last executing test programs:

23.155503806s ago: executing program 0 (id=2190):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f00000001c0)=0x6)
readv(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/97, 0x61}], 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b7020000b02300ffbfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x702, 0xe, 0x0, &(0x7f0000000580)="e460334470d8d400eb00c152869d", 0x0, 0x7fff, 0x0, 0x0, 0xffffffffffffff31, 0x0, 0x0}, 0x4c)

22.314127269s ago: executing program 0 (id=2199):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0xfffffe98, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c00028005000100f5000000080007400000000010001700000000000000000000000000100016"], 0x84}}, 0x0)

22.26526773s ago: executing program 0 (id=2200):
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@rights={{0x10, 0x1, 0x1, [r2]}}], 0x10}, 0x0)
recvmmsg$unix(r2, &(0x7f0000000f40)=[{{&(0x7f00000000c0)=@abs, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/146}], 0x0, &(0x7f0000000280)=[@rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred, @cred, @cred, @cred, @cred, @cred, @rights]}}, {{&(0x7f0000000340), 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)=""/111}], 0x0, &(0x7f0000000480)=[@rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights]}}, {{&(0x7f0000000540)=@abs, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000640)=""/28}, {&(0x7f0000000680)=""/18}], 0x0, &(0x7f0000000700)=[@rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred, @rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred]}}, {{&(0x7f0000000780), 0x0, &(0x7f0000000e00)=[{&(0x7f0000000800)=""/190}, {&(0x7f00000008c0)=""/64}, {&(0x7f0000000900)=""/99}, {&(0x7f0000000980)=""/222}, {&(0x7f0000000a80)=""/224}, {&(0x7f0000000b80)=""/4}, {&(0x7f0000000bc0)=""/237}, {&(0x7f0000000cc0)=""/60}, {&(0x7f0000000d00)=""/226}], 0x0, &(0x7f0000000e80)=[@cred, @rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred]}}], 0x7e4, 0x2, 0x0) (fail_nth: 58)

21.905731416s ago: executing program 0 (id=2207):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x14e15, 0x20802}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}]}, 0x44}}, 0x20040840) (fail_nth: 1)

21.905318892s ago: executing program 0 (id=2209):
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x30}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000240))
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0)
r3 = syz_io_uring_setup(0x7da5, &(0x7f0000000500)={0x0, 0xfffffffd, 0x0, 0xfffffffe}, &(0x7f0000000000), &(0x7f0000000000))
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = dup2(r3, r4)
sendmsg$TIPC_NL_LINK_GET(r5, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x44, 0x0, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x10}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x40}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40050}, 0x20000000)
io_uring_register$IORING_UNREGISTER_FILES(r5, 0x3, 0x0, 0x1f)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r5, 0x4068aea3, &(0x7f0000000080)={0xc7, 0x0, 0x1})

21.775694613s ago: executing program 0 (id=2211):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000440))
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r1)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000200)={'ip6_vti0\x00', <r3=>0x0, 0x4, 0x7, 0x4, 0x5, 0x1, @empty, @loopback, 0x80, 0x8000, 0x0, 0x8}})
getpeername$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000002c0)=0x14)
r5 = socket$inet6(0xa, 0x2, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r6=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r5, 0x29, 0x32, &(0x7f0000000140)={@private2={0xfc, 0x2, '\x00', 0x1}, r6}, 0x14)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000480)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)={0x9c, r2, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0xffffffffffffff71, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x0, 0x2, 'veth0_to_bond\x00'}]}, @HEADER={0x4}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4044841}, 0x1)
r7 = socket(0x1d, 0x2, 0x6)
mknod$loop(&(0x7f0000000040)='./file0\x00', 0xc000, 0x1)
mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x1ff)

6.649440433s ago: executing program 32 (id=2211):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000440))
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r1)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000200)={'ip6_vti0\x00', <r3=>0x0, 0x4, 0x7, 0x4, 0x5, 0x1, @empty, @loopback, 0x80, 0x8000, 0x0, 0x8}})
getpeername$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000002c0)=0x14)
r5 = socket$inet6(0xa, 0x2, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r6=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r5, 0x29, 0x32, &(0x7f0000000140)={@private2={0xfc, 0x2, '\x00', 0x1}, r6}, 0x14)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000480)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)={0x9c, r2, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0xffffffffffffff71, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x0, 0x2, 'veth0_to_bond\x00'}]}, @HEADER={0x4}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4044841}, 0x1)
r7 = socket(0x1d, 0x2, 0x6)
mknod$loop(&(0x7f0000000040)='./file0\x00', 0xc000, 0x1)
mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x1ff)

3.730282565s ago: executing program 4 (id=2297):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioprio_get$uid(0x2, 0x0) (async)
ioprio_get$uid(0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420804000001090238000100000000090400000544fb2f00090582eb3000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r2}, 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES64=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0) (async)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0xc0ed0000, &(0x7f00000007c0)='usrquota')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f0000000580)=0x100000001, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, 0x0, 0x0) (async)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00dbe2e5790dd152e100"/28], 0x67) (async)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00dbe2e5790dd152e100"/28], 0x67)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000000010000b7080000000000007b8af8ff00000000ad080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r6, 0x0, 0xe, 0x0, &(0x7f0000000080)="00faff0f0001eeff7f6faf9a1e4d", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r7}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r7}, 0x10)
r8 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r8, 0x0, 0x0) (async)
syz_usb_control_io$hid(r8, 0x0, 0x0)
syz_usb_control_io$hid(r8, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000008c0)={0x0, 0x22, 0x63}, 0x0}, 0x0) (async)
syz_usb_control_io$hid(r8, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000008c0)={0x0, 0x22, 0x63}, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$BTRFS_IOC_TREE_SEARCH(r9, 0x890b, &(0x7f0000001d00)={{0x0, 0x200000002}}) (async)
ioctl$BTRFS_IOC_TREE_SEARCH(r9, 0x890b, &(0x7f0000001d00)={{0x0, 0x200000002}})
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f0000000100)=[0x2000a, 0x2ff]) (async)
ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f0000000100)=[0x2000a, 0x2ff])
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000013c0)=ANY=[@ANYBLOB="1c000000180009000000000000000000020000000000000117b76e"], 0x1c}}, 0x0)

3.405690371s ago: executing program 2 (id=2298):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
r1 = syz_open_dev$sndpcmc(&(0x7f0000001800), 0x1, 0x20080)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r1, 0xc0884123, &(0x7f0000001840)={0x1, "3dba1ae023b40a2f8fc6fe5cef4c0ac9d94581e617e2bf8279933b9ea1cc1ef986462fdf92b30f220382b2dbefa52971af1bf19862302bb2fbf48a9c3cdb2e38", {0x77c4, 0x5}})
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4535, 0x10100, 0x7, 0x0, 0x0, r2}, &(0x7f0000000080)=<r4=>0x0, &(0x7f0000000340)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r7 = fcntl$dupfd(r6, 0x0, r6)
readv(r7, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x88}], 0x1)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0x18, &(0x7f0000000100)=0xc, 0x4)
r9 = socket(0x1, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r10=>0x0})
sendto$packet(r8, &(0x7f00000001c0)="ff008400e01980000200977635e4e79cd34cbabe000800890800348157b1115c4f94454c0600e5c16c92063d5dae253089f3419235f1a43c89962cc88d125ebe9ac8ed6f12a4beb57268b178e40c596607a0eab9d4c45506422da1bb64dc8a7879a155bf33a13de86e58347d96eb4ea1ee0ac55d3ed9cf861e20d60e6893fe61681e5a9d1056a39f6db6573f58e9c2e1", 0x90, 0x0, &(0x7f0000000140)={0x11, 0x0, r10}, 0x14)
pipe(&(0x7f0000000040))
io_setup(0x3ff, &(0x7f0000000500))
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f0000000940), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r11, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x24, r12, 0x1, 0x0, 0x0, {{}, {0x0, 0x400b}, {0x8}}}, 0x24}}, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])

2.444846776s ago: executing program 2 (id=2304):
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@rights={{0x10, 0x1, 0x1, [r2]}}], 0x10}, 0x0)
recvmmsg$unix(r2, &(0x7f0000000f40)=[{{&(0x7f00000000c0)=@abs, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/146}], 0x0, &(0x7f0000000280)=[@rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred, @cred, @cred, @cred, @cred, @cred, @rights]}}, {{&(0x7f0000000340), 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)=""/111}], 0x0, &(0x7f0000000480)=[@rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights, @rights]}}, {{&(0x7f0000000540)=@abs, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000640)=""/28}, {&(0x7f0000000680)=""/18}], 0x0, &(0x7f0000000700)=[@rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred, @rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred]}}, {{&(0x7f0000000780), 0x0, &(0x7f0000000e00)=[{&(0x7f0000000800)=""/190}, {&(0x7f00000008c0)=""/64}, {&(0x7f0000000900)=""/99}, {&(0x7f0000000980)=""/222}, {&(0x7f0000000a80)=""/224}, {&(0x7f0000000b80)=""/4}, {&(0x7f0000000bc0)=""/237}, {&(0x7f0000000cc0)=""/60}, {&(0x7f0000000d00)=""/226}], 0x0, &(0x7f0000000e80)=[@cred, @rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred]}}], 0x7e4, 0x2, 0x0) (fail_nth: 60)

2.385083348s ago: executing program 3 (id=2305):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f00)=[{{&(0x7f0000000300)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000100)='k', 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e23, 0x4, @local, 0x6}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000080)="b6", 0x1}], 0x1}}], 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='contention_end\x00', r1}, 0x18)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r3, 0x89e3, &(0x7f0000000100)={0x34, 0x0, 0x9, 0xc, 0x0, 0x81})
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000380)='source\xcf\x87\x86\x1bY\x0f\xde\xd6\xcd\xc0\x01\xd3\x19>K\x04\xfe\x86YG\xa5\x0f\xed\xa0\x9f\x1e\x14R\x9e\x04\xfa\xed\xd0TG&\x88\xeaz\x9aD\xf8Tt\x8c\x00{\x1fm\xfe\x9c\xf6_h\x9e\xfc\'', &(0x7f00000001c0)='sou\x01ce', 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0x9, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f00000003c0)="0b036800e0ff64000200475400f6a13bb10000000800884848", 0x19, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f0000000340)={{0x2, 0x0, @broadcast}, {0x0, @link_local}, 0xa, {0x2, 0x800, @multicast2}, 'wg0\x00'})
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e2a, @broadcast}, {0x0, @remote}, 0x4a, {}, 'veth1_to_bridge\x00'})
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000140), 0x0, 0x50400)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast1}}}, 0x84)
setsockopt$inet_MCAST_MSFILTER(r7, 0x0, 0x30, &(0x7f0000000c00)=ANY=[@ANYBLOB="0200000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffec00"/140], 0x8c)
r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x141000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r8, 0xc1105511, &(0x7f0000000140)={0x5, 0x1, 0x1, 0x1, '\x00', 0xfffffffd})
madvise(&(0x7f0000cd0000/0x4000)=nil, 0xffffffffdf32ffff, 0x16)
ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000200)={"1701d517", 0x3, 0x9, 0x1, 0x200002, 0xfffffffc, "f9a927627a359827fdc4ed7cb20708", "0600000b", "314391b4", "aa04df4e", ["e4e7d0b3748a08eb4117a58f", "a42a5eb8b07a660e2a22038e", "18a00d0d3106bcc3d300", "d89c2b9ee90029dabfd3b81a"]})

