promiscuous mode
[   80.442571][ T6858] veth0_macvtap: entered promiscuous mode
[   80.446538][ T6858] veth1_macvtap: entered promiscuous mode
[   80.459188][ T6858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.468068][ T6858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.473714][ T6858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.482035][ T6858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.494080][ T6858] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.505562][ T6858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.520231][ T6858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.529145][ T6858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.548866][ T6858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.553385][ T6858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.557788][ T6858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.574152][ T6858] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.585648][ T6858] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.588880][ T6858] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.591815][ T6858] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.594501][ T6858] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.657216][   T94] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.667911][   T94] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.697559][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.703769][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.151791][ T1017] cfg80211: failed to load regulatory.db
[   82.560192][   T94] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.714027][ T7039] netlink: 4 bytes leftover after parsing attributes in process `syz.1.199'.
[   82.719635][ T7039] bond_slave_1: Device is already in use.
[   82.829788][ T5938] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   82.833503][ T5938] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   82.836913][ T5938] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   82.851844][ T5938] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   82.855489][ T5938] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   82.897034][ T7049] sp0: Synchronizing with TNC
[   83.013664][ T7043] chnl_net:caif_netlink_parms(): no params data found
[   83.239941][ T7043] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.242196][ T7043] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.244475][ T7043] bridge_slave_0: entered allmulticast mode
[   83.249286][ T7043] bridge_slave_0: entered promiscuous mode
[   83.263286][ T7043] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.265576][ T7043] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.268821][ T7043] bridge_slave_1: entered allmulticast mode
[   83.272811][ T7043] bridge_slave_1: entered promiscuous mode
[   83.358445][ T7066] input: syz0 as /devices/virtual/input/input11
[   83.361000][ T7043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.379601][ T7043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.503059][ T7043] team0: Port device team_slave_0 added
[   83.506520][ T7043] team0: Port device team_slave_1 added
[   83.591464][ T7043] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.593673][ T7043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.602090][ T7043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.606661][ T7043] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.609228][ T7043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.617508][ T7043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.660333][ T7043] hsr_slave_0: entered promiscuous mode
[   83.662569][ T7043] hsr_slave_1: entered promiscuous mode
[   83.664647][ T7043] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   83.667047][ T7043] Cannot create hsr debugfs directory
[   84.088461][ T7078] netlink: 'syz.2.209': attribute type 3 has an invalid length.
[   84.091271][ T7078] netlink: 'syz.2.209': attribute type 1 has an invalid length.
[   84.093638][ T7078] netlink: 220 bytes leftover after parsing attributes in process `syz.2.209'.
[   84.254530][   T94] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.343251][   T94] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.475261][   T94] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.500629][ T7087] bridge0: entered promiscuous mode
[   84.503265][ T7087] macvlan2: entered promiscuous mode
[   84.590872][   T94] bridge_slave_1: left allmulticast mode
[   84.592768][   T94] bridge_slave_1: left promiscuous mode
[   84.594954][   T94] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.603269][   T94] bridge_slave_0: left allmulticast mode
[   84.605113][   T94] bridge_slave_0: left promiscuous mode
[   84.607398][   T94] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.857236][   T94] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   84.863046][   T94] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   84.867462][   T94] bond0 (unregistering): Released all slaves
[   84.908163][ T5941] Bluetooth: hci1: command tx timeout
[   85.238104][ T7104] FAULT_INJECTION: forcing a failure.
[   85.238104][ T7104] name failslab, interval 1, probability 0, space 0, times 0
[   85.242624][ T7104] CPU: 3 UID: 0 PID: 7104 Comm: syz.1.215 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[   85.242644][ T7104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.242653][ T7104] Call Trace:
[   85.242659][ T7104]  <TASK>
[   85.242665][ T7104]  dump_stack_lvl+0x16c/0x1f0
[   85.242689][ T7104]  should_fail_ex+0x512/0x640
[   85.242717][ T7104]  should_failslab+0xc2/0x120
[   85.242735][ T7104]  kmem_cache_alloc_noprof+0x6d/0x3b0
[   85.242753][ T7104]  ? skb_clone+0x190/0x3f0
[   85.242772][ T7104]  skb_clone+0x190/0x3f0
[   85.242789][ T7104]  netlink_deliver_tap+0xabd/0xd30
[   85.242811][ T7104]  netlink_unicast+0x5df/0x7f0
[   85.242830][ T7104]  ? __pfx_netlink_unicast+0x10/0x10
[   85.242853][ T7104]  netlink_sendmsg+0x8d1/0xdd0
[   85.242874][ T7104]  ? __pfx_netlink_sendmsg+0x10/0x10
[   85.242893][ T7104]  ? __import_iovec+0x1c8/0x660
[   85.242920][ T7104]  ____sys_sendmsg+0xa95/0xc70
[   85.242943][ T7104]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.242961][ T7104]  ? get_compat_msghdr+0x11a/0x170
[   85.242986][ T7104]  ___sys_sendmsg+0x134/0x1d0
[   85.243003][ T7104]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.243046][ T7104]  __sys_sendmsg+0x16d/0x220
[   85.243063][ T7104]  ? __pfx___sys_sendmsg+0x10/0x10
[   85.243087][ T7104]  ? rcu_is_watching+0x12/0xc0
[   85.243105][ T7104]  __do_fast_syscall_32+0x73/0x120
[   85.243126][ T7104]  do_fast_syscall_32+0x32/0x80
[   85.243145][ T7104]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   85.243184][ T7104] RIP: 0023:0xf703e579
[   85.243197][ T7104] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   85.243210][ T7104] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   85.243223][ T7104] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000940
[   85.243232][ T7104] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   85.243238][ T7104] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   85.243243][ T7104] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   85.243248][ T7104] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   85.243260][ T7104]  </TASK>
[   85.456132][   T94] hsr_slave_0: left promiscuous mode
[   85.461772][   T94] hsr_slave_1: left promiscuous mode
[   85.464638][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.467642][   T94] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.473102][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.476795][   T94] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.513809][   T94] veth1_macvtap: left promiscuous mode
[   85.516220][   T94] veth0_macvtap: left promiscuous mode
[   85.524876][   T94] veth1_vlan: left promiscuous mode
[   85.527197][   T94] veth0_vlan: left promiscuous mode
[   86.105340][   T40] audit: type=1326 audit(1746255386.116:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7106 comm="syz.1.217" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x0
[   86.307067][   T94] team0 (unregistering): Port device team_slave_1 removed
[   86.563770][   T94] team0 (unregistering): Port device team_slave_0 removed
[   86.987848][ T7117] netlink: 96 bytes leftover after parsing attributes in process `syz.3.216'.
[   86.988537][ T5941] Bluetooth: hci1: command tx timeout
[   87.050654][ T7043] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.100326][ T7043] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.170396][ T7043] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.189413][ T7043] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.493412][ T7043] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.504924][ T7043] 8021q: adding VLAN 0 to HW filter on device team0
[   87.511097][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.513356][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.519452][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.521707][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.607175][ T7139] vlan2: entered allmulticast mode
[   87.609881][ T7139] bond0: entered allmulticast mode
[   87.617343][ T7139] bond_slave_0: entered allmulticast mode
[   87.643403][ T7139] bond_slave_1: entered allmulticast mode
[   87.996498][ T7043] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.026079][ T7043] veth0_vlan: entered promiscuous mode
[   88.038577][ T7043] veth1_vlan: entered promiscuous mode
[   88.053615][ T7043] veth0_macvtap: entered promiscuous mode
[   88.057375][ T7043] veth1_macvtap: entered promiscuous mode
[   88.066243][ T7043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   88.070363][ T7043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.074347][ T7043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   88.079296][ T7043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.085142][ T7043] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.102691][ T7043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   88.107061][ T7043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.113107][ T7043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   88.117527][ T7043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.127027][ T7043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   88.133532][ T7043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   88.140370][ T7043] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.150046][ T7043] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.153403][ T7043] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.156813][ T7043] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.168005][ T7043] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.210069][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.216197][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.239034][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.241385][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.423515][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.426199][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.435007][ T7158] bridge1: entered promiscuous mode
[   88.436849][ T7158] bridge1: entered allmulticast mode
[   88.441623][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.444518][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.447414][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.450663][ T7158] capability: warning: `syz.2.227' uses 32-bit capabilities (legacy support in use)
[   88.454633][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.457174][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.460004][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.462493][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.465068][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.467939][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.470678][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.473317][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.475627][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.478072][ T1017] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0
[   88.485405][ T1017] hid-generic 00A0:0006:0003.0002: hidraw1: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[   88.524004][ T7160] bridge0: port 4(vlan2) entered blocking state
[   88.526046][ T7160] bridge0: port 4(vlan2) entered disabled state
[   88.529754][ T7160] vlan2: entered allmulticast mode
[   88.531496][ T7160] bridge0: entered allmulticast mode
[   88.541431][ T7160] vlan2: left allmulticast mode
[   88.543515][ T7160] bridge0: left allmulticast mode
[   88.978255][ T7175] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[   89.869474][ T7186] FAULT_INJECTION: forcing a failure.
[   89.869474][ T7186] name failslab, interval 1, probability 0, space 0, times 0
[   89.873429][ T7186] CPU: 0 UID: 0 PID: 7186 Comm: syz.2.237 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[   89.873442][ T7186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.873448][ T7186] Call Trace:
[   89.873452][ T7186]  <TASK>
[   89.873456][ T7186]  dump_stack_lvl+0x16c/0x1f0
[   89.873472][ T7186]  should_fail_ex+0x512/0x640
[   89.873486][ T7186]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[   89.873499][ T7186]  should_failslab+0xc2/0x120
[   89.873510][ T7186]  kmem_cache_alloc_noprof+0x6d/0x3b0
[   89.873521][ T7186]  ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[   89.873535][ T7186]  radix_tree_node_alloc.constprop.0+0x7c/0x350
[   89.873548][ T7186]  idr_get_free+0x528/0xa30
[   89.873564][ T7186]  idr_alloc_u32+0x190/0x2f0
[   89.873577][ T7186]  ? __pfx_idr_alloc_u32+0x10/0x10
[   89.873594][ T7186]  tcf_idr_check_alloc+0x136/0x770
[   89.873608][ T7186]  ? find_held_lock+0x2b/0x80
[   89.873618][ T7186]  ? __pfx_tcf_idr_check_alloc+0x10/0x10
[   89.873632][ T7186]  ? __nla_parse+0x40/0x60
[   89.873643][ T7186]  tcf_mirred_init+0x1fc/0xee0
[   89.873655][ T7186]  ? __pfx_tcf_mirred_init+0x10/0x10
[   89.873669][ T7186]  ? __asan_memcpy+0x3c/0x60
[   89.873686][ T7186]  tcf_action_init_1+0x45d/0x6c0
[   89.873701][ T7186]  ? __pfx_tcf_action_init_1+0x10/0x10
[   89.873722][ T7186]  ? __nla_parse+0x40/0x60
[   89.873732][ T7186]  tcf_action_init+0x42c/0x9c0
[   89.873751][ T7186]  ? __pfx_tcf_action_init+0x10/0x10
[   89.873764][ T7186]  ? lock_acquire+0x179/0x350
[   89.873786][ T7186]  ? kernel_text_address+0x8d/0x100
[   89.873801][ T7186]  ? __kernel_text_address+0xd/0x40
[   89.873815][ T7186]  ? unwind_get_return_address+0x59/0xa0
[   89.873838][ T7186]  ? kasan_save_stack+0x42/0x60
[   89.873847][ T7186]  ? kasan_save_stack+0x33/0x60
[   89.873856][ T7186]  ? kasan_save_track+0x14/0x30
[   89.873864][ T7186]  ? kasan_save_free_info+0x3b/0x60
[   89.873877][ T7186]  ? __kasan_slab_free+0x51/0x70
[   89.873889][ T7186]  tcf_action_add+0xee/0x5c0
[   89.873904][ T7186]  ? __pfx_tcf_action_add+0x10/0x10
[   89.873938][ T7186]  ? __nla_parse+0x40/0x60
[   89.873949][ T7186]  tc_ctl_action+0x35b/0x470
[   89.873963][ T7186]  ? __pfx_tc_ctl_action+0x10/0x10
[   89.873981][ T7186]  ? __pfx_tc_ctl_action+0x10/0x10
[   89.873996][ T7186]  rtnetlink_rcv_msg+0x3c6/0xe90
[   89.874008][ T7186]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   89.874026][ T7186]  netlink_rcv_skb+0x16a/0x440
[   89.874037][ T7186]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   89.874049][ T7186]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   89.874068][ T7186]  ? netlink_deliver_tap+0x1ae/0xd30
[   89.874081][ T7186]  netlink_unicast+0x53a/0x7f0
[   89.874093][ T7186]  ? __pfx_netlink_unicast+0x10/0x10
[   89.874108][ T7186]  netlink_sendmsg+0x8d1/0xdd0
[   89.874121][ T7186]  ? __pfx_netlink_sendmsg+0x10/0x10
[   89.874133][ T7186]  ? __import_iovec+0x1c8/0x660
[   89.874151][ T7186]  ____sys_sendmsg+0xa95/0xc70
[   89.874165][ T7186]  ? __pfx_____sys_sendmsg+0x10/0x10
[   89.874178][ T7186]  ? get_compat_msghdr+0x11a/0x170
[   89.874193][ T7186]  ___sys_sendmsg+0x134/0x1d0
[   89.874204][ T7186]  ? __pfx____sys_sendmsg+0x10/0x10
[   89.874231][ T7186]  __sys_sendmsg+0x16d/0x220
[   89.874241][ T7186]  ? __pfx___sys_sendmsg+0x10/0x10
[   89.874251][ T7186]  ? __pfx_bpf_trace_run2+0x10/0x10
[   89.874266][ T7186]  ? syscall_trace_enter+0x1cb/0x260
[   89.874281][ T7186]  ? rcu_is_watching+0x12/0xc0
[   89.874291][ T7186]  __do_fast_syscall_32+0x73/0x120
[   89.874305][ T7186]  do_fast_syscall_32+0x32/0x80
[   89.874318][ T7186]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   89.874334][ T7186] RIP: 0023:0xf7f72579
[   89.874342][ T7186] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   89.874351][ T7186] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   89.874360][ T7186] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0
[   89.874366][ T7186] RDX: 0000000024008844 RSI: 0000000000000000 RDI: 0000000000000000
[   89.874371][ T7186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   89.874376][ T7186] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   89.874381][ T7186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   89.874394][ T7186]  </TASK>
[   89.950716][ T7188] netlink: 12 bytes leftover after parsing attributes in process `syz.1.238'.