2.324584958s ago: executing program 4 (id=2306):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0xffff45c1, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {0x9}, {0x1}, {}, {0xfffffffa, 0x6}, {}, {0x0, 0x4}], 0x0, 0x0, 0x8, 0x0, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioperm(0x8, 0x7, 0x1)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000)
r2 = dup2(r1, r1)
read$msr(r2, &(0x7f00000002c0)=""/215, 0xd7)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETSHIFTSTATE(r3, 0x541c, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'erspan0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}]}}]}, 0x3c}}, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)

2.115265096s ago: executing program 1 (id=2307):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x2b, 0x803, 0x8)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000880)=@nat={'nat\x00', 0x1b, 0x5, 0x4a4, 0x280, 0x0, 0xffffffff, 0x280, 0x134, 0x4d4, 0x4d4, 0xffffffff, 0x4d4, 0x4d4, 0x5, 0x0, {[{{@ipv6={@mcast1, @loopback, [0xffffffff, 0xffffff00, 0x0, 0xffffff00], [0xffffffff, 0xff000000, 0xffffffff, 0xff000000], 'veth0_vlan\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x6c, 0x2, 0x2, 0x42}, 0x0, 0xa4, 0xe4}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "520015714fa97d0a9bebca1a461a54dccfd1fc9242ba4206ad9303eadcc0"}}}, {{@uncond, 0x0, 0xa4, 0xec}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x5, @ipv4=@multicast2, @ipv4=@empty, @icmp_id=0x67, @gre_key=0x5}}}, {{@ipv6={@private0, @private0, [0xffffffff, 0xffffffff, 0xffffff00, 0xffffff00], [0xffffff00, 0xff000000, 0xff000000, 0xff], 'syzkaller0\x00', 'rose0\x00', {0xff}, {}, 0x2b, 0x0, 0x2, 0x1}, 0x0, 0xa4, 0xec}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x3, @ipv4=@remote, @ipv4=@broadcast, @icmp_id=0x66, @port=0x4e23}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@unspec=@owner={{0x34}, {0x0, 0x0, 0x0, 0x0, 0x1, 0x2}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x12, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @gre_key=0x5, @gre_key=0x6}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x500)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
io_setup(0x3, &(0x7f00000003c0)=<r6=>0x0)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_COPY(r7, 0xc028aa03, &(0x7f0000000140)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x2000, 0x1})
io_submit(r6, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
setsockopt$inet6_int(r4, 0x29, 0x46, 0x0, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000100)=0x9, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e23, 0xc, @mcast1}, 0x1c)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r8, @ANYRES8], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c00000010001fff109e00008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000440012800b00010067656e6576650000340002800500030003000000060005004e20000005000400ab000000050009000100000005000a0001000000050009000100000008000a00", @ANYRES32=r8], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

1.832651877s ago: executing program 1 (id=2308):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x10, 0x1407, 0x801}, 0x10}}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/mdstat\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.766103628s ago: executing program 1 (id=2309):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x10, 0x1407, 0x801}, 0x10}}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/mdstat\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.76314374s ago: executing program 1 (id=2310):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0xffff45c1, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {0x9}, {0x1}, {}, {0xfffffffa, 0x6}, {}, {0x0, 0x4}], 0x0, 0x0, 0x8, 0x0, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioperm(0x8, 0x7, 0x1)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000)
r2 = dup2(r1, r1)
read$msr(r2, &(0x7f00000002c0)=""/215, 0xd7)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETSHIFTSTATE(r3, 0x541c, &(0x7f0000000300)={0x6, 0x9f})
close_range(r1, 0xffffffffffffffff, 0x0)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'erspan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}]}}]}, 0x3c}}, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)

1.628677746s ago: executing program 2 (id=2311):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r1 = gettid()
prctl$PR_SCHED_CORE(0x3e, 0x4, r1, 0x0, &(0x7f0000000000))
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r2, 0x400, 0x2)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000002c0)=<r3=>0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000340)={{0x7, 0x4, 0x6, 0x0, 'syz0\x00', 0x1d5b}, 0x0, 0x4, 0x5, r3, 0x6, 0x6, 'syz0\x00', &(0x7f0000000300)=['cdg\x00', 'cdg\x00', '\'(\x00', '!\x00', '\x00', '\x00'], 0xf})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4)
timer_create(0x4, &(0x7f0000000240)={0x0, 0x11, 0x2, @thr={&(0x7f0000000080)="700ee47ed64b445f1aff6b6932301ce229e26e74b7c93c75e913f1f13d83a3e23efbe7679a95e9d427a341b9b4cdbf52d386de79eea8a33ae42d3e5b22e01ccbb19348e35873bb9294172d666fcdc842dc0f4f5c8de4bce1e36e527f58a7433da43291295ac9f1b4047ddd221ea64def756b910f78c18625873c23fd23be061949967e376d9cc605cd0082295982e5709f74820cfe96d7f75f4035f9a561c0ddeb7dfc05e766b75ff588be594dade02fb5abfb6dabce54da2fbc2d8404a4", &(0x7f0000000140)="57060a731130ac229fd39ad9b6531117dfb69a2791e831d4be4b05db11e1199a420b711f5bc490220d570a6cd5a3280ee2c407802526d2d80645c6705a94ddd748f5626ef986faa0f51b212f184f7ca79a9a33bb466c8a29d9f2508682af646a1596917eda46dab722a70b92d09d943168383d79170c293bb8db9d39f560fcf4a71273f5759dffdb9e5a8471d79a44bd62fe7fbea8a44de7f1959d91b5156a6005fa99d75e9067e42b0612b51e3890b4a4dafd350e3b95bcf9b54c38d0132facc3cafbd263039bceba99df9e7801d72b4e72f21d6d86352b8c"}}, &(0x7f0000000280))

1.625855084s ago: executing program 4 (id=2312):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
r1 = syz_open_dev$sndpcmc(&(0x7f0000001800), 0x1, 0x20080)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r1, 0xc0884123, &(0x7f0000001840)={0x1, "3dba1ae023b40a2f8fc6fe5cef4c0ac9d94581e617e2bf8279933b9ea1cc1ef986462fdf92b30f220382b2dbefa52971af1bf19862302bb2fbf48a9c3cdb2e38", {0x77c4, 0x5}})
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4535, 0x10100, 0x7, 0x0, 0x0, r2}, &(0x7f0000000080)=<r4=>0x0, &(0x7f0000000340)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r7 = fcntl$dupfd(r6, 0x0, r6)
readv(r7, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x88}], 0x1)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0x18, &(0x7f0000000100)=0xc, 0x4)
r9 = socket(0x1, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r10=>0x0})
sendto$packet(r8, &(0x7f00000001c0)="ff008400e01980000200977635e4e79cd34cbabe000800890800348157b1115c4f94454c0600e5c16c92063d5dae253089f3419235f1a43c89962cc88d125ebe9ac8ed6f12a4beb57268b178e40c596607a0eab9d4c45506422da1bb64dc8a7879a155bf33a13de86e58347d96eb4ea1ee0ac55d3ed9cf861e20d60e6893fe61681e5a9d1056a39f6db6573f58e9c2e1", 0x90, 0x0, &(0x7f0000000140)={0x11, 0x0, r10}, 0x14)
pipe(&(0x7f0000000040))
io_setup(0x3ff, &(0x7f0000000500))
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f0000000940), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r11, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x24, r12, 0x1, 0x0, 0x0, {{}, {0x0, 0x400b}, {0x8}}}, 0x24}}, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])

1.455041252s ago: executing program 3 (id=2313):
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000a0000730100000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)

1.45471785s ago: executing program 3 (id=2314):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x4000)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0), 0x0, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r1, 0x0, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="1400000010000100000000a90000fffffff5000a20000000000a01010000000000000000020000000900010073797a300000000048000000030a01010000000000000000020000000900010073797a30000000000900030073797a3200000000080007006e617400140004800800014000000000080002400000000014000000020a010800000000000000000000000014000000"], 0xa4}, 0x1, 0x0, 0x0, 0xc824}, 0x0)

1.165633019s ago: executing program 3 (id=2315):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)=@bridge_delvlan={0x60, 0x71, 0x20, 0x70bd25, 0x25dfdbff, {0x7, 0x0, 0x0, r1}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x4}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xe}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x5}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xe}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x5, 0x2}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5}}]}, 0x60}, 0x1, 0xba01}, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r5, 0x1, {}, 0xff}, 0x18)
sendmsg$can_j1939(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x1d, 0x0, 0x0, {0x33455f3bf40dd4e0, 0x1, 0xffffffffffffffff}, 0xfe}, 0x18, &(0x7f0000000200)={0x0, 0x1e}, 0x4, 0x0, 0x0, 0x4c014}, 0x40008c1)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
r7 = socket(0x28, 0x5, 0x0)
r8 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r8, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r8, 0x4)
connect$vsock_stream(r7, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmmsg(r7, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0)
r9 = accept4$unix(r8, 0x0, 0x0, 0x800)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r10, 0x0)
recvfrom$unix(r9, &(0x7f0000000140)=""/248, 0xffffffffffffff6f, 0x22, 0x0, 0x0)
bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000380)='signal_generate\x00', r11}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
sendmsg$can_j1939(r6, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000003c0)="4dfb04f0d556f1327da4b2dd4d24", 0xe}}, 0xee)
close(r6)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000280)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@gettfilter={0x2c, 0x2e, 0x800, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r12, {0x0, 0x7}, {0xb, 0xf}, {0x3, 0x3}}, [{0x8, 0xb, 0x8}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0xc4)

1.101278983s ago: executing program 2 (id=2316):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0xffff45c1, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {0x9}, {0x1}, {}, {0xfffffffa, 0x6}, {}, {0x0, 0x4}], 0x0, 0x0, 0x8, 0x0, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioperm(0x8, 0x7, 0x1)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000)
r2 = dup2(r1, r1)
read$msr(r2, &(0x7f00000002c0)=""/215, 0xd7)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETSHIFTSTATE(r3, 0x541c, &(0x7f0000000300)={0x6, 0x9f})
close_range(r1, 0xffffffffffffffff, 0x0)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}]}}]}, 0x3c}}, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)

737.254172ms ago: executing program 1 (id=2317):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x10, 0x1407, 0x801}, 0x10}}, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/mdstat\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

644.766473ms ago: executing program 1 (id=2318):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
sendmmsg(r1, &(0x7f0000002f00)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)="85", 0x1}], 0x1}}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000003bc0)=[{&(0x7f0000003a00)=""/190, 0xbe}], 0x1}}], 0x1, 0x40000121, 0x0)
fcntl$setsig(r0, 0xa, 0x13)
fcntl$setlease(r0, 0x400, 0x0)
timer_create(0x7, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x101442, 0x0)
r5 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x8})
io_uring_enter(r5, 0x207a98, 0x0, 0x0, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

325.125556ms ago: executing program 4 (id=2319):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001140)={0x18, 0x3, &(0x7f0000001200)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000000000008000700", @ANYRES32, @ANYBLOB="08000400000000000c0003000000000000000000080005000000000008000100", @ANYRES32=0x0, @ANYBLOB="0800020000000000060006"], 0x50}}, 0x0)

324.920378ms ago: executing program 3 (id=2320):
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x6, 0x4, &(0x7f00000009c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xdffff963}, [@call={0x85, 0x0, 0x0, 0xa0}], {0x95, 0x0, 0x0, 0x9f}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

232.493933ms ago: executing program 3 (id=2321):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f00)=[{{&(0x7f0000000300)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000100)='k', 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e23, 0x4, @local, 0x6}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000080)="b6", 0x1}], 0x1}}], 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='contention_end\x00', r1}, 0x18)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r3, 0x89e3, &(0x7f0000000100)={0x34, 0x0, 0x9, 0xc, 0x0, 0x81})
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000380)='source\xcf\x87\x86\x1bY\x0f\xde\xd6\xcd\xc0\x01\xd3\x19>K\x04\xfe\x86YG\xa5\x0f\xed\xa0\x9f\x1e\x14R\x9e\x04\xfa\xed\xd0TG&\x88\xeaz\x9aD\xf8Tt\x8c\x00{\x1fm\xfe\x9c\xf6_h\x9e\xfc\'', &(0x7f00000001c0)='sou\x01ce', 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0x9, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f00000003c0)="0b036800e0ff64000200475400f6a13bb10000000800884848", 0x19, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f0000000340)={{0x2, 0x0, @broadcast}, {0x0, @link_local}, 0xa, {0x2, 0x800, @multicast2}, 'wg0\x00'})
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e2a, @broadcast}, {0x0, @remote}, 0x4a, {}, 'veth1_to_bridge\x00'})
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$cec(&(0x7f0000000140), 0x0, 0x50400)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast1}}}, 0x84)
setsockopt$inet_MCAST_MSFILTER(r7, 0x0, 0x30, &(0x7f0000000c00)=ANY=[@ANYBLOB="0200000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffec00"/140], 0x8c)
r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x141000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r8, 0xc1105511, &(0x7f0000000140)={0x5, 0x1, 0x1, 0x1, '\x00', 0xfffffffd})
madvise(&(0x7f0000cd0000/0x4000)=nil, 0xffffffffdf32ffff, 0x16)
ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000200)={"1701d517", 0x3, 0x9, 0x1, 0x200002, 0xfffffffc, "f9a927627a359827fdc4ed7cb20708", "0600000b", "314391b4", "aa04df4e", ["e4e7d0b3748a08eb4117a58f", "a42a5eb8b07a660e2a22038e", "18a00d0d3106bcc3d300", "d89c2b9ee90029dabfd3b81a"]})

232.208913ms ago: executing program 4 (id=2322):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f0000000580)={0x0, 0x8c1, 0x80, 0x20203843, 0x3, [0x2], [0x810003, 0x0, 0xf], [0x5, 0x0, 0xffffffff, 0x46], [0x400000000000001, 0x0, 0x0, 0x1]})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030500000000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="154e010002080200180012800b00010065727370616e000008000280040012000a000100aaaaaaaaaa3e00006793d29c2160ae711c7a276a43eebdaf220b12608833aa40f6cefe7b6918509feef38a2d4b004d1e8dcc01235cffaca86c402d857ece39bf245dd31482a934320b0dcb12d776a73e046518ea645ec271c66beb0c508ef8b72137d0c2"], 0x44}}, 0x20040840)

218.094263ms ago: executing program 2 (id=2323):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0xffff45c1, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {0x9}, {0x1}, {}, {0xfffffffa, 0x6}, {}, {0x0, 0x4}], 0x0, 0x0, 0x8, 0x0, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
r1 = dup2(r0, r0)
read$msr(r1, &(0x7f00000002c0)=""/215, 0xd7)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000200)=0x4)

124.918414ms ago: executing program 4 (id=2324):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000001340)={{0xfffffffe, 0x4, 0x0, 0x0, 'syz0\x00', 0x100}, 0x3, 0x0, 0x8, 0x0, 0x0, 0x4, 'syz1\x00', &(0x7f0000000180)})
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x9}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x63, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x84}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r6 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e24, 0x2, @rand_addr=' \x01\x00', 0x6}, 0x1c)
prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0)
setreuid(0x0, 0xee00)
inotify_init()
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[], 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r7, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=2325):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
r1 = dup2(r0, r0)
setreuid(0x0, 0xee01)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
close_range(r3, 0xffffffffffffffff, 0x0)
unshare(0x8000600)
read$msr(r1, &(0x7f00000002c0)=""/215, 0xd7)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x200)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r5, 0x408c5333, &(0x7f0000000180)={0x3, 0x7fff, 0x1, 'queue1\x00', 0x3})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000200)=0x4)

kernel console output (not intermixed with test programs):