[   90.126894][ T7195] fuse: Unknown parameter '^Ž³ÍKƒØi '
[   90.663623][ T1137] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.192667][ T5938] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   91.196166][ T5938] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   91.199166][ T5938] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   91.218862][ T5938] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   91.222403][ T5938] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   91.519508][ T7193] kexec: Could not allocate control_code_buffer
[   91.522052][ T7210] chnl_net:caif_netlink_parms(): no params data found
[   91.648483][ T1934] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[   91.666366][ T7210] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.674249][ T7210] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.678427][ T7210] bridge_slave_0: entered allmulticast mode
[   91.683428][ T7210] bridge_slave_0: entered promiscuous mode
[   91.687762][ T7210] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.691787][ T7210] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.694641][ T7210] bridge_slave_1: entered allmulticast mode
[   91.697703][ T7210] bridge_slave_1: entered promiscuous mode
[   91.749738][ T7210] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.759266][ T7210] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.810454][ T1934] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   91.813252][ T1934] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   91.816333][ T1934] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   91.819210][ T1934] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   91.824586][ T1934] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   91.830517][ T1934] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   91.833491][ T1934] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   91.836313][ T1934] usb 8-1: Product: syz
[   91.837871][ T1934] usb 8-1: Manufacturer: syz
[   91.849059][ T1934] cdc_wdm 8-1:1.0: skipping garbage
[   91.853946][ T1934] cdc_wdm 8-1:1.0: skipping garbage
[   91.860820][ T1934] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[   91.863481][ T1934] cdc_wdm 8-1:1.0: Unknown control protocol
[   91.869192][ T7210] team0: Port device team_slave_0 added
[   91.878672][ T7226] netlink: 8 bytes leftover after parsing attributes in process `syz.1.246'.
[   91.884024][ T7210] team0: Port device team_slave_1 added
[   91.926603][ T7210] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.929006][ T7210] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.940557][ T7210] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.944827][ T7210] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.947051][ T7210] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.957389][ T7210] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.009212][ T7230] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[   92.025138][ T7230] bridge0: port 3(vlan3) entered blocking state
[   92.027505][ T7230] bridge0: port 3(vlan3) entered disabled state
[   92.029846][ T7230] vlan3: entered allmulticast mode
[   92.031599][ T7230] bridge0: entered allmulticast mode
[   92.034519][ T7230] vlan3: left allmulticast mode
[   92.036155][ T7230] bridge0: left allmulticast mode
[   92.045254][ T7210] hsr_slave_0: entered promiscuous mode
[   92.047469][ T7210] hsr_slave_1: entered promiscuous mode
[   92.051402][ T7210] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.053746][ T7210] Cannot create hsr debugfs directory
[   92.205539][ T7237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.248'.
[   92.210568][ T7237] nbd: must specify at least one socket
[   92.542074][ T1137] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.596891][ T1137] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.691074][ T1137] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.846870][ T1137] bridge_slave_1: left allmulticast mode
[   92.852121][ T1137] bridge_slave_1: left promiscuous mode
[   92.856287][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.865251][ T1137] bridge_slave_0: left allmulticast mode
[   92.870497][ T1137] bridge_slave_0: left promiscuous mode
[   92.873993][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.077602][ T1017] usb 8-1: USB disconnect, device number 4
[   93.192035][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   93.196572][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   93.200456][ T1137] bond0 (unregistering): Released all slaves
[   93.318133][ T5941] Bluetooth: hci1: command tx timeout
[   93.340934][ T7253] input: syz0 as /devices/virtual/input/input12
[   93.409222][ T1017] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[   93.564410][ T1017] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   93.567270][ T1017] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   93.577391][ T1017] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   93.587517][ T1017] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   93.592289][ T1017] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   93.599449][ T1017] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   93.602261][ T1017] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   93.604751][ T1017] usb 8-1: Product: syz
[   93.606071][ T1017] usb 8-1: Manufacturer: syz
[   93.623784][ T1017] cdc_wdm 8-1:1.0: skipping garbage
[   93.625424][ T1017] cdc_wdm 8-1:1.0: skipping garbage
[   93.632662][ T1017] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[   93.634520][ T1017] cdc_wdm 8-1:1.0: Unknown control protocol
[   93.745538][ T1137] hsr_slave_0: left promiscuous mode
[   93.749977][ T1137] hsr_slave_1: left promiscuous mode
[   93.752140][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   93.755683][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0
[   93.761063][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   93.764091][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1
[   93.792102][ T1137] veth1_macvtap: left promiscuous mode
[   93.794055][ T1137] veth0_macvtap: left promiscuous mode
[   93.795983][ T1137] veth1_vlan: left promiscuous mode
[   93.798376][ T1137] veth0_vlan: left promiscuous mode
[   94.427196][ T7288] netlink: 'syz.1.256': attribute type 10 has an invalid length.
[   94.658809][ T1137] team0 (unregistering): Port device team_slave_1 removed
[   94.711704][ T1137] team0 (unregistering): Port device team_slave_0 removed
[   95.304959][ T7210] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.323607][ T7210] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.367225][ T7210] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.382534][ T7210] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.397943][ T5941] Bluetooth: hci1: command tx timeout
[   95.461767][ T7210] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.473842][ T7210] 8021q: adding VLAN 0 to HW filter on device team0
[   95.483331][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.485590][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.493422][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.495676][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.637876][ T7210] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.671437][ T7210] veth0_vlan: entered promiscuous mode
[   95.675853][ T7210] veth1_vlan: entered promiscuous mode
[   95.697730][ T7210] veth0_macvtap: entered promiscuous mode
[   95.774455][ T7210] veth1_macvtap: entered promiscuous mode
[   95.828393][ T7210] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   95.837417][ T7210] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.845271][ T7210] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   95.849216][ T7210] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.853403][ T7210] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.871058][ T7210] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   95.878931][ T7210] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.886571][ T7210] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   95.894214][ T7210] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.899532][ T7210] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   95.906297][ T7210] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.915534][ T7210] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.973739][ T7210] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.981866][ T7210] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.991292][ T7210] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.998046][ T7210] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.132853][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.153933][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.217480][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.223881][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.648369][ T1324] usb 8-1: USB disconnect, device number 5
[   96.761956][ T7342] netlink: 16 bytes leftover after parsing attributes in process `syz.3.265'.
[   96.765625][ T7342] netlink: 16 bytes leftover after parsing attributes in process `syz.3.265'.
[   96.768728][ T7342] netlink: 16 bytes leftover after parsing attributes in process `syz.3.265'.
[   97.148049][ T1324] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[   97.157441][ T7357] input: syz0 as /devices/virtual/input/input13
[   97.318822][ T1324] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   97.322046][ T1324] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   97.325078][ T1324] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   97.328088][ T1324] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   97.338005][ T1324] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   97.349583][ T1324] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   97.357553][ T1324] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   97.367862][ T1324] usb 8-1: Product: syz
[   97.369265][ T1324] usb 8-1: Manufacturer: syz
[   97.378406][ T1324] cdc_wdm 8-1:1.0: skipping garbage
[   97.380008][ T1324] cdc_wdm 8-1:1.0: skipping garbage
[   97.388558][ T1324] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[   97.390465][ T1324] cdc_wdm 8-1:1.0: Unknown control protocol
[   98.160125][   T94] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.737702][ T7378] netlink: 'syz.2.271': attribute type 11 has an invalid length.
[   98.988625][ T5938] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   98.992581][ T5938] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   98.995154][ T5938] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   98.998513][ T5938] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   99.002385][ T5938] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   99.066795][   T24] usb 8-1: USB disconnect, device number 6
[   99.253235][ T7393] netlink: 16 bytes leftover after parsing attributes in process `syz.1.272'.
[   99.256124][ T7393] netlink: 20 bytes leftover after parsing attributes in process `syz.1.272'.
[   99.263874][ T7393] geneve2: entered allmulticast mode
[   99.281174][ T7383] chnl_net:caif_netlink_parms(): no params data found
[   99.564277][   T40] audit: type=1326 audit(1746255399.566:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7395 comm="syz.3.274" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f61579 code=0x0
[   99.587442][ T7383] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.600974][ T7383] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.607600][ T7383] bridge_slave_0: entered allmulticast mode
[   99.645961][ T7383] bridge_slave_0: entered promiscuous mode
[   99.704063][ T7383] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.765052][ T7383] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.815109][ T7383] bridge_slave_1: entered allmulticast mode
[   99.828861][ T7383] bridge_slave_1: entered promiscuous mode
[  100.093971][ T7383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.113040][   T94] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.133017][ T7383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.150960][ T7412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.277'.
[  100.188500][   T94] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.198963][ T7383] team0: Port device team_slave_0 added
[  100.221880][ T7412] FAULT_INJECTION: forcing a failure.