 (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  269.089979][T12067] Call Trace:
[  269.089983][T12067]  <TASK>
[  269.089987][T12067]  dump_stack_lvl+0x16c/0x1f0
[  269.090008][T12067]  should_fail_ex+0x512/0x640
[  269.090025][T12067]  _copy_to_user+0x32/0xd0
[  269.090040][T12067]  simple_read_from_buffer+0xcb/0x170
[  269.090056][T12067]  proc_fail_nth_read+0x197/0x270
[  269.090070][T12067]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  269.090084][T12067]  ? rw_verify_area+0xcf/0x680
[  269.090098][T12067]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  269.090111][T12067]  vfs_read+0x1de/0xc70
[  269.090122][T12067]  ? __pfx___mutex_lock+0x10/0x10
[  269.090135][T12067]  ? __pfx_vfs_read+0x10/0x10
[  269.090147][T12067]  ? __fget_files+0x20e/0x3c0
[  269.090166][T12067]  ksys_read+0x12a/0x240
[  269.090175][T12067]  ? __pfx_ksys_read+0x10/0x10
[  269.090182][T12067]  ? rcu_is_watching+0x12/0xc0
[  269.090193][T12067]  ? rcu_is_watching+0x12/0xc0
[  269.090203][T12067]  __do_fast_syscall_32+0x73/0x120
[  269.090218][T12067]  do_fast_syscall_32+0x32/0x80
[  269.090231][T12067]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  269.090244][T12067] RIP: 0023:0xf704e579
[  269.090252][T12067] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  269.090262][T12067] RSP: 002b:00000000f501d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  269.090271][T12067] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f501d620
[  269.090278][T12067] RDX: 000000000000000f RSI: 00000000f73b2ff4 RDI: 0000000000000000
[  269.090283][T12067] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  269.090288][T12067] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  269.090294][T12067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  269.090305][T12067]  </TASK>
[  269.374790][ T4430] page_pool_release_retry() stalled pool shutdown: id 26, 51 inflight 121 sec
[  269.679306][T12081] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1605'.
[  269.717195][T12081] wireguard0: entered promiscuous mode
[  269.718917][T12081] wireguard0: entered allmulticast mode
[  270.768603][ T4430] usb 5-1: USB disconnect, device number 11
[  270.879954][T12098] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1610'.
[  270.882802][T12098] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1610'.
[  270.940900][T12107] Cannot find set identified by id 0 to match
[  271.425671][T12122] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1617'.
[  271.428610][T12122] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1617'.
[  272.388024][T12147] netlink: 'syz.1.1621': attribute type 4 has an invalid length.
[  272.408674][T12147] netlink: 'syz.1.1621': attribute type 4 has an invalid length.
[  272.424985][   T29] lo speed is unknown, defaulting to 1000
[  272.427190][   T29] lo speed is unknown, defaulting to 1000
[  272.616603][T12151] xt_hashlimit: max too large, truncated to 1048576
[  272.619099][T12151] Cannot find set identified by id 0 to match
[  272.788341][T12159] ipvlan0: entered allmulticast mode
[  272.790733][T12159] dummy0: entered allmulticast mode
[  272.859561][T12167] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1631'.
[  272.862515][T12167] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1631'.
[  272.957746][T12165] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  272.960589][T12165] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  272.963599][T12165] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  272.966306][T12165] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  273.296552][T12178] block nbd1: shutting down sockets
[  273.944648][   T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  273.974827][T12195] FAULT_INJECTION: forcing a failure.
[  273.974827][T12195] name failslab, interval 1, probability 0, space 0, times 0
[  273.978801][T12195] CPU: 1 UID: 0 PID: 12195 Comm: syz.2.1636 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  273.978815][T12195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  273.978835][T12195] Call Trace:
[  273.978839][T12195]  <TASK>
[  273.978843][T12195]  dump_stack_lvl+0x16c/0x1f0
[  273.978860][T12195]  should_fail_ex+0x512/0x640
[  273.978875][T12195]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  273.978889][T12195]  should_failslab+0xc2/0x120
[  273.978901][T12195]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  273.978913][T12195]  ? __skb_datagram_iter+0x1a8/0x8c0
[  273.978926][T12195]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  273.978940][T12195]  ? scm_fp_dup+0x63/0x440
[  273.978950][T12195]  kmemdup_noprof+0x29/0x60
[  273.978963][T12195]  scm_fp_dup+0x63/0x440
[  273.978973][T12195]  __unix_dgram_recvmsg+0xa2c/0xee0
[  273.978997][T12195]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[  273.979015][T12195]  ? __lock_acquire+0xaa4/0x1ba0
[  273.979034][T12195]  unix_dgram_recvmsg+0xd0/0x110
[  273.979049][T12195]  ____sys_recvmsg+0x5f6/0x6b0
[  273.979065][T12195]  ? __pfx_____sys_recvmsg+0x10/0x10
[  273.979077][T12195]  ? import_iovec+0x86/0xb0
[  273.979096][T12195]  ? __lock_acquire+0x5ca/0x1ba0
[  273.979111][T12195]  ___sys_recvmsg+0x114/0x1a0
[  273.979122][T12195]  ? __pfx____sys_recvmsg+0x10/0x10
[  273.979139][T12195]  ? get_pid_task+0xb0/0x250
[  273.979152][T12195]  ? __pfx___might_resched+0x10/0x10
[  273.979165][T12195]  do_recvmmsg+0x568/0x740
[  273.979177][T12195]  ? __pfx_do_recvmmsg+0x10/0x10
[  273.979197][T12195]  ? __fget_files+0x20e/0x3c0
[  273.979213][T12195]  __sys_recvmmsg+0x21c/0x280
[  273.979224][T12195]  ? __pfx___sys_recvmmsg+0x10/0x10
[  273.979236][T12195]  ? __pfx_ksys_write+0x10/0x10
[  273.979247][T12195]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  273.979259][T12195]  ? lockdep_hardirqs_on+0x7c/0x110
[  273.979272][T12195]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  273.979285][T12195]  __do_fast_syscall_32+0x73/0x120
[  273.979299][T12195]  do_fast_syscall_32+0x32/0x80
[  273.979312][T12195]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  273.979325][T12195] RIP: 0023:0xf708e579
[  273.979333][T12195] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  273.979343][T12195] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  273.979352][T12195] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000f40
[  273.979358][T12195] RDX: 00000000000007e4 RSI: 0000000000000002 RDI: 0000000000000000
[  273.979364][T12195] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  273.979370][T12195] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  273.979375][T12195] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  273.979387][T12195]  </TASK>
[  274.096434][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  274.101366][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  274.105688][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  274.117848][   T24] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  274.134625][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.137596][   T24] usb 5-1: Product: syz
[  274.139013][   T24] usb 5-1: Manufacturer: syz
[  274.140503][   T24] usb 5-1: SerialNumber: syz
[  274.152258][   T24] usb 5-1: config 0 descriptor??
[  274.164615][   T24] adutux 5-1:0.0: interrupt endpoints not found
[  274.514689][ T5942] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  274.599619][    T9] libceph: connect (1)[c::]:6789 error -101
[  274.601697][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  274.603920][    T9] libceph: connect (1)[c::]:6789 error -101
[  274.606043][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  274.664703][ T5942] usb 6-1: Using ep0 maxpacket: 8
[  274.672209][ T5942] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  274.680858][ T5942] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  274.686244][ T5942] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  274.690493][ T5942] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  274.696423][ T5942] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  274.700304][ T5942] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.864882][    T9] libceph: connect (1)[c::]:6789 error -101
[  274.867505][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  274.908290][ T5942] usb 6-1: GET_CAPABILITIES returned 0
[  274.910182][ T5942] usbtmc 6-1:16.0: can't read capabilities
[  275.067392][T12221] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1645'.
[  275.071249][T12221] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1645'.
[  275.374790][    T9] libceph: connect (1)[c::]:6789 error -101
[  275.485752][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  275.514901][T12213] ceph: No mds server is up or the cluster is laggy
[  276.676178][   T29] libceph: connect (1)[c::]:6789 error -101
[  276.678448][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  276.680822][   T29] libceph: connect (1)[c::]:6789 error -101
[  276.683013][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  276.716340][ T5942] usb 5-1: USB disconnect, device number 12
[  276.954980][   T29] libceph: connect (1)[c::]:6789 error -101
[  276.957789][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  277.259746][T12253] hub 1-0:1.0: USB hub found
[  277.261459][T12253] hub 1-0:1.0: 2 ports detected
[  277.299694][   T29] usb 6-1: USB disconnect, device number 8
[  277.465217][ T5979] libceph: connect (1)[c::]:6789 error -101
[  277.467401][ T5979] libceph: mon0 (1)[c::]:6789 connect error
[  277.640574][T12240] ceph: No mds server is up or the cluster is laggy
[  279.061822][   T24] libceph: connect (1)[c::]:6789 error -101
[  279.064262][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  279.069649][ T4430] libceph: connect (1)[c::]:6789 error -101
[  279.071593][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  279.334896][ T4430] libceph: connect (1)[c::]:6789 error -101
[  279.336865][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  279.338819][ T4430] libceph: connect (1)[c::]:6789 error -101
[  279.340733][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  279.630120][T12286] ceph: No mds server is up or the cluster is laggy
[  279.660372][T12283] ceph: No mds server is up or the cluster is laggy
[  280.677056][T12322] netlink: 'syz.2.1666': attribute type 4 has an invalid length.
[  280.740243][T12323] netlink: 'syz.2.1666': attribute type 4 has an invalid length.
[  281.082170][ T5979] libceph: connect (1)[c::]:6789 error -101
[  281.087483][ T5979] libceph: mon0 (1)[c::]:6789 connect error
[  281.362175][ T5979] libceph: connect (1)[c::]:6789 error -101
[  281.364325][ T5979] libceph: mon0 (1)[c::]:6789 connect error
[  281.813497][T12351] ceph: No mds server is up or the cluster is laggy
[  282.132352][T12370] fuse: blksize only supported for fuseblk
[  282.663836][T12391] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  282.730659][T12391] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  282.764718][ T5979] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  282.788014][T12391] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  282.830580][T12391] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  282.926894][ T5979] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  282.930459][ T5979] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  282.933381][ T5979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.937386][ T5979] usb 7-1: config 0 descriptor??
[  282.953877][T12391] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  282.963627][T12391] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  282.977996][T12391] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  282.989018][T12391] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  283.338392][T12398] lo speed is unknown, defaulting to 1000
[  283.357015][ T5979] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor
[  283.371631][ T5979] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0926:3333.0004/input/input9
[  283.425136][T12401] macsec2: entered promiscuous mode
[  283.427393][T12401] veth1_to_batadv: entered promiscuous mode
[  283.506214][ T5979] keytouch 0003:0926:3333.0004: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  284.171611][T12423] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1698'.
[  284.175120][T12423] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1698'.
[  284.307198][T12428] Invalid source name
[  284.308559][T12428] UBIFS error (pid: 12428): cannot open "./file0", error -22
[  285.127365][T12458] xt_hashlimit: max too large, truncated to 1048576
[  285.132013][T12458] Cannot find set identified by id 0 to match
[  285.296178][   T29] usb 7-1: USB disconnect, device number 8
[  285.918151][T12483] Invalid source name
[  285.919540][T12483] UBIFS error (pid: 12483): cannot open "./file0", error -22
[  286.000703][T12482] syz.3.1712 (12482): drop_caches: 2
[  286.009799][T12482] syz.3.1712 (12482): drop_caches: 2
[  286.317247][T12500] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1718'.
[  286.379815][T12495] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  286.726071][    T9] libceph: connect (1)[c::]:6789 error -101
[  286.727985][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  286.844671][T12538] kAFS: Can only specify source 'none' with -o dyn
[  286.944831][T12546] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1730'.
[  286.994997][    T9] libceph: connect (1)[c::]:6789 error -101
[  286.997036][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  287.004397][T12548] siw: device registration error -23
[  287.221408][    T9] libceph: connect (1)[c::]:6789 error -101
[  287.223480][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  287.236485][T12563] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1736'.
[  287.239752][T12563] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1736'.
[  287.355219][   T29] libceph: connect (1)[c::]:6789 error -101
[  287.357453][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  287.360565][   T29] libceph: connect (1)[c::]:6789 error -101
[  287.363766][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  287.470062][T12528] ceph: No mds server is up or the cluster is laggy
[  287.495075][    T9] libceph: connect (1)[c::]:6789 error -101
[  287.518861][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  287.520980][    T9] libceph: connect (1)[c::]:6789 error -101
[  287.532475][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  287.625620][   T29] libceph: connect (1)[c::]:6789 error -101
[  287.639607][T12573] FAULT_INJECTION: forcing a failure.
[  287.639607][T12573] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.643721][T12573] CPU: 3 UID: 0 PID: 12573 Comm: syz.2.1737 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  287.643734][T12573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  287.643740][T12573] Call Trace:
[  287.643744][T12573]  <TASK>
[  287.643749][T12573]  dump_stack_lvl+0x16c/0x1f0
[  287.643766][T12573]  should_fail_ex+0x512/0x640
[  287.643782][T12573]  _copy_to_user+0x32/0xd0
[  287.643798][T12573]  bpf_test_finish.isra.0+0x484/0x690
[  287.643811][T12573]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  287.643824][T12573]  ? __asan_memset+0x23/0x50
[  287.643841][T12573]  bpf_prog_test_run_skb+0x1368/0x2280
[  287.643857][T12573]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  287.643870][T12573]  ? fput+0x70/0xf0
[  287.643882][T12573]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  287.643893][T12573]  __sys_bpf+0x1485/0x4d80
[  287.643908][T12573]  ? __pfx___sys_bpf+0x10/0x10
[  287.643926][T12573]  ? ksys_write+0x190/0x240
[  287.643937][T12573]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  287.643958][T12573]  ? fput+0x70/0xf0
[  287.643968][T12573]  ? ksys_write+0x1b9/0x240
[  287.643977][T12573]  ? __pfx_ksys_write+0x10/0x10
[  287.643988][T12573]  __ia32_sys_bpf+0x76/0xe0
[  287.644002][T12573]  __do_fast_syscall_32+0x73/0x120
[  287.644017][T12573]  do_fast_syscall_32+0x32/0x80
[  287.644030][T12573]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  287.644043][T12573] RIP: 0023:0xf708e579
[  287.644050][T12573] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  287.644060][T12573] RSP: 002b:00000000f507e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  287.644070][T12573] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000140
[  287.644075][T12573] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000
[  287.644081][T12573] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  287.644086][T12573] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  287.644091][T12573] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  287.644104][T12573]  </TASK>
[  287.696649][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  287.961634][T12557] ceph: No mds server is up or the cluster is laggy
[  288.046485][T12582] lo speed is unknown, defaulting to 1000
[  288.053181][T12566] ceph: No mds server is up or the cluster is laggy
[  288.614684][ T4430] usb 6-1: new low-speed USB device number 9 using dummy_hcd
[  288.766477][   T40] kauditd_printk_skb: 23 callbacks suppressed
[  288.766488][   T40] audit: type=1326 audit(1746150615.264:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.775814][   T40] audit: type=1326 audit(1746150615.264:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.778387][T12613] trusted_key: encrypted_key: master key parameter '' is invalid
[  288.782549][   T40] audit: type=1326 audit(1746150615.264:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.790356][ T4430] usb 6-1: No LPM exit latency info found, disabling LPM.
[  288.794747][   T40] audit: type=1326 audit(1746150615.264:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.801476][   T40] audit: type=1326 audit(1746150615.264:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.801785][ T4430] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 8
[  288.808677][   T40] audit: type=1326 audit(1746150615.264:1864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.811679][ T4430] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 is Bulk; changing to Interrupt
[  288.818326][   T40] audit: type=1326 audit(1746150615.264:1865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.822925][ T4430] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 is Bulk; changing to Interrupt
[  288.828137][   T40] audit: type=1326 audit(1746150615.264:1866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.832496][ T4430] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  288.838091][   T40] audit: type=1326 audit(1746150615.264:1867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.840247][ T4430] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.840258][ T4430] usb 6-1: Product: Ј
[  288.840265][ T4430] usb 6-1: Manufacturer: ж
[  288.847195][   T40] audit: type=1326 audit(1746150615.264:1868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12609 comm="syz.2.1749" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf708e579 code=0x7ffc0000
[  288.849376][ T4430] usb 6-1: SerialNumber: �
[  288.850982][T12596] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  289.033692][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1750'.
[  289.036744][T12615] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1750'.
[  289.066333][T12596] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  289.068737][T12596] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  289.275041][ T4430] cdc_ncm 6-1:1.0: bind() failure
[  289.278917][ T4430] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71
[  289.281876][ T4430] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71
[  289.285996][ T4430] usbtest 6-1:1.1: probe with driver usbtest failed with error -71
[  289.289907][ T4430] usb 6-1: USB disconnect, device number 9
[  290.902215][T12654] fuse: Unknown parameter 'æ5Ø {s Ènkÿ¯³:ë®Æ*`naô³¥3'
[  291.144672][ T4430] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  291.296664][ T4430] usb 5-1: config 15 has an invalid interface number: 196 but max is 3
[  291.299642][ T4430] usb 5-1: config 15 has an invalid interface number: 233 but max is 3
[  291.302719][ T4430] usb 5-1: config 15 has an invalid interface number: 128 but max is 3
[  291.305858][ T4430] usb 5-1: config 15 has an invalid interface number: 55 but max is 3
[  291.308372][ T4430] usb 5-1: config 15 has no interface number 0
[  291.310301][ T4430] usb 5-1: config 15 has no interface number 1
[  291.312248][ T4430] usb 5-1: config 15 has no interface number 2
[  291.314198][ T4430] usb 5-1: config 15 has no interface number 3
[  291.316205][ T4430] usb 5-1: config 15 interface 196 altsetting 3 endpoint 0x4 has invalid maxpacket 1088, setting to 64
[  291.319559][ T4430] usb 5-1: config 15 interface 196 altsetting 3 endpoint 0x9 has invalid maxpacket 959, setting to 64
[  291.322970][ T4430] usb 5-1: config 15 interface 196 altsetting 3 has a duplicate endpoint with address 0x9, skipping
[  291.327252][ T4430] usb 5-1: config 15 interface 196 altsetting 3 has a duplicate endpoint with address 0x89, skipping
[  291.331673][ T4430] usb 5-1: config 15 interface 233 altsetting 4 has a duplicate endpoint with address 0x7, skipping
[  291.336131][ T4430] usb 5-1: config 15 interface 233 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  291.340574][ T4430] usb 5-1: config 15 interface 233 altsetting 4 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  291.345164][ T4430] usb 5-1: config 15 interface 233 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  291.349589][ T4430] usb 5-1: config 15 interface 233 altsetting 4 has a duplicate endpoint with address 0x3, skipping
[  291.354048][ T4430] usb 5-1: config 15 interface 128 altsetting 9 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  291.358658][ T4430] usb 5-1: config 15 interface 128 altsetting 9 has a duplicate endpoint with address 0x5, skipping
[  291.363028][ T4430] usb 5-1: config 15 interface 128 altsetting 9 has a duplicate endpoint with address 0x9, skipping
[  291.367554][ T4430] usb 5-1: config 15 interface 128 altsetting 9 has a duplicate endpoint with address 0x1, skipping
[  291.371928][ T4430] usb 5-1: config 15 interface 128 altsetting 9 has a duplicate endpoint with address 0x3, skipping
[  291.376441][ T4430] usb 5-1: config 15 interface 55 altsetting 8 has a duplicate endpoint with address 0x3, skipping
[  291.380740][ T4430] usb 5-1: config 15 interface 55 altsetting 8 endpoint 0xC has invalid wMaxPacketSize 0
[  291.384887][ T4430] usb 5-1: config 15 interface 55 altsetting 8 has a duplicate endpoint with address 0x1, skipping
[  291.389082][ T4430] usb 5-1: config 15 interface 55 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  291.393368][ T4430] usb 5-1: config 15 interface 55 altsetting 8 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  291.397709][ T4430] usb 5-1: config 15 interface 55 altsetting 8 has a duplicate endpoint with address 0x5, skipping
[  291.401974][ T4430] usb 5-1: config 15 interface 55 altsetting 8 has a duplicate endpoint with address 0x7, skipping
[  291.405789][ T4430] usb 5-1: config 15 interface 55 altsetting 8 has a duplicate endpoint with address 0x7, skipping
[  291.409062][ T4430] usb 5-1: config 15 interface 196 has no altsetting 0
[  291.411128][ T4430] usb 5-1: config 15 interface 233 has no altsetting 0
[  291.413505][ T4430] usb 5-1: config 15 interface 128 has no altsetting 0
[  291.416271][ T4430] usb 5-1: config 15 interface 55 has no altsetting 0
[  291.421378][ T4430] usb 5-1: New USB device found, idVendor=07aa, idProduct=0017, bcdDevice=d6.05
[  291.425170][ T4430] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.428435][ T4430] usb 5-1: Product: �噯例䦰ᗨ佺�ﮥ勄�녑嫅꠪�ᢒ咮⥶䟿牾�龟ﴵĴ熳�඾ퟛ핆긺࣠䃠욕�鷡ǟ굣ᕫ転瘠㠰䂂駓蓵㲣麅厣ऺ妩三鵗專幸멾辳ꂧ鸱
[  291.435951][ T4430] usb 5-1: Manufacturer: �픅㨹ﴺ㠩黂艨è�ꑳៗ潳枼雱鿈碗�苟๕ⅰʬ쎶抣胰ˢ跽ᆋ᠄ㆄ��⎮ඖ਒സ肌줵섹棓⑓尜틈��ᵳ�ꬨǽ豎픴࠵岲罔嵐ﴰ侷ꓫ�᫋租︕�淋抲熞娮翸�ਜ਼틳嗿鰨Ḹ読㣒Ⳇ���免�㸻�採孽�⤰ﶚ䴢ꩺ
[  291.446675][ T4430] usb 5-1: SerialNumber: 횀픽釤䛔�䴣Ѥ춶⛊䙜�鑠�嵔筂ꕟ䓼䑖�开쩗ḡ�㽴澄熒⊳ꤌ쿃ﯸꂉ踖ἅ밑声��蕧ጔ毯�跄ଃ⃮敆ᴭ뭠㾛�푅ꤙ숋୯傞�䆇⦷︚鮆⟔�舜襶⹵–ꛌ労㷬∘⴫䥚ꃙ�ˈ舞ᠠ�ꕒ哩䈎㼩郦⋘ᣑ࣭ꇒ掛掵཈ᘿᮿ
[  291.458879][T12653] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  291.518053][T12656] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1760'.
[  291.560370][T12661] batadv_slave_0: entered promiscuous mode
[  291.586834][T12663] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1762'.
[  291.589633][T12663] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1762'.
[  291.623794][T12659] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  291.680815][T12667] bpq0: left allmulticast mode
[  291.923511][ T5978] libceph: connect (1)[c::]:6789 error -101
[  291.925831][ T5978] libceph: mon0 (1)[c::]:6789 connect error
[  292.184843][   T29] libceph: connect (1)[c::]:6789 error -101
[  292.186877][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  292.574438][ T5978] libceph: connect (1)[c::]:6789 error -101
[  292.579209][ T5978] libceph: mon0 (1)[c::]:6789 connect error
[  292.704767][   T29] libceph: connect (1)[c::]:6789 error -101
[  292.706751][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  292.709883][T12672] ceph: No mds server is up or the cluster is laggy
[  293.011062][ T5978] libceph: connect (1)[c::]:6789 error -101
[  293.012983][ T5978] libceph: mon0 (1)[c::]:6789 connect error
[  293.099707][T12691] fuse: Unknown parameter 'æ5Ø {s Ènkÿ¯³:ë®Æ*`naô³¥3'
[  293.319645][T12678] ceph: No mds server is up or the cluster is laggy
[  293.745111][T12710] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1775'.
[  293.832667][ T4430] asix 5-1:15.196 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  293.836751][ T4430] asix 5-1:15.196: probe with driver asix failed with error -71
[  293.843289][ T4430] asix 5-1:15.233 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  293.847153][ T4430] asix 5-1:15.233: probe with driver asix failed with error -71
[  293.853575][ T4430] asix 5-1:15.128 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  293.857283][ T4430] asix 5-1:15.128: probe with driver asix failed with error -71
[  293.862076][ T4430] asix 5-1:15.55 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  293.865652][ T4430] asix 5-1:15.55: probe with driver asix failed with error -71
[  293.870687][ T4430] usb 5-1: USB disconnect, device number 13
[  294.046401][T12727] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1781'.
[  294.198549][T12734] FAULT_INJECTION: forcing a failure.
[  294.198549][T12734] name failslab, interval 1, probability 0, space 0, times 0
[  294.202862][T12734] CPU: 0 UID: 0 PID: 12734 Comm: syz.0.1784 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  294.202876][T12734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  294.202882][T12734] Call Trace:
[  294.202886][T12734]  <TASK>
[  294.202900][T12734]  dump_stack_lvl+0x16c/0x1f0
[  294.202919][T12734]  should_fail_ex+0x512/0x640
[  294.202945][T12734]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  294.202960][T12734]  should_failslab+0xc2/0x120
[  294.202972][T12734]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  294.202984][T12734]  ? __skb_datagram_iter+0x1a8/0x8c0