[  100.221880][ T7412] name failslab, interval 1, probability 0, space 0, times 0
[  100.227189][ T7412] CPU: 0 UID: 0 PID: 7412 Comm: syz.2.277 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[  100.227209][ T7412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  100.227217][ T7412] Call Trace:
[  100.227229][ T7412]  <TASK>
[  100.227235][ T7412]  dump_stack_lvl+0x16c/0x1f0
[  100.227267][ T7412]  should_fail_ex+0x512/0x640
[  100.227289][ T7412]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  100.227315][ T7412]  should_failslab+0xc2/0x120
[  100.227333][ T7412]  __kmalloc_cache_noprof+0x6a/0x3e0
[  100.227354][ T7412]  ? cryptomgr_notify+0xa8/0xbc0
[  100.227375][ T7412]  cryptomgr_notify+0xa8/0xbc0
[  100.227394][ T7412]  ? down_read+0x13d/0x480
[  100.227414][ T7412]  notifier_call_chain+0xb9/0x410
[  100.227431][ T7412]  ? __pfx_cryptomgr_notify+0x10/0x10
[  100.227456][ T7412]  blocking_notifier_call_chain+0x69/0xa0
[  100.227475][ T7412]  crypto_alg_mod_lookup+0x2f6/0x520
[  100.227494][ T7412]  crypto_add_alg+0x248/0x3a0
[  100.227512][ T7412]  ? __pfx_crypto_add_alg+0x10/0x10
[  100.227534][ T7412]  crypto_user_rcv_msg+0x3f9/0x570
[  100.227556][ T7412]  ? __pfx_crypto_user_rcv_msg+0x10/0x10
[  100.227599][ T7412]  ? preempt_schedule_thunk+0x16/0x30
[  100.227624][ T7412]  ? preempt_schedule_common+0x44/0xc0
[  100.227644][ T7412]  netlink_rcv_skb+0x16a/0x440
[  100.227660][ T7412]  ? __pfx_crypto_user_rcv_msg+0x10/0x10
[  100.227680][ T7412]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  100.227695][ T7412]  ? crypto_netlink_rcv+0x1b/0x40
[  100.227726][ T7412]  ? netlink_deliver_tap+0x1ae/0xd30
[  100.227748][ T7412]  crypto_netlink_rcv+0x2a/0x40
[  100.227765][ T7412]  netlink_unicast+0x53a/0x7f0
[  100.227799][ T7412]  ? __pfx_netlink_unicast+0x10/0x10
[  100.227825][ T7412]  netlink_sendmsg+0x8d1/0xdd0
[  100.227847][ T7412]  ? __pfx_netlink_sendmsg+0x10/0x10
[  100.227868][ T7412]  ? __import_iovec+0x1c8/0x660
[  100.227894][ T7412]  ____sys_sendmsg+0xa95/0xc70
[  100.227918][ T7412]  ? __pfx_____sys_sendmsg+0x10/0x10
[  100.227935][ T7412]  ? get_compat_msghdr+0x11a/0x170
[  100.227959][ T7412]  ___sys_sendmsg+0x134/0x1d0
[  100.227975][ T7412]  ? __pfx____sys_sendmsg+0x10/0x10
[  100.228018][ T7412]  __sys_sendmsg+0x16d/0x220
[  100.228036][ T7412]  ? __pfx___sys_sendmsg+0x10/0x10
[  100.228064][ T7412]  ? rcu_is_watching+0x12/0xc0
[  100.228096][ T7412]  __do_fast_syscall_32+0x73/0x120
[  100.228120][ T7412]  do_fast_syscall_32+0x32/0x80
[  100.228143][ T7412]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  100.228161][ T7412] RIP: 0023:0xf7f72579
[  100.228173][ T7412] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  100.228186][ T7412] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  100.228200][ T7412] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480
[  100.228209][ T7412] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  100.228224][ T7412] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  100.228233][ T7412] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  100.228241][ T7412] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  100.228264][ T7412]  </TASK>
[  100.231281][ T7383] team0: Port device team_slave_1 added
[  100.414013][   T94] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.825332][ T7383] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.835493][ T7383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.859482][ T7383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.868817][ T7383] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.871364][ T7383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.890741][ T7383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.005671][ T7383] hsr_slave_0: entered promiscuous mode
[  101.010383][ T7383] hsr_slave_1: entered promiscuous mode
[  101.014006][ T7383] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.022025][ T7383] Cannot create hsr debugfs directory
[  101.069192][ T5938] Bluetooth: hci1: command tx timeout
[  101.261812][   T94] bridge_slave_1: left allmulticast mode
[  101.263617][   T94] bridge_slave_1: left promiscuous mode
[  101.265989][   T94] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.283557][   T94] bridge_slave_0: left allmulticast mode
[  101.285770][   T94] bridge_slave_0: left promiscuous mode
[  101.300652][   T94] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.582762][   T94] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  101.586832][   T94] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  101.593494][   T94] bond0 (unregistering): Released all slaves
[  101.912004][   T40] audit: type=1326 audit(1746255401.926:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7432 comm="syz.2.281" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0
[  102.055519][   T40] audit: type=1326 audit(1746255402.066:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7449 comm="syz.1.286" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x0
[  102.103652][   T94] hsr_slave_0: left promiscuous mode
[  102.106661][   T94] hsr_slave_1: left promiscuous mode
[  102.111832][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.117986][   T94] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.121944][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.126907][   T94] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.154854][   T94] veth1_macvtap: left promiscuous mode
[  102.156766][   T94] veth0_macvtap: left promiscuous mode
[  102.159350][   T94] veth1_vlan: left promiscuous mode
[  102.161115][   T94] veth0_vlan: left promiscuous mode
[  102.264343][ T7463] input: syz0 as /devices/virtual/input/input14
[  103.145313][ T1017] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  103.157967][ T5938] Bluetooth: hci1: command tx timeout
[  103.299630][ T1017] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  103.304621][ T1017] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  103.313704][ T1017] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  103.319910][ T1017] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  103.331185][ T1017] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  103.337384][ T1017] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  103.341166][ T1017] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  103.347872][ T1017] usb 7-1: Product: syz
[  103.351587][ T1017] usb 7-1: Manufacturer: syz
[  103.386046][ T1017] cdc_wdm 7-1:1.0: skipping garbage
[  103.390733][ T1017] cdc_wdm 7-1:1.0: skipping garbage
[  103.398957][ T1017] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  103.405035][ T1017] cdc_wdm 7-1:1.0: Unknown control protocol
[  103.462576][   T94] team0 (unregistering): Port device team_slave_1 removed
[  103.520362][   T94] team0 (unregistering): Port device team_slave_0 removed
[  105.131056][ T7383] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.157425][ T7383] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.209766][ T7383] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.222814][ T7383] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.238621][ T5938] Bluetooth: hci1: command tx timeout
[  105.308913][   T34] usb 7-1: USB disconnect, device number 7
[  105.390537][ T7383] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.803137][    C1] vkms_vblank_simulate: vblank timer overrun
[  105.820387][ T7509] mkiss: ax0: crc mode is auto.
[  105.916805][    C1] vkms_vblank_simulate: vblank timer overrun
[  105.967542][ T7383] 8021q: adding VLAN 0 to HW filter on device team0
[  106.161049][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.163896][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.185309][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.190682][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.292435][    C1] vkms_vblank_simulate: vblank timer overrun
[  107.213504][ T7383] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  107.317885][ T5938] Bluetooth: hci1: command tx timeout
[  107.664868][    C1] vkms_vblank_simulate: vblank timer overrun
[  107.967008][ T7383] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.057006][ T7383] veth0_vlan: entered promiscuous mode
[  108.073185][ T7383] veth1_vlan: entered promiscuous mode
[  108.209287][ T7383] veth0_macvtap: entered promiscuous mode
[  108.221862][ T7383] veth1_macvtap: entered promiscuous mode
[  108.260942][ T7383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  108.264542][ T7383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.284977][ T7383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  108.289683][ T7383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.311507][ T7383] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.335491][ T7383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  108.376069][ T7383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.388178][ T7383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  108.394021][ T7383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.406908][ T7383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  108.433070][ T7383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  108.440390][ T7383] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.453283][ T7383] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.457079][ T7383] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.482672][ T7383] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.486547][ T7383] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.683149][    C1] vkms_vblank_simulate: vblank timer overrun
[  108.738203][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.750783][    C1] vkms_vblank_simulate: vblank timer overrun
[  108.776148][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.809384][ T7563] delete_channel: no stack
[  108.818507][    C1] vkms_vblank_simulate: vblank timer overrun
[  108.938850][   T94] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.964625][   T94] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.004978][ T7566] FAULT_INJECTION: forcing a failure.
[  109.004978][ T7566] name failslab, interval 1, probability 0, space 0, times 0
[  109.067692][ T7566] CPU: 3 UID: 0 PID: 7566 Comm: syz.1.305 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[  109.067719][ T7566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  109.067729][ T7566] Call Trace:
[  109.067736][ T7566]  <TASK>
[  109.067743][ T7566]  dump_stack_lvl+0x16c/0x1f0
[  109.067771][ T7566]  should_fail_ex+0x512/0x640
[  109.067814][ T7566]  ? __kmalloc_noprof+0xbf/0x510
[  109.067833][ T7566]  ? bpf_test_init.isra.0+0x9e/0x140
[  109.067856][ T7566]  should_failslab+0xc2/0x120
[  109.067877][ T7566]  __kmalloc_noprof+0xd2/0x510
[  109.067894][ T7566]  ? __lock_acquire+0x5ca/0x1ba0
[  109.067920][ T7566]  bpf_test_init.isra.0+0x9e/0x140
[  109.067947][ T7566]  bpf_prog_test_run_xdp+0x4f0/0x1540
[  109.067973][ T7566]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  109.068011][ T7566]  ? __might_fault+0x80/0x190
[  109.068034][ T7566]  ? fput+0x70/0xf0
[  109.068052][ T7566]  ? __bpf_prog_get+0xa0/0x290
[  109.068071][ T7566]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  109.068088][ T7566]  __sys_bpf+0x1485/0x4d80
[  109.068112][ T7566]  ? __pfx___sys_bpf+0x10/0x10
[  109.068132][ T7566]  ? ksys_write+0x190/0x240
[  109.068149][ T7566]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  109.068185][ T7566]  ? fput+0x70/0xf0
[  109.068203][ T7566]  ? ksys_write+0x1b9/0x240
[  109.068217][ T7566]  ? __pfx_ksys_write+0x10/0x10
[  109.068236][ T7566]  __ia32_sys_bpf+0x76/0xe0
[  109.068260][ T7566]  __do_fast_syscall_32+0x73/0x120
[  109.068284][ T7566]  do_fast_syscall_32+0x32/0x80
[  109.068306][ T7566]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  109.068325][ T7566] RIP: 0023:0xf703e579
[  109.068338][ T7566] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  109.068352][ T7566] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  109.068368][ T7566] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000240
[  109.068378][ T7566] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  109.068387][ T7566] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  109.068396][ T7566] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  109.068405][ T7566] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  109.068426][ T7566]  </TASK>
[  109.607082][    C1] vkms_vblank_simulate: vblank timer overrun
[  109.628510][ T7561] delete_channel: no stack
[  110.219086][    C1] vkms_vblank_simulate: vblank timer overrun
[  110.742660][   T94] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.111778][   T94] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.302689][   T94] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.442039][   T94] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.604710][ T7607] exFAT-fs (nullb0): invalid boot record signature
[  111.672736][ T7607] exFAT-fs (nullb0): failed to read boot sector
[  111.708809][ T7607] exFAT-fs (nullb0): failed to recognize exfat type
[  112.032259][   T94] bridge_slave_1: left allmulticast mode
[  112.036136][   T94] bridge_slave_1: left promiscuous mode
[  112.040529][   T94] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.267210][   T94] bridge_slave_0: left allmulticast mode
[  112.279816][   T94] bridge_slave_0: left promiscuous mode
[  112.285398][   T94] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.286778][ T5941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  112.338448][ T5941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  112.345021][ T5941] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  112.390893][ T5941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  112.396473][ T5941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  112.834593][ T7610] xt_CT: No such helper "pptp"
[  113.549777][ T7626] input: syz0 as /devices/virtual/input/input15
[  113.984429][   T94] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  114.044049][   T94] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  114.061910][   T94] bond0 (unregistering): Released all slaves
[  114.467209][ T5941] Bluetooth: hci1: command tx timeout
[  114.792978][ T7633] netlink: 16 bytes leftover after parsing attributes in process `syz.3.316'.
[  114.916473][ T7632] netlink: 'syz.3.316': attribute type 6 has an invalid length.
[  116.061472][ T7613] chnl_net:caif_netlink_parms(): no params data found
[  116.538076][ T5938] Bluetooth: hci1: command tx timeout
[  117.647174][   T94] hsr_slave_0: left promiscuous mode
[  117.650611][   T94] hsr_slave_1: left promiscuous mode
[  117.653427][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  117.656632][   T94] batman_adv: batadv0: Removing interface: batadv_slave_0
[  117.778490][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  117.853760][   T94] batman_adv: batadv0: Removing interface: batadv_slave_1
[  118.001344][ T7675] netlink: 16 bytes leftover after parsing attributes in process `syz.3.322'.