[  294.202998][T12734]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  294.203012][T12734]  ? scm_fp_dup+0x63/0x440
[  294.203022][T12734]  kmemdup_noprof+0x29/0x60
[  294.203039][T12734]  scm_fp_dup+0x63/0x440
[  294.203049][T12734]  __unix_dgram_recvmsg+0xa2c/0xee0
[  294.203066][T12734]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[  294.203081][T12734]  ? rcu_is_watching+0x12/0xc0
[  294.203090][T12734]  ? irqentry_exit+0x3b/0x90
[  294.203102][T12734]  ? lockdep_hardirqs_on+0x7c/0x110
[  294.203116][T12734]  ? __lock_acquire+0xaa4/0x1ba0
[  294.203134][T12734]  unix_dgram_recvmsg+0xd0/0x110
[  294.203149][T12734]  ____sys_recvmsg+0x5f6/0x6b0
[  294.203165][T12734]  ? __pfx_____sys_recvmsg+0x10/0x10
[  294.203177][T12734]  ? import_iovec+0x86/0xb0
[  294.203196][T12734]  ? __lock_acquire+0x5ca/0x1ba0
[  294.203211][T12734]  ___sys_recvmsg+0x114/0x1a0
[  294.203222][T12734]  ? __pfx____sys_recvmsg+0x10/0x10
[  294.203239][T12734]  ? lock_acquire+0x140/0x350
[  294.203251][T12734]  ? __pfx___might_resched+0x10/0x10
[  294.203264][T12734]  do_recvmmsg+0x568/0x740
[  294.203277][T12734]  ? __pfx_do_recvmmsg+0x10/0x10
[  294.203286][T12734]  ? trace_sched_exit_tp+0xde/0x130
[  294.203307][T12734]  ? __pfx___schedule+0x10/0x10
[  294.203317][T12734]  ? __fget_files+0x20e/0x3c0
[  294.203334][T12734]  __sys_recvmmsg+0x21c/0x280
[  294.203345][T12734]  ? __pfx___sys_recvmmsg+0x10/0x10
[  294.203359][T12734]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  294.203371][T12734]  ? lockdep_hardirqs_on+0x7c/0x110
[  294.203383][T12734]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  294.203396][T12734]  __do_fast_syscall_32+0x73/0x120
[  294.203410][T12734]  do_fast_syscall_32+0x32/0x80
[  294.203424][T12734]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  294.203436][T12734] RIP: 0023:0xf7fd8579
[  294.203444][T12734] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  294.203454][T12734] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  294.203463][T12734] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000f40
[  294.203469][T12734] RDX: 00000000000007e4 RSI: 0000000000000002 RDI: 0000000000000000
[  294.203474][T12734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  294.203480][T12734] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  294.203485][T12734] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  294.203497][T12734]  </TASK>
[  294.350043][T12736] FAULT_INJECTION: forcing a failure.
[  294.350043][T12736] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  294.356853][T12736] CPU: 0 UID: 0 PID: 12736 Comm: syz.1.1785 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  294.356868][T12736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  294.356875][T12736] Call Trace:
[  294.356879][T12736]  <TASK>
[  294.356883][T12736]  dump_stack_lvl+0x16c/0x1f0
[  294.356900][T12736]  should_fail_ex+0x512/0x640
[  294.356916][T12736]  _copy_to_user+0x32/0xd0
[  294.356931][T12736]  bpf_test_finish.isra.0+0x50c/0x690
[  294.356945][T12736]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  294.356958][T12736]  ? __asan_memset+0x23/0x50
[  294.356975][T12736]  bpf_prog_test_run_skb+0x1368/0x2280
[  294.356991][T12736]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  294.357003][T12736]  ? fput+0x70/0xf0
[  294.357016][T12736]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  294.357027][T12736]  __sys_bpf+0x1485/0x4d80
[  294.357043][T12736]  ? __pfx___sys_bpf+0x10/0x10
[  294.357056][T12736]  ? ksys_write+0x190/0x240
[  294.357067][T12736]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  294.357088][T12736]  ? fput+0x70/0xf0
[  294.357098][T12736]  ? ksys_write+0x1b9/0x240
[  294.357107][T12736]  ? __pfx_ksys_write+0x10/0x10
[  294.357118][T12736]  __ia32_sys_bpf+0x76/0xe0
[  294.357132][T12736]  __do_fast_syscall_32+0x73/0x120
[  294.357147][T12736]  do_fast_syscall_32+0x32/0x80
[  294.357160][T12736]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  294.357173][T12736] RIP: 0023:0xf707e579
[  294.357181][T12736] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  294.357191][T12736] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  294.357200][T12736] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000140
[  294.357206][T12736] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000
[  294.357212][T12736] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  294.357217][T12736] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  294.357223][T12736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  294.357235][T12736]  </TASK>
[  294.505159][T12741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1786'.
[  294.568849][T12746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1789'.
[  294.571723][T12746] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1789'.
[  294.615187][T12748] lo speed is unknown, defaulting to 1000
[  295.380247][T12768] netlink: 'syz.0.1794': attribute type 4 has an invalid length.
[  295.416403][T12768] netlink: 'syz.0.1794': attribute type 4 has an invalid length.
[  295.805931][T12790] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1802'.
[  295.808819][T12790] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1802'.
[  295.980954][T12807] xt_hashlimit: max too large, truncated to 1048576
[  295.983762][T12807] Cannot find set identified by id 0 to match
[  296.276462][T12818] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  297.347176][T12869] __nla_validate_parse: 2 callbacks suppressed
[  297.347192][T12869] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1828'.
[  297.353598][T12869] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1828'.
[  298.330055][T12883] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1830'.
[  298.445598][T12893] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1832'.
[  298.499675][T12900] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1835'.
[  298.867990][T12915] usb usb1: usbfs: process 12915 (syz.1.1840) did not claim interface 0 before use
[  298.881109][T12918] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1841'.
[  298.890319][T12918] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1841'.
[  299.098240][T12931] FAULT_INJECTION: forcing a failure.
[  299.098240][T12931] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  299.102194][T12931] CPU: 3 UID: 0 PID: 12931 Comm: syz.1.1845 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  299.102207][T12931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  299.102213][T12931] Call Trace:
[  299.102217][T12931]  <TASK>
[  299.102222][T12931]  dump_stack_lvl+0x16c/0x1f0
[  299.102239][T12931]  should_fail_ex+0x512/0x640
[  299.102255][T12931]  _copy_from_user+0x2e/0xd0
[  299.102270][T12931]  get_compat_msghdr+0xa7/0x170
[  299.102280][T12931]  ? __pfx_get_compat_msghdr+0x10/0x10
[  299.102291][T12931]  ? __lock_acquire+0x5ca/0x1ba0
[  299.102307][T12931]  ___sys_recvmsg+0x191/0x1a0
[  299.102319][T12931]  ? __pfx____sys_recvmsg+0x10/0x10
[  299.102336][T12931]  ? get_pid_task+0xb0/0x250
[  299.102349][T12931]  ? __pfx___might_resched+0x10/0x10
[  299.102363][T12931]  do_recvmmsg+0x568/0x740
[  299.102374][T12931]  ? __pfx_do_recvmmsg+0x10/0x10
[  299.102394][T12931]  ? __fget_files+0x20e/0x3c0
[  299.102410][T12931]  __sys_recvmmsg+0x21c/0x280
[  299.102421][T12931]  ? __pfx___sys_recvmmsg+0x10/0x10
[  299.102433][T12931]  ? __pfx_ksys_write+0x10/0x10
[  299.102444][T12931]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  299.102454][T12931]  ? lockdep_hardirqs_on+0x7c/0x110
[  299.102466][T12931]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  299.102480][T12931]  __do_fast_syscall_32+0x73/0x120
[  299.102494][T12931]  do_fast_syscall_32+0x32/0x80
[  299.102507][T12931]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  299.102519][T12931] RIP: 0023:0xf707e579
[  299.102527][T12931] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  299.102536][T12931] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  299.102546][T12931] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000f40
[  299.102552][T12931] RDX: 00000000000007e4 RSI: 0000000000000002 RDI: 0000000000000000
[  299.102557][T12931] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  299.102562][T12931] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  299.102568][T12931] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  299.102579][T12931]  </TASK>
[  299.406413][T12930] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  299.646924][T12946] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1851'.
[  299.652460][T12946] ipvlan7: entered promiscuous mode
[  299.654699][T12946] 8021q: adding VLAN 0 to HW filter on device ipvlan7
[  299.765990][T12950] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1852'.
[  300.254206][T12962] siw: device registration error -23
[  300.692185][T12971] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1860'.
[  300.852739][T12982] Cannot find set identified by id 0 to match
[  301.205721][   T40] kauditd_printk_skb: 17 callbacks suppressed
[  301.205838][   T40] audit: type=1326 audit(1746150627.674:1886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.208835][T12997] bpq0: entered allmulticast mode
[  301.219812][   T40] audit: type=1326 audit(1746150627.674:1887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.227828][   T40] audit: type=1326 audit(1746150627.684:1888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.234820][   T40] audit: type=1326 audit(1746150627.684:1889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.241632][   T40] audit: type=1326 audit(1746150627.694:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.249482][   T40] audit: type=1326 audit(1746150627.704:1891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.256225][   T40] audit: type=1326 audit(1746150627.704:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.262955][   T40] audit: type=1326 audit(1746150627.704:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.269788][   T40] audit: type=1326 audit(1746150627.704:1894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.277172][   T40] audit: type=1326 audit(1746150627.704:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12992 comm="syz.2.1869" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  301.364857][T12997] trusted_key: encrypted_key: master key parameter '' is invalid
[  302.562574][T13011] netlink: 'syz.1.1873': attribute type 4 has an invalid length.
[  302.580949][T13011] netlink: 'syz.1.1873': attribute type 4 has an invalid length.
[  302.593227][  T144] lo speed is unknown, defaulting to 1000
[  302.595877][   T29] lo speed is unknown, defaulting to 1000
[  302.774100][T13013] fuse: Bad value for 'group_id'
[  302.776885][T13013] fuse: Bad value for 'group_id'
[  302.780330][T13013] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma?
[  303.044868][T13026] netlink: 'syz.2.1876': attribute type 4 has an invalid length.
[  303.048129][T13024] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  303.066179][T13026] netlink: 'syz.2.1876': attribute type 4 has an invalid length.
[  303.111775][T13022] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  303.402794][   T29] libceph: connect (1)[c::]:6789 error -101
[  303.408624][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  303.418049][   T29] libceph: connect (1)[c::]:6789 error -101
[  303.424980][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  303.712685][   T29] libceph: connect (1)[c::]:6789 error -101
[  303.715139][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  304.113532][T13042] ceph: No mds server is up or the cluster is laggy
[  304.135417][T13060] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  304.230970][T13060] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  304.297494][T13060] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  304.340246][T13060] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  304.420586][T13060] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  304.427071][T13060] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  304.433975][T13060] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  304.441907][T13060] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  304.910897][T13080] __nla_validate_parse: 1 callbacks suppressed
[  304.910907][T13080] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1895'.
[  304.915777][T13080] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1895'.
[  305.276284][   T24] libceph: connect (1)[c::]:6789 error -101
[  305.278501][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  305.280353][T13084] trusted_key: encrypted_key: master key parameter '' is invalid
[  305.534766][   T24] libceph: connect (1)[c::]:6789 error -101
[  305.536715][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  305.896337][T13104] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1900'.
[  306.045726][   T24] libceph: connect (1)[c::]:6789 error -101
[  306.055352][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  306.071675][T13088] ceph: No mds server is up or the cluster is laggy
[  306.236584][T13112] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1903'.
[  306.503394][T13122] fuse: Unknown parameter 'subj_role'
[  306.727002][   T13] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  306.730114][   T13] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.819494][   T13] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  306.822548][   T13] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.897721][   T13] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  306.900731][   T13] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.954022][ T5943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  306.957932][   T13] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  306.958132][ T5943] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  306.960890][   T13] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  306.964083][ T5943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  306.969198][ T5943] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  306.972818][ T5943] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  306.983061][ T5941] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  306.986128][  T144] libceph: connect (1)[c::]:6789 error -101
[  306.986261][  T144] libceph: mon0 (1)[c::]:6789 connect error
[  306.992231][ T5941] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  306.996061][ T5941] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  307.001606][ T5941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  307.006063][ T5941] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  307.035064][T13131] lo speed is unknown, defaulting to 1000
[  307.078503][   T13] bridge_slave_1: left allmulticast mode
[  307.080383][   T13] bridge_slave_1: left promiscuous mode
[  307.084430][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.088625][   T13] bridge_slave_0: left allmulticast mode
[  307.090401][   T13] bridge_slave_0: left promiscuous mode
[  307.092346][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.113361][T13140] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1912'.
[  307.246559][   T13] team0: Port device geneve0 removed
[  307.254978][  T144] libceph: connect (1)[c::]:6789 error -101
[  307.265877][  T144] libceph: mon0 (1)[c::]:6789 connect error
[  307.785969][  T144] libceph: connect (1)[c::]:6789 error -101
[  307.790655][  T144] libceph: mon0 (1)[c::]:6789 connect error
[  307.870051][T13159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.873504][T13159] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  308.936500][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  308.940272][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  308.943345][   T13] bond0 (unregistering): Released all slaves
[  308.955058][T13133] ceph: No mds server is up or the cluster is laggy
[  308.958272][T13162] bpq0: left allmulticast mode
[  309.025552][T13169] FAULT_INJECTION: forcing a failure.
[  309.025552][T13169] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  309.029491][T13169] CPU: 1 UID: 0 PID: 13169 Comm: syz.1.1920 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  309.029505][T13169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  309.029511][T13169] Call Trace:
[  309.029515][T13169]  <TASK>
[  309.029519][T13169]  dump_stack_lvl+0x16c/0x1f0
[  309.029536][T13169]  should_fail_ex+0x512/0x640
[  309.029552][T13169]  _copy_to_user+0x32/0xd0
[  309.029568][T13169]  simple_read_from_buffer+0xcb/0x170
[  309.029584][T13169]  proc_fail_nth_read+0x197/0x270
[  309.029598][T13169]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  309.029613][T13169]  ? rw_verify_area+0xcf/0x680
[  309.029627][T13169]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  309.029640][T13169]  vfs_read+0x1de/0xc70
[  309.029651][T13169]  ? __pfx___mutex_lock+0x10/0x10
[  309.029664][T13169]  ? __pfx_vfs_read+0x10/0x10
[  309.029676][T13169]  ? __fget_files+0x20e/0x3c0
[  309.029695][T13169]  ksys_read+0x12a/0x240
[  309.029703][T13169]  ? __pfx_ksys_read+0x10/0x10
[  309.029711][T13169]  ? rcu_is_watching+0x12/0xc0
[  309.029722][T13169]  ? rcu_is_watching+0x12/0xc0
[  309.029733][T13169]  __do_fast_syscall_32+0x73/0x120
[  309.029747][T13169]  do_fast_syscall_32+0x32/0x80
[  309.029760][T13169]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  309.029773][T13169] RIP: 0023:0xf707e579
[  309.029781][T13169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  309.029791][T13169] RSP: 002b:00000000f506e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  309.029801][T13169] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f506e620
[  309.029807][T13169] RDX: 000000000000000f RSI: 00000000f73e2ff4 RDI: 0000000000000000
[  309.029813][T13169] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  309.029818][T13169] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  309.029824][T13169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  309.029836][T13169]  </TASK>
[  309.042611][T13131] chnl_net:caif_netlink_parms(): no params data found
[  309.064650][ T5941] Bluetooth: hci3: command tx timeout
[  309.069645][T13171] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1921'.
[  309.084997][T13174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1919'.
[  309.127347][T13171] ipvlan1: entered promiscuous mode
[  309.130457][T13171] 8021q: adding VLAN 0 to HW filter on device ipvlan1
[  309.192796][T13131] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.195230][T13131] bridge0: port 1(bridge_slave_0) entered disabled state
[  309.197412][T13131] bridge_slave_0: entered allmulticast mode
[  309.199884][T13131] bridge_slave_0: entered promiscuous mode
[  309.202892][T13131] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.205522][T13131] bridge0: port 2(bridge_slave_1) entered disabled state
[  309.207713][T13131] bridge_slave_1: entered allmulticast mode
[  309.210268][T13131] bridge_slave_1: entered promiscuous mode
[  309.245725][T13131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  309.250127][T13131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  309.311877][T13131] team0: Port device team_slave_0 added
[  309.320061][T13131] team0: Port device team_slave_1 added
[  309.373876][T13131] batman_adv: batadv0: Adding interface: batadv_slave_0
[  309.376836][T13131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.384394][T13131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  309.388492][T13131] batman_adv: batadv0: Adding interface: batadv_slave_1
[  309.390596][T13131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.398302][T13131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  309.434892][T13131] hsr_slave_0: entered promiscuous mode
[  309.437106][T13131] hsr_slave_1: entered promiscuous mode
[  309.439027][T13131] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  309.441374][T13131] Cannot create hsr debugfs directory
[  309.623106][T13184] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1924'.
[  309.626561][T13184] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1924'.
[  309.666169][T13186] lo speed is unknown, defaulting to 1000
[  309.804831][T13188] cgroup: fork rejected by pids controller in /syz2
[  309.827499][T13131] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  309.833424][T13131] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  309.842589][T13131] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  309.856609][T13131] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  309.903387][T13131] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.905732][T13131] bridge0: port 2(bridge_slave_1) entered forwarding state
[  309.908034][T13131] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.910282][T13131] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.019072][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.022885][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.060377][T13131] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.156560][T13131] 8021q: adding VLAN 0 to HW filter on device team0
[  310.162542][   T63] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.164761][   T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.194469][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.196936][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.340517][ T6059] libceph: connect (1)[c::]:6789 error -101
[  310.342468][ T6059] libceph: mon0 (1)[c::]:6789 connect error
[  310.454177][T13131] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.478363][T13131] veth0_vlan: entered promiscuous mode
[  310.489560][T13131] veth1_vlan: entered promiscuous mode
[  310.520944][T13131] veth0_macvtap: entered promiscuous mode
[  310.525500][T13131] veth1_macvtap: entered promiscuous mode
[  310.533675][T13131] batman_adv: batadv0: Interface activated: batadv_slave_0
[  310.539652][T13131] batman_adv: batadv0: Interface activated: batadv_slave_1
[  310.544174][T13131] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  310.549325][T13131] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  310.552119][T13131] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  310.555128][T13131] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  310.604880][ T6059] libceph: connect (1)[c::]:6789 error -101
[  310.606793][ T6059] libceph: mon0 (1)[c::]:6789 connect error
[  310.607600][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  310.611515][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  310.637618][   T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  310.640862][   T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  310.793712][   T13] tipc: Disabling bearer <udp:s>
[  310.797258][   T13] tipc: Left network mode
[  311.086743][T13443] ceph: No mds server is up or the cluster is laggy
[  311.144885][ T5941] Bluetooth: hci3: command tx timeout
[  311.205931][   T13] hsr_slave_0: left promiscuous mode
[  311.207975][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  311.210748][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  311.214111][   T13] veth1_to_batadv: left promiscuous mode
[  311.236677][   T13] pimreg (unregistering): left allmulticast mode
[  311.731026][   T13] team0 (unregistering): Port device team_slave_1 removed
[  311.806504][   T13] team0 (unregistering): Port device team_slave_0 removed
[  312.448440][  T836] IPVS: starting estimator thread 0...
[  312.451042][T13481] tipc: Started in network mode
[  312.452596][T13481] tipc: Node identity ac1414aa, cluster identity 4711
[  312.456116][T13481] tipc: Enabled bearer <udp:s>, priority 10
[  312.554937][T13487] IPVS: using max 45 ests per chain, 108000 per kthread
[  312.561244][T13494] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1942'.
[  312.634226][   T10] libceph: connect (1)[c::]:6789 error -101
[  312.649202][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  312.658137][   T13] IPVS: stop unused estimator thread 0...
[  312.915964][   T10] libceph: connect (1)[c::]:6789 error -101
[  312.930365][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  313.214947][ T5941] Bluetooth: hci3: command tx timeout
[  313.325942][T13510] block device autoloading is deprecated and will be removed.
[  313.356036][T13495] ceph: No mds server is up or the cluster is laggy
[  313.574710][ T6059] tipc: Node number set to 2886997162
[  313.663468][T13504] Process accounting resumed
[  314.097362][T13539] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1957'.
[  314.102822][T13539] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1957'.
[  314.424677][   T10] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  314.585932][   T10] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  314.588906][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  314.591596][   T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  314.599283][   T10] usb 8-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  314.601806][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.604026][   T10] usb 8-1: Product: syz
[  314.606037][   T10] usb 8-1: Manufacturer: syz
[  314.607371][   T10] usb 8-1: SerialNumber: syz
[  314.624994][   T10] usb 8-1: config 0 descriptor??
[  314.631717][   T10] adutux 8-1:0.0: interrupt endpoints not found
[  315.070140][T13566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1967'.
[  315.072979][T13566] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1967'.
[  315.125951][T13569] capability: warning: `syz.1.1968' uses 32-bit capabilities (legacy support in use)
[  315.171609][T13571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.175450][T13571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.295239][ T5941] Bluetooth: hci3: command tx timeout
[  316.116328][T13589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1973'.
[  316.201373][T13599] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1977'.
[  316.204444][T13599] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1977'.
[  316.263732][T13607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1981'.
[  316.266680][T13607] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1981'.
[  316.577744][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  316.880789][T13624] loop6: detected capacity change from 0 to 63
[  316.931545][T13627] lo speed is unknown, defaulting to 1000
[  317.178320][T13631] netlink: 'syz.0.1986': attribute type 7 has an invalid length.
[  317.207406][   T29] usb 8-1: USB disconnect, device number 13
[  317.699145][T13663] __nla_validate_parse: 3 callbacks suppressed
[  317.699156][T13663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1998'.
[  317.703900][T13663] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1998'.
[  317.780652][ T4430] libceph: connect (1)[c::]:6789 error -101
[  317.783300][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  317.787022][ T4430] libceph: connect (1)[c::]:6789 error -101
[  317.789978][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  317.924722][ T5942] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  318.048772][ T4430] libceph: connect (1)[c::]:6789 error -101