[  118.034898][   T94] veth1_macvtap: left promiscuous mode
[  118.037374][   T94] veth0_macvtap: left promiscuous mode
[  118.046747][   T94] veth1_vlan: left promiscuous mode
[  118.063375][   T94] veth0_vlan: left promiscuous mode
[  118.623199][ T5938] Bluetooth: hci1: command tx timeout
[  120.685182][ T5938] Bluetooth: hci1: command tx timeout
[  121.735442][   T94] team0 (unregistering): Port device team_slave_1 removed
[  122.088325][   T94] team0 (unregistering): Port device team_slave_0 removed
[  125.227109][ T7613] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.239836][ T7613] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.258347][ T7613] bridge_slave_0: entered allmulticast mode
[  125.299246][ T7613] bridge_slave_0: entered promiscuous mode
[  125.891912][ T7613] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.895115][ T7613] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.908570][ T7613] bridge_slave_1: entered allmulticast mode
[  125.943978][ T7613] bridge_slave_1: entered promiscuous mode
[  125.994360][ T7702] 9pnet_fd: Insufficient options for proto=fd
[  126.858349][ T7613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.929910][ T7613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.988152][ T5996] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  127.069540][ T7715] openvswitch: netlink: Missing key (keys=40, expected=80)
[  127.082144][ T7715] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  127.092830][ T7715] overlayfs: missing 'lowerdir'
[  127.175041][ T5996] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  127.180340][ T5996] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  127.184805][ T5996] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  127.184850][ T7613] team0: Port device team_slave_0 added
[  127.202005][ T5996] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  127.202033][ T5996] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  127.215573][ T5996] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  127.215600][ T5996] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  127.215616][ T5996] usb 8-1: Product: syz
[  127.215629][ T5996] usb 8-1: Manufacturer: syz
[  127.254858][ T5996] cdc_wdm 8-1:1.0: skipping garbage
[  127.269905][ T7613] team0: Port device team_slave_1 added
[  127.281638][ T5996] cdc_wdm 8-1:1.0: skipping garbage
[  127.356645][ T5996] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  127.361206][ T5996] cdc_wdm 8-1:1.0: Unknown control protocol
[  127.994714][ T7613] batman_adv: batadv0: Adding interface: batadv_slave_0
[  128.004512][ T7613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.113732][ T7613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  128.114937][ T7728] netlink: 'syz.2.328': attribute type 10 has an invalid length.
[  128.605637][ T7724] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[  128.704818][ T7727] bridge_slave_0: left allmulticast mode
[  128.710152][ T7727] bridge_slave_0: left promiscuous mode
[  128.715395][ T7727] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.802711][ T7727] bridge_slave_1: left allmulticast mode
[  128.805345][ T7727] bridge_slave_1: left promiscuous mode
[  128.811345][ T7727] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.930149][ T7727] bond0: (slave bond_slave_0): Releasing backup interface
[  128.973788][ T7727] bond0: (slave bond_slave_1): Releasing backup interface
[  129.066044][ T7727] team0: Port device team_slave_0 removed
[  129.112799][ T7727] team0: Port device team_slave_1 removed
[  129.117318][ T7727] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.133010][ T7727] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.145081][ T7727] batman_adv: batadv0: Removing interface: batadv_slave_1
[  129.181004][ T7727] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  129.202753][ T7727] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  129.212013][ T7727] bridge0: port 3(netdevsim0) entered disabled state
[  129.264724][ T7613] batman_adv: batadv0: Adding interface: batadv_slave_1
[  129.282826][ T7613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  129.310533][ T7613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  129.556025][ T5941] Bluetooth: hci1: command 0x0405 tx timeout
[  130.017247][ T7613] hsr_slave_0: entered promiscuous mode
[  130.034788][ T7613] hsr_slave_1: entered promiscuous mode
[  130.040177][ T7613] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  130.062958][ T7613] Cannot create hsr debugfs directory
[  132.069251][ T6015] usb 8-1: USB disconnect, device number 7
[  132.363651][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  132.367502][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  132.446834][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.509143][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.548226][ T7770] input: syz1 as /devices/virtual/input/input16
[  132.698036][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.788055][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.826910][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.226803][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.374802][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.524404][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.313786][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.402862][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.754919][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.908246][ T7799] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  135.009644][ T7801] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'.
[  135.127277][    C1] vkms_vblank_simulate: vblank timer overrun
[  135.892243][    C1] vkms_vblank_simulate: vblank timer overrun
[  135.962811][ T7613] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  136.010609][ T7613] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  136.031393][ T7613] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  136.102365][ T7613] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  136.506432][ T7613] 8021q: adding VLAN 0 to HW filter on device bond0
[  136.537466][ T7613] 8021q: adding VLAN 0 to HW filter on device team0
[  136.576430][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.588744][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.614427][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.655037][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.831451][ T7613] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  136.870888][   T40] audit: type=1326 audit(1746255436.866:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7808 comm="syz.3.339" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f61579 code=0x0
[  137.054598][ T7613] 8021q: adding VLAN 0 to HW filter on device batadv0
[  137.105325][ T7613] veth0_vlan: entered promiscuous mode
[  137.159314][ T7613] veth1_vlan: entered promiscuous mode
[  137.200078][ T7613] veth0_macvtap: entered promiscuous mode
[  137.212374][ T7613] veth1_macvtap: entered promiscuous mode
[  137.367711][ T7613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.403527][ T7613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.407057][ T7613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.414833][ T7613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.428917][ T7613] batman_adv: batadv0: Interface activated: batadv_slave_0
[  137.442380][ T7613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  137.483563][ T7613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.514678][ T7613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  137.522355][ T7613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.532748][ T7613] batman_adv: batadv0: Interface activated: batadv_slave_1
[  137.597528][ T7613] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  137.618265][ T7613] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  137.647633][ T7613] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  137.652077][ T7613] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.182639][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.186991][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.242883][   T40] audit: type=1326 audit(1746255438.196:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7834 comm="syz.1.340" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  138.259992][   T40] audit: type=1326 audit(1746255438.196:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7834 comm="syz.1.340" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  138.538957][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.544003][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.654046][ T7848] netlink: 'syz.1.341': attribute type 23 has an invalid length.
[  138.898023][    T9] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  139.063948][    T9] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  139.079942][    T9] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  139.085361][    T9] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  139.103448][    T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  139.111035][    T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  139.122047][    T9] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  139.128111][    T9] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  139.132552][    T9] usb 8-1: Product: syz
[  139.146131][    T9] usb 8-1: Manufacturer: syz
[  139.242215][    T9] cdc_wdm 8-1:1.0: skipping garbage
[  139.244768][    T9] cdc_wdm 8-1:1.0: skipping garbage
[  139.327743][    T9] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  139.331694][    T9] cdc_wdm 8-1:1.0: Unknown control protocol
[  139.370978][ T6015] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  139.582230][ T6015] usb 7-1: unable to get BOS descriptor or descriptor too short
[  139.588972][ T6015] usb 7-1: unable to read config index 0 descriptor/start: -71
[  139.594716][ T6015] usb 7-1: can't read configurations, error -71
[  141.032909][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.330705][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.702150][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.051015][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.288743][ T5941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  142.293745][ T5941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  142.300172][ T5941] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  142.304800][ T5941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  142.334462][ T5941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  142.627286][   T66] usb 8-1: USB disconnect, device number 8
[  143.238820][   T12] bridge_slave_1: left allmulticast mode
[  143.270479][   T12] bridge_slave_1: left promiscuous mode
[  143.273993][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.345826][   T12] bridge_slave_0: left allmulticast mode
[  143.357876][   T12] bridge_slave_0: left promiscuous mode
[  143.438490][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.781897][ T7909] input: syz0 as /devices/virtual/input/input17
[  144.438139][ T5941] Bluetooth: hci1: command tx timeout
[  144.863283][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  144.919727][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  144.940519][   T12] bond0 (unregistering): Released all slaves
[  145.058371][ T7927] warning: `syz.1.351' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  145.507969][ T7898] chnl_net:caif_netlink_parms(): no params data found
[  146.258908][   T12] hsr_slave_0: left promiscuous mode
[  146.261731][   T12] hsr_slave_1: left promiscuous mode
[  146.264349][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  146.317944][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  146.425961][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  146.437984][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  146.500902][   T12] veth1_macvtap: left promiscuous mode
[  146.509436][ T5941] Bluetooth: hci1: command tx timeout
[  146.523410][   T12] veth0_macvtap: left promiscuous mode
[  146.528029][   T12] veth1_vlan: left promiscuous mode
[  146.531060][   T12] veth0_vlan: left promiscuous mode
[  148.194552][ T7951] FAULT_INJECTION: forcing a failure.
[  148.194552][ T7951] name failslab, interval 1, probability 0, space 0, times 0
[  148.200754][ T7951] CPU: 1 UID: 0 PID: 7951 Comm: syz.3.355 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[  148.200789][ T7951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  148.200799][ T7951] Call Trace:
[  148.200805][ T7951]  <TASK>
[  148.200811][ T7951]  dump_stack_lvl+0x16c/0x1f0
[  148.200838][ T7951]  should_fail_ex+0x512/0x640
[  148.200865][ T7951]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  148.200887][ T7951]  should_failslab+0xc2/0x120
[  148.200907][ T7951]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  148.200925][ T7951]  ? do_kmem_cache_create+0x1b3/0x730
[  148.200948][ T7951]  do_kmem_cache_create+0x1b3/0x730
[  148.200971][ T7951]  __kmem_cache_create_args+0x225/0x390
[  148.200988][ T7951]  ? p9_client_create+0xe16/0x11c0
[  148.201013][ T7951]  p9_client_create+0xec0/0x11c0
[  148.201042][ T7951]  ? __pfx_p9_client_create+0x10/0x10
[  148.201070][ T7951]  ? rcu_is_watching+0x12/0xc0
[  148.201089][ T7951]  ? lockdep_init_map_type+0x5c/0x280
[  148.201109][ T7951]  ? __raw_spin_lock_init+0x3a/0x110
[  148.201136][ T7951]  v9fs_session_init+0x1f7/0x1a80
[  148.201164][ T7951]  ? __pfx_v9fs_session_init+0x10/0x10
[  148.201197][ T7951]  v9fs_mount+0xc5/0xa30
[  148.201213][ T7951]  ? rcu_is_watching+0x12/0xc0
[  148.201225][ T7951]  ? __pfx_v9fs_mount+0x10/0x10
[  148.201246][ T7951]  ? apparmor_capable+0x114/0x1d0
[  148.201264][ T7951]  ? __pfx_v9fs_mount+0x10/0x10
[  148.201282][ T7951]  legacy_get_tree+0x109/0x220
[  148.201310][ T7951]  vfs_get_tree+0x8b/0x340
[  148.201333][ T7951]  path_mount+0x14d4/0x1f20
[  148.201352][ T7951]  ? kmem_cache_free+0x2d4/0x4d0
[  148.201364][ T7951]  ? __pfx_path_mount+0x10/0x10
[  148.201379][ T7951]  ? putname+0x154/0x1a0
[  148.201394][ T7951]  __ia32_sys_mount+0x28b/0x310
[  148.201407][ T7951]  ? __pfx___ia32_sys_mount+0x10/0x10
[  148.201421][ T7951]  ? rcu_is_watching+0x12/0xc0
[  148.201434][ T7951]  __do_fast_syscall_32+0x73/0x120
[  148.201452][ T7951]  do_fast_syscall_32+0x32/0x80
[  148.201468][ T7951]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  148.201483][ T7951] RIP: 0023:0xf7f61579
[  148.201493][ T7951] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  148.201585][ T7951] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  148.201599][ T7951] RAX: ffffffffffffffda RBX: 00000000800001c0 RCX: 0000000080000480
[  148.201606][ T7951] RDX: 00000000800004c0 RSI: 0000000000000000 RDI: 0000000080000c00
[  148.201613][ T7951] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  148.201632][ T7951] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  148.201640][ T7951] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  148.201656][ T7951]  </TASK>
[  148.201912][ T7951] __kmem_cache_create_args(9p-fcall-cache-7) failed with error -22
[  148.397153][ T7951] CPU: 1 UID: 0 PID: 7951 Comm: syz.3.355 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[  148.397191][ T7951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  148.397201][ T7951] Call Trace:
[  148.397208][ T7951]  <TASK>
[  148.397216][ T7951]  dump_stack_lvl+0x16c/0x1f0
[  148.397241][ T7951]  __kmem_cache_create_args+0x125/0x390
[  148.397264][ T7951]  p9_client_create+0xec0/0x11c0
[  148.397294][ T7951]  ? __pfx_p9_client_create+0x10/0x10
[  148.397318][ T7951]  ? rcu_is_watching+0x12/0xc0
[  148.397337][ T7951]  ? lockdep_init_map_type+0x5c/0x280
[  148.397359][ T7951]  ? __raw_spin_lock_init+0x3a/0x110
[  148.397381][ T7951]  v9fs_session_init+0x1f7/0x1a80
[  148.397403][ T7951]  ? __pfx_v9fs_session_init+0x10/0x10
[  148.397430][ T7951]  v9fs_mount+0xc5/0xa30
[  148.397446][ T7951]  ? rcu_is_watching+0x12/0xc0
[  148.397458][ T7951]  ? __pfx_v9fs_mount+0x10/0x10
[  148.397475][ T7951]  ? apparmor_capable+0x114/0x1d0
[  148.397491][ T7951]  ? __pfx_v9fs_mount+0x10/0x10
[  148.397509][ T7951]  legacy_get_tree+0x109/0x220
[  148.397535][ T7951]  vfs_get_tree+0x8b/0x340
[  148.397553][ T7951]  path_mount+0x14d4/0x1f20
[  148.397568][ T7951]  ? kmem_cache_free+0x2d4/0x4d0
[  148.397581][ T7951]  ? __pfx_path_mount+0x10/0x10
[  148.397597][ T7951]  ? putname+0x154/0x1a0
[  148.397613][ T7951]  __ia32_sys_mount+0x28b/0x310
[  148.397627][ T7951]  ? __pfx___ia32_sys_mount+0x10/0x10
[  148.397642][ T7951]  ? rcu_is_watching+0x12/0xc0
[  148.397656][ T7951]  __do_fast_syscall_32+0x73/0x120
[  148.397675][ T7951]  do_fast_syscall_32+0x32/0x80
[  148.397692][ T7951]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  148.397709][ T7951] RIP: 0023:0xf7f61579
[  148.397720][ T7951] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  148.397733][ T7951] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  148.397746][ T7951] RAX: ffffffffffffffda RBX: 00000000800001c0 RCX: 0000000080000480
[  148.397755][ T7951] RDX: 00000000800004c0 RSI: 0000000000000000 RDI: 0000000080000c00
[  148.397763][ T7951] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  148.397770][ T7951] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  148.397792][ T7951] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  148.397810][ T7951]  </TASK>
[  148.588226][ T5941] Bluetooth: hci1: command tx timeout
[  150.670467][ T5941] Bluetooth: hci1: command tx timeout
[  151.129254][   T12] team0 (unregistering): Port device team_slave_1 removed
[  151.301265][   T40] audit: type=1326 audit(1746255451.316:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.2.358" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0
[  151.790209][   T12] team0 (unregistering): Port device team_slave_0 removed
[  154.496681][ T7898] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.504931][ T7898] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.511793][ T7898] bridge_slave_0: entered allmulticast mode
[  154.566124][ T7898] bridge_slave_0: entered promiscuous mode
[  154.779987][ T7898] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.783176][ T7898] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.786589][ T7898] bridge_slave_1: entered allmulticast mode
[  154.802128][ T7898] bridge_slave_1: entered promiscuous mode
[  154.996991][ T7898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  155.052981][ T7898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  155.399191][ T5941] Bluetooth: hci3: link tx timeout
[  155.401740][ T5941] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa
[  155.406838][ T5941] Bluetooth: hci3: link tx timeout
[  155.409931][ T5941] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  155.571655][ T7898] team0: Port device team_slave_0 added
[  155.590474][ T7898] team0: Port device team_slave_1 added
[  155.807334][ T6015] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  156.023448][ T7898] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.026605][ T7898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.052556][ T6015] usb 7-1: device descriptor read/64, error -71
[  156.056305][ T7898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.109782][   T40] audit: type=1326 audit(1746255456.116:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7976 comm="syz.3.359" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f61579 code=0x0
[  156.151474][ T7898] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.156622][ T7898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.184195][ T7898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  156.364270][ T6015] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  156.518142][ T7898] hsr_slave_0: entered promiscuous mode
[  156.548241][ T7898] hsr_slave_1: entered promiscuous mode
[  156.551116][ T6015] usb 7-1: device descriptor read/64, error -71
[  156.586154][ T7898] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  156.590563][ T7898] Cannot create hsr debugfs directory
[  156.695042][ T6015] usb usb7-port1: attempt power cycle
[  157.075925][ T6015] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  157.111925][ T6015] usb 7-1: device descriptor read/8, error -71
[  157.358205][ T6015] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  157.435621][ T6015] usb 7-1: device descriptor read/8, error -71
[  157.496111][ T5941] Bluetooth: hci3: command 0x0406 tx timeout
[  157.578628][ T6015] usb usb7-port1: unable to enumerate USB device
[  159.630305][ T5941] Bluetooth: hci3: command 0x0406 tx timeout
[  160.015537][ T7898] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  160.064084][ T7898] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  160.163356][ T7898] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  160.202227][ T8027] 9pnet_fd: Insufficient options for proto=fd
[  160.291033][ T8033] 9pnet_fd: Insufficient options for proto=fd
[  160.413625][ T5938] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  160.574663][ T7898] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  161.017970][ T7898] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.088316][ T7898] 8021q: adding VLAN 0 to HW filter on device team0
[  161.187353][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.195562][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.205300][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.209022][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.453750][ T8052] input: syz0 as /devices/virtual/input/input18
[  162.037054][ T7898] 8021q: adding VLAN 0 to HW filter on device batadv0
[  162.154670][ T7898] veth0_vlan: entered promiscuous mode
[  162.255246][ T7898] veth1_vlan: entered promiscuous mode
[  162.346868][ T7898] veth0_macvtap: entered promiscuous mode
[  162.375102][ T7898] veth1_macvtap: entered promiscuous mode
[  162.417070][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  162.451861][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  162.474506][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  162.498526][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  162.506620][ T7898] batman_adv: batadv0: Interface activated: batadv_slave_0
[  162.528141][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  162.550109][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  162.562997][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  162.584384][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  162.601727][ T7898] batman_adv: batadv0: Interface activated: batadv_slave_1
[  162.625066][ T7898] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  162.649047][ T7898] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  162.652471][ T7898] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  162.655499][ T7898] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  162.686197][ T1017] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  162.868034][ T1017] usb 6-1: device descriptor read/64, error -71
[  163.004848][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  163.010502][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  163.104249][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  163.158026][ T1017] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  163.168600][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  163.335002][ T1017] usb 6-1: device descriptor read/64, error -71
[  163.448892][ T1017] usb usb6-port1: attempt power cycle
[  163.688644][ T8092] 9pnet_fd: Insufficient options for proto=fd
[  163.800207][ T1017] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  163.842040][ T1017] usb 6-1: device descriptor read/8, error -71
[  164.135128][ T1017] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  164.190775][ T1017] usb 6-1: device descriptor read/8, error -71
[  164.304971][ T1017] usb usb6-port1: unable to enumerate USB device
[  165.881176][ T1138] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.099280][ T8120] 9pnet_fd: Insufficient options for proto=fd
[  167.768499][ T5941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  167.773763][ T5941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  167.828369][ T5941] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  167.846746][ T5941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  167.851791][ T5941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  168.151082][ T1138] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.464948][ T8130] chnl_net:caif_netlink_parms(): no params data found
[  168.601999][ T8151] netlink: 4 bytes leftover after parsing attributes in process `syz.2.387'.
[  168.608742][   T66] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  168.883351][   T66] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  168.889568][   T66] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  168.896563][   T66] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  168.918329][   T66] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.928046][   T66] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.953779][   T66] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  168.970550][ T8150] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.978852][   T66] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  168.993086][   T66] usb 8-1: Product: syz
[  168.998324][   T66] usb 8-1: Manufacturer: syz
[  169.077376][   T66] cdc_wdm 8-1:1.0: skipping garbage
[  169.085487][   T66] cdc_wdm 8-1:1.0: skipping garbage
[  169.104898][   T66] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  169.113669][   T66] cdc_wdm 8-1:1.0: Unknown control protocol
[  169.224890][ T1138] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.273053][ T8147] cdc_wdm 8-1:1.0: Error submitting int urb - -90
[  169.279595][ T8147] cdc_wdm 8-1:1.0: Error submitting int urb - -90
[  169.947947][ T5941] Bluetooth: hci1: command tx timeout
[  170.219997][ T8150] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.268213][ T5941] Bluetooth: hci2: command 0x0406 tx timeout
[  170.401853][ T1138] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.447109][ T8130] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.466947][ T8130] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.475626][ T8130] bridge_slave_0: entered allmulticast mode
[  170.514522][ T8130] bridge_slave_0: entered promiscuous mode
[  170.521235][ T8130] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.533900][ T8130] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.555713][ T8130] bridge_slave_1: entered allmulticast mode
[  170.559652][ T8130] bridge_slave_1: entered promiscuous mode
[  170.697531][ T8150] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.155973][ T8150] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.202636][ T8130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.352123][ T8130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.395938][ T8172] 9pnet_fd: Insufficient options for proto=fd
[  171.446465][ T1138] bridge_slave_1: left allmulticast mode
[  171.449160][ T1138] bridge_slave_1: left promiscuous mode
[  171.451860][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.472363][ T1138] bridge_slave_0: left allmulticast mode
[  171.476370][ T1138] bridge_slave_0: left promiscuous mode
[  171.503305][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.044835][ T5938] Bluetooth: hci1: command tx timeout
[  172.603231][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  172.621849][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  172.627725][ T1138] bond0 (unregistering): Released all slaves
[  172.821400][ T8130] team0: Port device team_slave_0 added
[  172.955595][ T8150] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  172.997008][ T8150] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  173.033204][ T8130] team0: Port device team_slave_1 added
[  173.375285][ T8150] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  173.427641][ T8185] 9pnet_virtio: no channels available for device nl80211
[  173.468332][ T8185] netlink: 4 bytes leftover after parsing attributes in process `syz.1.393'.
[  173.541165][ T8130] batman_adv: batadv0: Adding interface: batadv_slave_0
[  173.554847][ T8130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.580015][ T8130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  173.605907][ T8130] batman_adv: batadv0: Adding interface: batadv_slave_1
[  173.609753][ T8130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.639129][ T8130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  173.854896][ T8188] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  173.967744][ T8150] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  174.126641][ T5938] Bluetooth: hci1: command tx timeout
[  174.165538][ T8130] hsr_slave_0: entered promiscuous mode
[  174.195449][ T8130] hsr_slave_1: entered promiscuous mode
[  174.250771][ T8130] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  174.254192][ T8130] Cannot create hsr debugfs directory
[  175.442755][ T8210] netlink: 20 bytes leftover after parsing attributes in process `syz.1.399'.
[  175.447016][ T8210] netlink: 20 bytes leftover after parsing attributes in process `syz.1.399'.
[  175.508247][ T6015] usb 8-1: USB disconnect, device number 9
[  175.538544][ T8213] netlink: 12 bytes leftover after parsing attributes in process `syz.2.400'.
[  175.544041][ T1138] hsr_slave_0: left promiscuous mode
[  175.770389][ T1138] hsr_slave_1: left promiscuous mode
[  175.773862][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  175.783289][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0
[  175.819494][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  175.822597][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1
[  176.046157][ T1138] veth1_macvtap: left promiscuous mode
[  176.050201][ T1138] veth0_macvtap: left promiscuous mode
[  176.053106][ T1138] veth1_vlan: left promiscuous mode
[  176.061080][ T1138] veth0_vlan: left promiscuous mode
[  176.197983][ T5938] Bluetooth: hci1: command tx timeout
[  176.491440][ T8235] netlink: 24 bytes leftover after parsing attributes in process `syz.3.404'.
[  180.347015][ T1138] team0 (unregistering): Port device team_slave_1 removed
[  180.860899][ T1138] team0 (unregistering): Port device team_slave_0 removed
[  184.826122][ T8265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.406'.
[  187.032373][ T8286] netlink: 24 bytes leftover after parsing attributes in process `syz.1.414'.
[  190.141883][ T8130] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  190.172616][ T8130] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  190.269247][ T8130] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  190.310917][   T40] audit: type=1326 audit(1746255490.326:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8323 comm="syz.1.418" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x0
[  190.341932][ T8130] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  190.707590][ T8130] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.733920][ T8130] 8021q: adding VLAN 0 to HW filter on device team0
[  190.766531][ T8354] netlink: 8 bytes leftover after parsing attributes in process `syz.2.422'.
[  190.788294][ T8354] gretap0: entered promiscuous mode
[  190.794425][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.797183][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.832951][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.844815][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  190.934647][ T8130] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  191.007421][ T8130] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  191.082562][ T8356] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  191.403326][ T8130] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.089356][ T8130] veth0_vlan: entered promiscuous mode
[  192.262416][ T8130] veth1_vlan: entered promiscuous mode
[  192.299654][ T8130] veth0_macvtap: entered promiscuous mode
[  192.356886][ T8130] veth1_macvtap: entered promiscuous mode
[  192.511325][ T8394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.426'.
[  192.683280][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  192.693338][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.697250][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  192.716538][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.717705][ T8130] batman_adv: batadv0: Interface activated: batadv_slave_0
[  192.730711][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  192.778387][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.784097][ T8130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  192.802859][ T8130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.817383][ T8130] batman_adv: batadv0: Interface activated: batadv_slave_1
[  192.885572][ T8130] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.901846][ T8130] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.907278][ T8130] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.915817][ T8130] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  193.363338][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.383667][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.499314][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.502661][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.811440][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  193.814119][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  194.281579][ T8415] overlayfs: unescaped trailing colons in lowerdir mount option.
[  194.871263][ T1324] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  195.075019][ T1324] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  195.079118][ T1324] usb 7-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  195.085288][ T1324] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  195.092890][ T1324] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  195.112491][ T1324] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  195.138804][   T24] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  195.166526][ T1324] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  195.178441][ T1324] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  195.181847][ T1324] usb 7-1: Product: syz
[  195.185498][ T1324] usb 7-1: Manufacturer: syz
[  195.253145][ T1324] cdc_wdm 7-1:1.0: skipping garbage
[  195.255562][ T1324] cdc_wdm 7-1:1.0: skipping garbage
[  195.271631][ T1324] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  195.301631][   T24] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  195.326558][   T24] usb 8-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  195.358521][   T24] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  195.372011][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  195.379991][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  195.393922][   T24] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  195.400102][   T24] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  195.407055][   T24] usb 8-1: Product: syz
[  195.411164][   T24] usb 8-1: Manufacturer: syz
[  195.436368][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  195.440502][   T24] cdc_wdm 8-1:1.0: skipping garbage
[  195.447406][   T24] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[  195.624224][ T8425] FAULT_INJECTION: forcing a failure.
[  195.624224][ T8425] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  195.630439][ T8425] CPU: 1 UID: 0 PID: 8425 Comm: syz.1.432 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[  195.630466][ T8425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  195.630478][ T8425] Call Trace:
[  195.630485][ T8425]  <TASK>
[  195.630492][ T8425]  dump_stack_lvl+0x16c/0x1f0
[  195.630544][ T8425]  should_fail_ex+0x512/0x640
[  195.630577][ T8425]  should_fail_alloc_page+0xe7/0x130
[  195.630601][ T8425]  prepare_alloc_pages+0x3c2/0x610
[  195.630627][ T8425]  ? rcu_is_watching+0x12/0xc0
[  195.630647][ T8425]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  195.630672][ T8425]  ? __lock_acquire+0x5ca/0x1ba0
[  195.630698][ T8425]  ? xas_create+0x1d7/0x1460
[  195.630723][ T8425]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  195.630743][ T8425]  ? cgroup_rstat_updated+0x2a/0xb20
[  195.630783][ T8425]  ? __lock_acquire+0x5ca/0x1ba0
[  195.630805][ T8425]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  195.630831][ T8425]  ? policy_nodemask+0xea/0x4e0
[  195.630855][ T8425]  alloc_pages_mpol+0x1fb/0x550
[  195.630878][ T8425]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  195.630901][ T8425]  ? filemap_get_entry+0x1a7/0x3b0
[  195.630930][ T8425]  folio_alloc_noprof+0x20/0x2d0
[  195.630954][ T8425]  filemap_alloc_folio_noprof+0x3a1/0x470
[  195.630976][ T8425]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[  195.631004][ T8425]  __filemap_get_folio+0x5e9/0xc10
[  195.631034][ T8425]  ioctx_alloc+0x761/0x2060
[  195.631073][ T8425]  ? __pfx_ioctx_alloc+0x10/0x10
[  195.631097][ T8425]  ? __might_fault+0x13b/0x190
[  195.631125][ T8425]  __ia32_compat_sys_io_setup+0xc8/0x210
[  195.631154][ T8425]  __do_fast_syscall_32+0x73/0x120
[  195.631182][ T8425]  do_fast_syscall_32+0x32/0x80
[  195.631203][ T8425]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  195.631219][ T8425] RIP: 0023:0xf703e579
[  195.631232][ T8425] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  195.631249][ T8425] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000f5
[  195.631267][ T8425] RAX: ffffffffffffffda RBX: 0000000000004082 RCX: 0000000080000380
[  195.631279][ T8425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  195.631289][ T8425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  195.631299][ T8425] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  195.631310][ T8425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  195.631334][ T8425]  </TASK>
[  196.359840][   T94] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.777489][   T94] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.103638][   T24] usb 7-1: USB disconnect, device number 14
[  197.309152][   T94] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.610548][   T94] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.695941][ T8439] input: syz0 as /devices/virtual/input/input20
[  197.803066][ T5941] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  197.810000][ T5941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  197.836725][ T5941] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  197.864465][ T5941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  197.870732][ T5941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  197.964168][ T1017] usb 8-1: USB disconnect, device number 10
[  198.233937][   T94] bridge_slave_1: left allmulticast mode
[  198.236327][   T94] bridge_slave_1: left promiscuous mode
[  198.247204][   T94] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.293893][   T94] bridge_slave_0: left allmulticast mode
[  198.295207][ T8450] FAULT_INJECTION: forcing a failure.
[  198.295207][ T8450] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  198.301682][   T94] bridge_slave_0: left promiscuous mode
[  198.301884][   T94] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.347210][ T8450] CPU: 2 UID: 0 PID: 8450 Comm: syz.3.436 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[  198.347235][ T8450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  198.347245][ T8450] Call Trace:
[  198.347251][ T8450]  <TASK>
[  198.347258][ T8450]  dump_stack_lvl+0x16c/0x1f0
[  198.347286][ T8450]  should_fail_ex+0x512/0x640
[  198.347311][ T8450]  should_fail_alloc_page+0xe7/0x130
[  198.347333][ T8450]  prepare_alloc_pages+0x3c2/0x610
[  198.347362][ T8450]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  198.347383][ T8450]  ? copy_splice_read+0x1a8/0xba0
[  198.347406][ T8450]  ? stack_trace_save+0x8e/0xc0
[  198.347423][ T8450]  ? __pfx_stack_trace_save+0x10/0x10
[  198.347439][ T8450]  ? stack_depot_save_flags+0x28/0xa50
[  198.347467][ T8450]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  198.347484][ T8450]  ? kasan_save_stack+0x33/0x60
[  198.347500][ T8450]  ? __kasan_kmalloc+0xaa/0xb0
[  198.347515][ T8450]  ? copy_splice_read+0x1a8/0xba0
[  198.347535][ T8450]  ? do_splice_read+0x282/0x370
[  198.347560][ T8450]  ? splice_direct_to_actor+0x2a1/0xa30
[  198.347581][ T8450]  ? do_splice_direct+0x174/0x240
[  198.347601][ T8450]  ? do_sendfile+0xafd/0xe50
[  198.347623][ T8450]  ? __ia32_compat_sys_sendfile+0x1e5/0x220
[  198.347642][ T8450]  ? __do_fast_syscall_32+0x73/0x120
[  198.347681][ T8450]  alloc_pages_bulk_noprof+0x703/0x13b0
[  198.347707][ T8450]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  198.347732][ T8450]  ? trace_kmalloc+0x2b/0xd0
[  198.347751][ T8450]  ? __kmalloc_noprof+0x242/0x510
[  198.347791][ T8450]  copy_splice_read+0x1e1/0xba0
[  198.347822][ T8450]  ? __pfx_copy_splice_read+0x10/0x10
[  198.347846][ T8450]  ? look_up_lock_class+0x59/0x150
[  198.347873][ T8450]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  198.347899][ T8450]  ? __pfx_copy_splice_read+0x10/0x10
[  198.347921][ T8450]  do_splice_read+0x282/0x370
[  198.347946][ T8450]  splice_direct_to_actor+0x2a1/0xa30
[  198.347971][ T8450]  ? __pfx_direct_splice_actor+0x10/0x10
[  198.347998][ T8450]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  198.348019][ T8450]  ? get_pid_task+0xfc/0x250
[  198.348046][ T8450]  do_splice_direct+0x174/0x240
[  198.348065][ T8450]  ? __pfx_do_splice_direct+0x10/0x10
[  198.348084][ T8450]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  198.348104][ T8450]  ? bpf_lsm_file_permission+0x9/0x10
[  198.348123][ T8450]  ? security_file_permission+0x71/0x210
[  198.348144][ T8450]  ? rw_verify_area+0xcf/0x680
[  198.348163][ T8450]  do_sendfile+0xafd/0xe50
[  198.348187][ T8450]  ? __pfx_do_sendfile+0x10/0x10
[  198.348208][ T8450]  ? __fget_files+0x20e/0x3c0
[  198.348238][ T8450]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  198.348257][ T8450]  ? ksys_write+0x1b9/0x240
[  198.348271][ T8450]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  198.348288][ T8450]  ? rcu_is_watching+0x12/0xc0
[  198.348304][ T8450]  __do_fast_syscall_32+0x73/0x120
[  198.348323][ T8450]  do_fast_syscall_32+0x32/0x80
[  198.348343][ T8450]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  198.348359][ T8450] RIP: 0023:0xf7f61579
[  198.348369][ T8450] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  198.348382][ T8450] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  198.348397][ T8450] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000006
[  198.348405][ T8450] RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
[  198.348414][ T8450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  198.348422][ T8450] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  198.348430][ T8450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  198.348448][ T8450]  </TASK>
[  199.215674][ T8451] Falling back ldisc for ttynull.
[  199.353637][   T40] audit: type=1326 audit(1746255499.296:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8443 comm="syz.2.435" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0
[  199.948099][ T5941] Bluetooth: hci1: command tx timeout
[  200.651561][   T94] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  200.674094][   T94] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  200.685737][   T94] bond0 (unregistering): Released all slaves
[  201.075351][ T8445] chnl_net:caif_netlink_parms(): no params data found
[  202.038458][ T5941] Bluetooth: hci1: command tx timeout
[  202.691234][ T8445] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.696225][ T8445] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.701638][ T8445] bridge_slave_0: entered allmulticast mode
[  202.707978][ T8445] bridge_slave_0: entered promiscuous mode
[  202.996127][ T8445] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.001278][ T8445] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.017096][ T8445] bridge_slave_1: entered allmulticast mode
[  203.021917][ T8445] bridge_slave_1: entered promiscuous mode
[  204.110927][ T5941] Bluetooth: hci1: command tx timeout
[  204.971253][ T8445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  205.023071][ T8445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  205.112351][   T94] hsr_slave_0: left promiscuous mode
[  205.129264][   T94] hsr_slave_1: left promiscuous mode
[  205.152412][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  205.262494][   T94] batman_adv: batadv0: Removing interface: batadv_slave_0
[  205.331590][   T94] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  205.356759][   T94] batman_adv: batadv0: Removing interface: batadv_slave_1
[  205.680768][   T94] veth1_macvtap: left promiscuous mode
[  205.699835][   T94] veth0_macvtap: left promiscuous mode
[  205.702362][   T94] veth1_vlan: left promiscuous mode
[  205.722975][   T94] veth0_vlan: left promiscuous mode
[  206.194867][ T5941] Bluetooth: hci1: command tx timeout
[  206.992460][   T40] audit: type=1326 audit(1746255507.006:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8514 comm="syz.3.449" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f61579 code=0x0
[  208.867440][ T8532] netlink: 24 bytes leftover after parsing attributes in process `syz.1.452'.
[  209.323039][ T8531] hid-generic 0003:0627:0001.0001: pid 8531 passed too large report
[  210.384883][   T94] team0 (unregistering): Port device team_slave_1 removed
[  210.701330][   T94] team0 (unregistering): Port device team_slave_0 removed
[  212.854077][    C0] hrtimer: interrupt took 36254487 ns
[  213.672972][ T8445] team0: Port device team_slave_0 added
[  213.691140][ T8445] team0: Port device team_slave_1 added
[  214.894337][ T8445] batman_adv: batadv0: Adding interface: batadv_slave_0
[  214.927893][ T8445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  215.008658][ T8445] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  215.029425][ T8445] batman_adv: batadv0: Adding interface: batadv_slave_1
[  215.058133][ T8445] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  215.075972][ T8445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  215.360417][ T8445] hsr_slave_0: entered promiscuous mode
[  215.385253][ T8445] hsr_slave_1: entered promiscuous mode
[  215.388667][ T8445] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  215.391731][ T8445] Cannot create hsr debugfs directory
[  218.117296][   T40] audit: type=1326 audit(1746255518.126:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8592 comm="syz.3.462" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f61579 code=0x0
[  218.632564][ T8613] ubi31: attaching mtd0
[  218.641244][ T8613] ubi31: scanning is finished
[  218.644560][ T8613] ubi31: empty MTD device detected
[  218.934437][ T8613] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  218.940633][ T8613] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  218.949792][ T8613] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  218.953185][ T8613] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  218.959944][ T8613] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  219.044531][ T8613] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  219.052916][ T8613] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 404400615
[  219.097507][ T8613] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  219.137924][ T8615] ubi31: background thread "ubi_bgt31d" started, PID 8615
[  219.474752][ T8624] 9pnet_fd: Insufficient options for proto=fd
[  219.644315][ T5996] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  219.759954][ T8445] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  219.791470][ T8445] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  219.888656][ T5996] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  219.892850][ T5996] usb 6-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  219.899123][ T5996] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  219.904359][ T5996] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[  219.911366][ T8445] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  219.941257][ T5996] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[  219.967434][ T8445] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  219.976218][ T5996] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  220.001733][ T5996] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  220.006011][ T5996] usb 6-1: Product: syz
[  220.056195][ T5996] usb 6-1: Manufacturer: syz
[  220.093165][ T5996] cdc_wdm 6-1:1.0: skipping garbage
[  220.095607][ T5996] cdc_wdm 6-1:1.0: skipping garbage
[  220.099276][ T5996] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  220.276538][ T8445] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.373704][ T8445] 8021q: adding VLAN 0 to HW filter on device team0
[  220.392797][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.404527][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.572126][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.599555][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.730366][ T8445] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  220.735322][ T8445] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  221.332506][ T8445] 8021q: adding VLAN 0 to HW filter on device batadv0
[  221.557220][ T8445] veth0_vlan: entered promiscuous mode
[  221.688553][ T8445] veth1_vlan: entered promiscuous mode
[  221.777286][ T8445] veth0_macvtap: entered promiscuous mode
[  221.822841][ T8445] veth1_macvtap: entered promiscuous mode
[  221.958603][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.968609][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.974909][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.998408][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.019659][ T8445] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.068307][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.074713][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.087627][ T8445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.100609][ T8445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.111152][ T8445] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.142280][ T8445] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.147293][ T8445] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.188760][ T8445] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.207897][ T8445] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.704896][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  222.720707][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  222.795441][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  222.806976][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  224.159353][ T8700] 9p: Unknown Cache mode or invalid value 0ÿÿà
[  224.451045][   T34] usb 6-1: USB disconnect, device number 7
[  225.350631][ T1138] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.552178][ T1138] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.652288][ T1138] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.726659][ T1138] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  226.018118][ T1138] bridge_slave_1: left allmulticast mode
[  226.020904][ T1138] bridge_slave_1: left promiscuous mode
[  226.024534][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.157111][ T1138] bridge_slave_0: left allmulticast mode
[  226.185978][ T1138] bridge_slave_0: left promiscuous mode
[  226.204449][ T8715] FAULT_INJECTION: forcing a failure.
[  226.204449][ T8715] name failslab, interval 1, probability 0, space 0, times 0
[  226.204514][ T8715] CPU: 1 UID: 0 PID: 8715 Comm: syz.3.480 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[  226.204531][ T8715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  226.204539][ T8715] Call Trace:
[  226.204545][ T8715]  <TASK>
[  226.204550][ T8715]  dump_stack_lvl+0x16c/0x1f0
[  226.204575][ T8715]  should_fail_ex+0x512/0x640
[  226.204597][ T8715]  should_failslab+0xc2/0x120
[  226.204615][ T8715]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  226.204631][ T8715]  ? skb_clone+0x190/0x3f0
[  226.204648][ T8715]  skb_clone+0x190/0x3f0
[  226.204662][ T8715]  netlink_deliver_tap+0xabd/0xd30
[  226.204683][ T8715]  netlink_unicast+0x6b2/0x7f0
[  226.204702][ T8715]  ? __pfx_netlink_unicast+0x10/0x10
[  226.204724][ T8715]  netlink_ack+0x696/0xb80
[  226.204747][ T8715]  netlink_rcv_skb+0x347/0x440
[  226.204760][ T8715]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  226.204779][ T8715]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  226.204805][ T8715]  ? netlink_deliver_tap+0x1ae/0xd30
[  226.204824][ T8715]  xfrm_netlink_rcv+0x71/0x90
[  226.204838][ T8715]  netlink_unicast+0x53a/0x7f0
[  226.204855][ T8715]  ? __pfx_netlink_unicast+0x10/0x10
[  226.204875][ T8715]  netlink_sendmsg+0x8d1/0xdd0
[  226.204895][ T8715]  ? __pfx_netlink_sendmsg+0x10/0x10
[  226.204916][ T8715]  ? __import_iovec+0x1c8/0x660
[  226.204943][ T8715]  ____sys_sendmsg+0xa95/0xc70
[  226.204964][ T8715]  ? __pfx_____sys_sendmsg+0x10/0x10
[  226.204980][ T8715]  ? get_compat_msghdr+0x11a/0x170
[  226.205002][ T8715]  ___sys_sendmsg+0x134/0x1d0
[  226.205017][ T8715]  ? __pfx____sys_sendmsg+0x10/0x10
[  226.205054][ T8715]  __sys_sendmsg+0x16d/0x220
[  226.205067][ T8715]  ? __pfx___sys_sendmsg+0x10/0x10
[  226.205089][ T8715]  ? rcu_is_watching+0x12/0xc0
[  226.205105][ T8715]  __do_fast_syscall_32+0x73/0x120
[  226.205124][ T8715]  do_fast_syscall_32+0x32/0x80
[  226.205141][ T8715]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  226.205157][ T8715] RIP: 0023:0xf7f61579
[  226.205168][ T8715] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  226.205180][ T8715] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  226.205194][ T8715] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000840
[  226.205202][ T8715] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  226.205209][ T8715] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  226.205217][ T8715] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  226.205228][ T8715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  226.205245][ T8715]  </TASK>
[  226.430494][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.072163][ T5938] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  227.090586][ T5938] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  227.118200][ T5938] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  227.202069][ T5938] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  227.235733][ T5938] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  227.256533][ T8725] netlink: 52 bytes leftover after parsing attributes in process `syz.3.481'.
[  228.600801][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  228.654687][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  228.662764][ T1138] bond0 (unregistering): Released all slaves
[  229.398021][ T5938] Bluetooth: hci1: command tx timeout
[  229.975212][    C0] vkms_vblank_simulate: vblank timer overrun
[  230.227922][    C0] vkms_vblank_simulate: vblank timer overrun
[  230.474192][   T40] audit: type=1326 audit(1746255530.486:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8765 comm="syz.2.488" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f72579 code=0x0
[  230.493040][ T1138] hsr_slave_0: left promiscuous mode
[  230.612043][ T1138] hsr_slave_1: left promiscuous mode
[  230.615803][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  230.638152][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0
[  230.664193][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  230.667646][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1
[  230.787500][ T1138] veth1_macvtap: left promiscuous mode
[  230.795879][ T1138] veth0_macvtap: left promiscuous mode
[  230.822394][ T1138] veth1_vlan: left promiscuous mode
[  230.826547][ T1138] veth0_vlan: left promiscuous mode
[  231.230050][    C0] vkms_vblank_simulate: vblank timer overrun
[  231.429774][   T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  231.480206][ T5938] Bluetooth: hci1: command tx timeout
[  231.637555][   T10] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  231.646434][   T10] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  231.713793][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  231.720305][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  231.728021][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  231.740636][   T10] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  231.747008][   T10] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  231.751680][   T10] usb 6-1: Product: syz
[  231.753850][   T10] usb 6-1: Manufacturer: syz
[  231.789710][   T10] cdc_wdm 6-1:1.0: skipping garbage
[  231.830354][    C0] vkms_vblank_simulate: vblank timer overrun
[  231.833162][   T10] cdc_wdm 6-1:1.0: skipping garbage
[  231.855089][   T10] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  231.861998][   T10] cdc_wdm 6-1:1.0: Unknown control protocol
[  233.550880][ T5938] Bluetooth: hci1: command tx timeout
[  234.177465][   T10] usb 6-1: USB disconnect, device number 8
[  234.691572][ T1138] team0 (unregistering): Port device team_slave_1 removed
[  235.233006][ T8790] input: syz0 as /devices/virtual/input/input22
[  235.338953][ T1138] team0 (unregistering): Port device team_slave_0 removed
[  235.627917][ T5938] Bluetooth: hci1: command tx timeout
[  236.104696][ T8792] 9pnet_fd: Insufficient options for proto=fd
[  239.216680][ T8785] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  239.410585][ T8735] chnl_net:caif_netlink_parms(): no params data found
[  240.522335][ T8735] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.527953][ T8735] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.542775][ T8735] bridge_slave_0: entered allmulticast mode
[  240.650944][ T8735] bridge_slave_0: entered promiscuous mode
[  240.657070][ T8735] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.660615][ T8735] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.663868][ T8735] bridge_slave_1: entered allmulticast mode
[  240.669730][ T8735] bridge_slave_1: entered promiscuous mode
[  241.125853][ T8735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.136685][ T8735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.730389][ T8735] team0: Port device team_slave_0 added
[  241.735607][ T8735] team0: Port device team_slave_1 added
[  242.300822][ T8735] batman_adv: batadv0: Adding interface: batadv_slave_0
[  242.300839][ T8735] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.300857][ T8735] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  242.302224][ T8735] batman_adv: batadv0: Adding interface: batadv_slave_1
[  242.302237][ T8735] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.302257][ T8735] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  242.659415][ T8735] hsr_slave_0: entered promiscuous mode
[  242.691484][ T8735] hsr_slave_1: entered promiscuous mode
[  242.701759][ T8735] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  242.714487][ T8735] Cannot create hsr debugfs directory
[  242.809045][ T8844] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  242.812686][ T8844] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  242.830946][ T8844] vhci_hcd vhci_hcd.0: Device attached
[  242.839051][ T8847] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  243.033609][ T8844] netlink: 24 bytes leftover after parsing attributes in process `syz.2.502'.
[  243.046865][ T8845] vhci_hcd: connection closed
[  243.105133][   T67] vhci_hcd: stop threads
[  243.114992][   T67] vhci_hcd: release socket
[  243.119201][   T67] vhci_hcd: disconnect device
[  243.128066][ T5935] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[  243.135062][ T5935] usb 41-1: enqueue for inactive port 0
[  243.230013][ T5935] vhci_hcd: vhci_device speed not set
[  246.750444][ T8894] 9pnet_fd: Insufficient options for proto=fd
[  247.142749][ T8735] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  247.164972][ T8735] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  247.190941][ T8735] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  247.428565][ T8735] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  247.763833][ T8735] 8021q: adding VLAN 0 to HW filter on device bond0
[  247.803478][ T8735] 8021q: adding VLAN 0 to HW filter on device team0
[  248.159318][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.162116][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  248.180613][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.186713][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  248.283651][ T8735] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  248.305216][ T8735] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  248.652019][ T8735] 8021q: adding VLAN 0 to HW filter on device batadv0
[  248.787731][ T8735] veth0_vlan: entered promiscuous mode
[  248.806773][ T8735] veth1_vlan: entered promiscuous mode
[  248.852379][ T8735] veth0_macvtap: entered promiscuous mode
[  248.875899][ T8735] veth1_macvtap: entered promiscuous mode
[  248.956505][ T8735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  248.978284][ T8735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  249.001568][ T8735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  249.018180][ T8735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  249.045755][ T8735] batman_adv: batadv0: Interface activated: batadv_slave_0
[  249.082284][ T8735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  249.110890][ T8735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  249.124902][ T8735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  249.148096][ T8735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  249.156756][ T8735] batman_adv: batadv0: Interface activated: batadv_slave_1
[  249.205384][ T8735] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  249.212829][ T8735] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  249.220147][ T8735] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  249.223736][ T8735] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  250.009451][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  250.103998][ T8959] 9pnet_fd: Insufficient options for proto=fd
[  250.567466][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  250.983991][ T8966] 9p: Unknown Cache mode or invalid value fs
[  250.987464][ T8966] 9pnet: Tag 65535 still in use
[  250.993309][ T8966] ------------[ cut here ]------------
[  250.995358][ T8966] refcount_t: underflow; use-after-free.
[  250.997877][ T8966] WARNING: CPU: 3 PID: 8966 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
[  251.001738][ T8966] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  251.003535][ T8966] CPU: 3 UID: 0 PID: 8966 Comm: syz.3.521 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[  251.025120][ T8966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  251.040539][ T8966] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  251.047200][ T8966] Code: ff 89 de e8 58 18 ed fc 84 db 0f 85 66 ff ff ff e8 6b 1d ed fc c6 05 2f f9 9f 0b 01 90 48 c7 c7 60 17 f4 8b e8 67 fe ac fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 48 1d ed fc 0f b6 1d 0a f9 9f 0b 31
[  251.056249][ T8966] RSP: 0018:ffffc90003b2f9d0 EFLAGS: 00010282
[  251.059169][ T8966] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000d6e2000
[  251.064082][ T8966] RDX: 0000000000080000 RSI: ffffffff817a8f85 RDI: 0000000000000001
[  251.068150][ T8966] RBP: ffff88804ef6c888 R08: 0000000000000001 R09: 0000000000000000
[  251.071307][ T8966] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88804ef6c888
[  251.074885][ T8966] R13: ffff888023b30c00 R14: dffffc0000000000 R15: 1ffff92000765f45
[  251.080596][ T8966] FS:  0000000000000000(0000) GS:ffff888097aec000(0063) knlGS:00000000f5065b40
[  251.085409][ T8966] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  251.088806][ T8966] CR2: 000000000c2e0199 CR3: 0000000026042000 CR4: 0000000000352ef0
[  251.088890][ T8969] FAULT_INJECTION: forcing a failure.
[  251.088890][ T8969] name failslab, interval 1, probability 0, space 0, times 0
[  251.097731][ T8966] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  251.097760][ T8966] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  251.098191][ T8966] Call Trace:
[  251.098203][ T8966]  <TASK>
[  251.098215][ T8966]  p9_req_put+0x1ec/0x250
[  251.098255][ T8966]  p9_client_destroy+0x22b/0x480
[  251.098289][ T8966]  ? __pfx_p9_client_destroy+0x10/0x10
[  251.098324][ T8966]  ? rcu_is_watching+0x12/0xc0
[  251.098347][ T8966]  ? v9fs_session_init+0xd30/0x1a80
[  251.098369][ T8966]  v9fs_session_init+0xbab/0x1a80
[  251.098403][ T8966]  ? __pfx_v9fs_session_init+0x10/0x10
[  251.098446][ T8966]  v9fs_mount+0xc5/0xa30
[  251.098470][ T8966]  ? rcu_is_watching+0x12/0xc0
[  251.098489][ T8966]  ? __pfx_v9fs_mount+0x10/0x10
[  251.098517][ T8966]  ? apparmor_capable+0x114/0x1d0
[  251.098541][ T8966]  ? __pfx_v9fs_mount+0x10/0x10
[  251.098564][ T8966]  legacy_get_tree+0x109/0x220
[  251.098599][ T8966]  vfs_get_tree+0x8b/0x340
[  251.098623][ T8966]  path_mount+0x14d4/0x1f20
[  251.098648][ T8966]  ? kmem_cache_free+0x2d4/0x4d0
[  251.098665][ T8966]  ? __pfx_path_mount+0x10/0x10
[  251.098689][ T8966]  ? putname+0x154/0x1a0
[  251.098718][ T8966]  __ia32_sys_mount+0x28b/0x310
[  251.098743][ T8966]  ? __pfx___ia32_sys_mount+0x10/0x10
[  251.098764][ T8966]  ? syscall_user_dispatch+0x78/0x140
[  251.098797][ T8966]  ? rcu_is_watching+0x12/0xc0
[  251.098821][ T8966]  __do_fast_syscall_32+0x73/0x120
[  251.098854][ T8966]  do_fast_syscall_32+0x32/0x80
[  251.098882][ T8966]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  251.098907][ T8966] RIP: 0023:0xf7f61579
[  251.098926][ T8966] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  251.098947][ T8966] RSP: 002b:00000000f506555c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  251.098970][ T8966] RAX: ffffffffffffffda RBX: 00000000800001c0 RCX: 0000000080000480
[  251.098985][ T8966] RDX: 00000000800004c0 RSI: 0000000000200401 RDI: 0000000080000840
[  251.099000][ T8966] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  251.099012][ T8966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  251.099026][ T8966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  251.099051][ T8966]  </TASK>
[  251.099062][ T8966] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  251.099077][ T8966] CPU: 3 UID: 0 PID: 8966 Comm: syz.3.521 Not tainted 6.15.0-rc4-syzkaller-00208-g00b827f0cffa #0 PREEMPT(full) 
[  251.099102][ T8966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  251.099116][ T8966] Call Trace:
[  251.099124][ T8966]  <TASK>
[  251.099133][ T8966]  dump_stack_lvl+0x3d/0x1f0
[  251.099172][ T8966]  panic+0x71c/0x800
[  251.099203][ T8966]  ? __pfx_panic+0x10/0x10
[  251.099232][ T8966]  ? show_trace_log_lvl+0x29b/0x3e0
[  251.099265][ T8966]  ? refcount_warn_saturate+0x14a/0x210
[  251.099296][ T8966]  check_panic_on_warn+0xab/0xb0
[  251.099325][ T8966]  __warn+0xf6/0x3c0
[  251.099353][ T8966]  ? __pfx_vprintk_emit+0x10/0x10
[  251.099372][ T8966]  ? refcount_warn_saturate+0x14a/0x210
[  251.099404][ T8966]  report_bug+0x3c3/0x580
[  251.099429][ T8966]  ? refcount_warn_saturate+0x14a/0x210
[  251.099460][ T8966]  handle_bug+0x184/0x210
[  251.099490][ T8966]  exc_invalid_op+0x17/0x50
[  251.099521][ T8966]  asm_exc_invalid_op+0x1a/0x20
[  251.099541][ T8966] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  251.099572][ T8966] Code: ff 89 de e8 58 18 ed fc 84 db 0f 85 66 ff ff ff e8 6b 1d ed fc c6 05 2f f9 9f 0b 01 90 48 c7 c7 60 17 f4 8b e8 67 fe ac fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 48 1d ed fc 0f b6 1d 0a f9 9f 0b 31
[  251.099592][ T8966] RSP: 0018:ffffc90003b2f9d0 EFLAGS: 00010282
[  251.099609][ T8966] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000d6e2000
[  251.099622][ T8966] RDX: 0000000000080000 RSI: ffffffff817a8f85 RDI: 0000000000000001
[  251.099635][ T8966] RBP: ffff88804ef6c888 R08: 0000000000000001 R09: 0000000000000000
[  251.099648][ T8966] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88804ef6c888
[  251.099661][ T8966] R13: ffff888023b30c00 R14: dffffc0000000000 R15: 1ffff92000765f45
[  251.099684][ T8966]  ? __warn_printk+0x1a5/0x350
[  251.099718][ T8966]  p9_req_put+0x1ec/0x250
[  251.099745][ T8966]  p9_client_destroy+0x22b/0x480
[  251.099769][ T8966]  ? __pfx_p9_client_destroy+0x10/0x10
[  251.099793][ T8966]  ? rcu_is_watching+0x12/0xc0
[  251.099810][ T8966]  ? v9fs_session_init+0xd30/0x1a80
[  251.099833][ T8966]  v9fs_session_init+0xbab/0x1a80
[  251.099862][ T8966]  ? __pfx_v9fs_session_init+0x10/0x10
[  251.099945][ T8966]  v9fs_mount+0xc5/0xa30
[  251.099967][ T8966]  ? rcu_is_watching+0x12/0xc0
[  251.100055][ T8966]  ? __pfx_v9fs_mount+0x10/0x10
[  251.100083][ T8966]  ? apparmor_capable+0x114/0x1d0
[  251.100104][ T8966]  ? __pfx_v9fs_mount+0x10/0x10
[  251.100191][ T8966]  legacy_get_tree+0x109/0x220
[  251.100261][ T8966]  vfs_get_tree+0x8b/0x340
[  251.100325][ T8966]  path_mount+0x14d4/0x1f20
[  251.100345][ T8966]  ? kmem_cache_free+0x2d4/0x4d0
[  251.100435][ T8966]  ? __pfx_path_mount+0x10/0x10
[  251.100460][ T8966]  ? putname+0x154/0x1a0
[  251.100521][ T8966]  __ia32_sys_mount+0x28b/0x310
[  251.100577][ T8966]  ? __pfx___ia32_sys_mount+0x10/0x10
[  251.100595][ T8966]  ? syscall_user_dispatch+0x78/0x140
[  251.100694][ T8966]  ? rcu_is_watching+0x12/0xc0
[  251.100716][ T8966]  __do_fast_syscall_32+0x73/0x120
[  251.100778][ T8966]  do_fast_syscall_32+0x32/0x80
[  251.100839][ T8966]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  251.100861][ T8966] RIP: 0023:0xf7f61579
[  251.100933][ T8966] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  251.100952][ T8966] RSP: 002b:00000000f506555c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  251.100970][ T8966] RAX: ffffffffffffffda RBX: 00000000800001c0 RCX: 0000000080000480
[  251.101053][ T8966] RDX: 00000000800004c0 RSI: 0000000000200401 RDI: 0000000080000840
[  251.101067][ T8966] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  251.101078][ T8966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  251.101090][ T8966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  251.101187][ T8966]  </TASK>
[  251.102454][ T8966] Kernel Offset: disabled

VM DIAGNOSIS:
06:59:11  Registers:
info registers vcpu 0

CPU#0
EAX=ffffffff EBX=f73a2ff4 ECX=80000180 EDX=ffffffd4
ESI=00000000 EDI=00000000 EBP=00000000 ESP=f500d550
EIP=f70649f3 EFL=00000286 [--S--P-] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA]
SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 00000000 ffffffff 00c00000
GS =0063 f500db40 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 00000000 ffffffff 00c00000
TR =0040 00003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000056bc74c0 CR3=000000006cfa5000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff81aec201 RDX=ffff88801ee4a440
RSI=ffffffff81aec1ef RDI=0000000000000005 RBP=ffffc90003cb7bf0 RSP=ffffc90003cb7b20
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=1ffff92000796f68 R13=0000000000000000 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff81aec1f1 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978ec000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f9b0a748690 CR3=000000000b726000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fe020000 Opmask01=0000000000000004 Opmask02=000000000000001f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0302000100008881
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 75722f7261762f88
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a002075676f0087 868a898482818388
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030303030303030 3030303030303030 3030303030303030 3030303030303030
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7463676f6c6b0073 25203a6465747261 74732064676f6c6b 006e3a63000a0920
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4453575f5c5b0043 15100a5455444251 44431054575f5c5b 005e0a53000a0910
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000004f RBX=ffffc900072e3818 RCX=ffffffff8697108d RDX=1ffff11004b65b83
RSI=ffffffff8697109a RDI=ffff888025b2dc2a RBP=000000000000004f RSP=ffffc90003776e68
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=00000000ab10007c R13=dffffc0000000000 R14=ffff8880222a8000 R15=ffff888025b2dc00
RIP=ffffffff8697112f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fdc89178d00 000fffff 00000000
GS =0000 ffff8880979ec000 000fffff 00000000
LDT=0000 0000000000000000 000fffff 00000000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ffc508f3ff8 CR3=000000004fe82000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=cedf130acedf130a cedf130acedf130a cedf130acedf130a cedf130acedf130a cedf130acedf130a cedf130acedf130a cedf130acedf130a cedf130acedf130a
ZMM22=0ad3fd260ad3fd26 0ad3fd260ad3fd26 0ad3fd260ad3fd26 0ad3fd260ad3fd26 0ad3fd260ad3fd26 0ad3fd260ad3fd26 0ad3fd260ad3fd26 0ad3fd260ad3fd26
ZMM23=94a87e5894a87e58 94a87e5894a87e58 94a87e5894a87e58 94a87e5894a87e58 94a87e5894a87e58 94a87e5894a87e58 94a87e5894a87e58 94a87e5894a87e58
ZMM24=f518a4d8f518a4d8 f518a4d8f518a4d8 f518a4d8f518a4d8 f518a4d8f518a4d8 f518a4d8f518a4d8 f518a4d8f518a4d8 f518a4d8f518a4d8 f518a4d8f518a4d8
ZMM25=3194716331947163 3194716331947163 3194716331947163 3194716331947163 3194716331947163 3194716331947163 3194716331947163 3194716331947163
ZMM26=9734593c9734593c 9734593c9734593c 9734593c9734593c 9734593c9734593c 9734593c9734593c 9734593c9734593c 9734593c9734593c 9734593c9734593c
ZMM27=ccf867ccccf867cc ccf867ccccf867cc ccf867ccccf867cc ccf867ccccf867cc ccf867ccccf867cc ccf867ccccf867cc ccf867ccccf867cc ccf867ccccf867cc
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=1905000019050000 1905000019050000 1905000019050000 1905000019050000 1905000019050000 1905000019050000 1905000019050000 1905000019050000
info registers vcpu 3

CPU#3
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854c0375 RDI=ffffffff9addfbc0 RBP=ffffffff9addfb80 RSP=ffffc90003b2f378
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9addfb80 R15=ffffffff854c0310
RIP=ffffffff854c039f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097aec000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2e0199 CR3=0000000026042000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000