[  318.054943][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  318.092171][ T5942] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  318.097682][T13664] ceph: No mds server is up or the cluster is laggy
[  318.100123][ T5942] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  318.103112][ T5942] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  318.110373][ T5942] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  318.113155][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.122532][ T5942] usb 5-1: Product: syz
[  318.123868][ T5942] usb 5-1: Manufacturer: syz
[  318.125481][ T5942] usb 5-1: SerialNumber: syz
[  318.137228][ T5942] usb 5-1: config 0 descriptor??
[  318.138337][T13672] netlink: 'syz.2.1999': attribute type 7 has an invalid length.
[  318.142521][T13672] netlink: 'syz.2.1999': attribute type 8 has an invalid length.
[  318.150188][ T5942] adutux 5-1:0.0: interrupt endpoints not found
[  318.249017][T13679] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2002'.
[  318.254370][T13679] ipvlan6: entered promiscuous mode
[  318.257438][T13679] ipvlan6: entered allmulticast mode
[  318.259122][T13679] batadv0: entered allmulticast mode
[  318.261348][T13679] 8021q: adding VLAN 0 to HW filter on device ipvlan6
[  318.702163][T13689] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2005'.
[  318.973645][ T4430] libceph: connect (1)[c::]:6789 error -101
[  318.976317][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  319.245312][ T4430] libceph: connect (1)[c::]:6789 error -101
[  319.248453][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  319.669929][T13715] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2011'.
[  319.675818][T13715] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2011'.
[  319.754891][ T4430] libceph: connect (1)[c::]:6789 error -101
[  319.758071][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  319.914679][T13708] ceph: No mds server is up or the cluster is laggy
[  320.375149][T13742] bridge0: port 3(vlan2) entered blocking state
[  320.377366][T13742] bridge0: port 3(vlan2) entered disabled state
[  320.379546][T13742] vlan2: entered allmulticast mode
[  320.381276][T13742] bridge0: entered allmulticast mode
[  320.386336][T13742] vlan2: left allmulticast mode
[  320.387987][T13742] bridge0: left allmulticast mode
[  320.709184][ T5942] usb 5-1: USB disconnect, device number 14
[  320.934857][T13755] FAULT_INJECTION: forcing a failure.
[  320.934857][T13755] name failslab, interval 1, probability 0, space 0, times 0
[  320.939575][T13755] CPU: 2 UID: 0 PID: 13755 Comm: syz.3.2022 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  320.939596][T13755] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  320.939605][T13755] Call Trace:
[  320.939611][T13755]  <TASK>
[  320.939617][T13755]  dump_stack_lvl+0x16c/0x1f0
[  320.939655][T13755]  should_fail_ex+0x512/0x640
[  320.939675][T13755]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  320.939696][T13755]  should_failslab+0xc2/0x120
[  320.939714][T13755]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  320.939731][T13755]  ? __skb_datagram_iter+0x1a8/0x8c0
[  320.939752][T13755]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  320.939770][T13755]  ? scm_fp_dup+0x63/0x440
[  320.939787][T13755]  kmemdup_noprof+0x29/0x60
[  320.939805][T13755]  scm_fp_dup+0x63/0x440
[  320.939821][T13755]  __unix_dgram_recvmsg+0xa2c/0xee0
[  320.939847][T13755]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[  320.939874][T13755]  ? __lock_acquire+0xaa4/0x1ba0
[  320.939904][T13755]  unix_dgram_recvmsg+0xd0/0x110
[  320.939926][T13755]  ____sys_recvmsg+0x5f6/0x6b0
[  320.939950][T13755]  ? __pfx_____sys_recvmsg+0x10/0x10
[  320.939967][T13755]  ? import_iovec+0x86/0xb0
[  320.939997][T13755]  ? __lock_acquire+0x5ca/0x1ba0
[  320.940019][T13755]  ___sys_recvmsg+0x114/0x1a0
[  320.940035][T13755]  ? __pfx____sys_recvmsg+0x10/0x10
[  320.940062][T13755]  ? get_pid_task+0xb0/0x250
[  320.940082][T13755]  ? __pfx___might_resched+0x10/0x10
[  320.940103][T13755]  do_recvmmsg+0x568/0x740
[  320.940122][T13755]  ? __pfx_do_recvmmsg+0x10/0x10
[  320.940154][T13755]  ? __fget_files+0x20e/0x3c0
[  320.940178][T13755]  __sys_recvmmsg+0x21c/0x280
[  320.940193][T13755]  ? __pfx___sys_recvmmsg+0x10/0x10
[  320.940210][T13755]  ? __pfx_ksys_write+0x10/0x10
[  320.940229][T13755]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  320.940245][T13755]  ? lockdep_hardirqs_on+0x7c/0x110
[  320.940263][T13755]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  320.940283][T13755]  __do_fast_syscall_32+0x73/0x120
[  320.940304][T13755]  do_fast_syscall_32+0x32/0x80
[  320.940343][T13755]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  320.940363][T13755] RIP: 0023:0xf7f22579
[  320.940374][T13755] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  320.940387][T13755] RSP: 002b:00000000f502555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  320.940401][T13755] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000f40
[  320.940410][T13755] RDX: 00000000000007e4 RSI: 0000000000000002 RDI: 0000000000000000
[  320.940418][T13755] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  320.940426][T13755] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  320.940435][T13755] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  320.940454][T13755]  </TASK>
[  321.458139][T13784] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2032'.
[  321.461068][T13784] netlink: 136 bytes leftover after parsing attributes in process `syz.2.2032'.
[  321.474664][ T5942] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  321.538727][T13792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2036'.
[  321.619574][   T10] libceph: connect (1)[c::]:6789 error -101
[  321.621614][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  321.623893][   T10] libceph: connect (1)[c::]:6789 error -101
[  321.626678][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  321.638864][ T5942] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  321.642161][ T5942] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  321.645333][ T5942] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  321.651660][ T5942] usb 8-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  321.731494][ T5942] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.734005][ T5942] usb 8-1: Product: syz
[  321.735496][ T5942] usb 8-1: Manufacturer: syz
[  321.736966][ T5942] usb 8-1: SerialNumber: syz
[  321.739972][ T5942] usb 8-1: config 0 descriptor??
[  321.742821][ T5942] adutux 8-1:0.0: interrupt endpoints not found
[  321.869255][T13802] bridge0: port 3(vlan1) entered blocking state
[  321.871928][T13802] bridge0: port 3(vlan1) entered disabled state
[  321.874613][T13802] vlan1: entered allmulticast mode
[  321.876743][T13802] bridge0: entered allmulticast mode
[  321.880828][T13802] vlan1: left allmulticast mode
[  321.882935][T13802] bridge0: left allmulticast mode
[  321.894829][   T10] libceph: connect (1)[c::]:6789 error -101
[  321.896782][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  322.277192][T13815] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2042'.
[  322.370192][T13795] ceph: No mds server is up or the cluster is laggy
[  322.497406][T13826] netlink: 'syz.2.2044': attribute type 7 has an invalid length.
[  322.738231][T13835] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2048'.
[  322.741845][T13835] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2048'.
[  322.752418][T13835] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  322.928588][T13840] xt_hashlimit: max too large, truncated to 1048576
[  322.932828][T13840] Cannot find set identified by id 0 to match
[  323.004705][ T5942] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  323.112839][  T144] libceph: connect (1)[c::]:6789 error -101
[  323.119973][  T144] libceph: mon0 (1)[c::]:6789 connect error
[  323.134689][ T5942] usb 7-1: device descriptor read/64, error -71
[  323.146325][  T144] libceph: connect (1)[c::]:6789 error -101
[  323.148529][  T144] libceph: mon0 (1)[c::]:6789 connect error
[  323.375194][ T5942] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  323.404775][  T144] libceph: connect (1)[c::]:6789 error -101
[  323.406748][  T144] libceph: mon0 (1)[c::]:6789 connect error
[  323.422481][T13849] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2052'.
[  323.426751][T13849] bridge_slave_1: left allmulticast mode
[  323.429153][T13849] bridge_slave_1: left promiscuous mode
[  323.431724][T13849] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.436704][T13849] bridge_slave_0: left allmulticast mode
[  323.438503][T13849] bridge_slave_0: left promiscuous mode
[  323.440429][T13849] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.514660][ T5942] usb 7-1: device descriptor read/64, error -71
[  323.626107][ T5942] usb usb7-port1: attempt power cycle
[  323.797723][T13843] ceph: No mds server is up or the cluster is laggy
[  323.939011][T13853] random: crng reseeded on system resumption
[  323.974759][ T5942] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  323.995372][ T5942] usb 7-1: device descriptor read/8, error -71
[  324.247417][ T5942] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  324.264640][ T4430] usb 8-1: USB disconnect, device number 14
[  324.266212][ T5942] usb 7-1: device descriptor read/8, error -71
[  324.375304][ T5942] usb usb7-port1: unable to enumerate USB device
[  324.732320][T13870] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2059'.
[  324.934763][T13869] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2059'.
[  325.929160][T13888] lo speed is unknown, defaulting to 1000
[  326.254828][T13907] Cannot find set identified by id 0 to match
[  327.889785][T13945] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2080'.
[  328.680292][T13959] siw: device registration error -23
[  329.069212][T13963] wireguard0: entered promiscuous mode
[  329.281559][T13956] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  329.706155][   T65] libceph: connect (1)[c::]:6789 error -101
[  329.720399][   T65] libceph: mon0 (1)[c::]:6789 connect error
[  330.004876][   T65] libceph: connect (1)[c::]:6789 error -101
[  330.015098][   T65] libceph: mon0 (1)[c::]:6789 connect error
[  330.021600][T13997] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2092'.
[  330.174716][   T10] page_pool_release_retry() stalled pool shutdown: id 26, 51 inflight 181 sec
[  330.279715][T14011] xt_hashlimit: max too large, truncated to 1048576
[  330.281941][T14011] Cannot find set identified by id 0 to match
[  330.438275][T13989] ceph: No mds server is up or the cluster is laggy
[  330.451920][T14022] netlink: 'syz.3.2099': attribute type 10 has an invalid length.
[  330.456711][T14022] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2099'.
[  330.460899][T14022] dummy0: entered promiscuous mode
[  330.463419][T14022] bridge0: port 3(dummy0) entered blocking state
[  330.466193][T14022] bridge0: port 3(dummy0) entered disabled state
[  330.468356][T14022] dummy0: entered allmulticast mode
[  330.471248][T14022] bridge0: port 3(dummy0) entered blocking state
[  330.473286][T14022] bridge0: port 3(dummy0) entered forwarding state
[  331.177545][T14034] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  331.318363][T14045] FAULT_INJECTION: forcing a failure.
[  331.318363][T14045] name failslab, interval 1, probability 0, space 0, times 0
[  331.322456][T14045] CPU: 2 UID: 0 PID: 14045 Comm: syz.3.2105 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  331.322469][T14045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  331.322476][T14045] Call Trace:
[  331.322484][T14045]  <TASK>
[  331.322488][T14045]  dump_stack_lvl+0x16c/0x1f0
[  331.322505][T14045]  should_fail_ex+0x512/0x640
[  331.322520][T14045]  ? fs_reclaim_acquire+0xae/0x150
[  331.322535][T14045]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  331.322549][T14045]  should_failslab+0xc2/0x120
[  331.322561][T14045]  __kmalloc_noprof+0xd2/0x510
[  331.322575][T14045]  tomoyo_realpath_from_path+0xc2/0x6e0
[  331.322589][T14045]  ? tomoyo_profile+0x47/0x60
[  331.322605][T14045]  tomoyo_path_number_perm+0x245/0x580
[  331.322615][T14045]  ? tomoyo_path_number_perm+0x237/0x580
[  331.322627][T14045]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  331.322652][T14045]  ? find_held_lock+0x2b/0x80
[  331.322661][T14045]  ? hook_file_ioctl_common+0x145/0x410
[  331.322671][T14045]  ? __fget_files+0x204/0x3c0
[  331.322689][T14045]  ? __fget_files+0x20e/0x3c0
[  331.322702][T14045]  ? fput+0x70/0xf0
[  331.322715][T14045]  security_file_ioctl_compat+0x9b/0x240
[  331.322730][T14045]  __ia32_compat_sys_ioctl+0xc3/0x360
[  331.322746][T14045]  __do_fast_syscall_32+0x73/0x120
[  331.322768][T14045]  do_fast_syscall_32+0x32/0x80
[  331.322787][T14045]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  331.322808][T14045] RIP: 0023:0xf7f22579
[  331.322819][T14045] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  331.322834][T14045] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  331.322851][T14045] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040045612
[  331.322860][T14045] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  331.322866][T14045] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  331.322873][T14045] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  331.322881][T14045] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  331.322902][T14045]  </TASK>
[  331.322910][T14045] ERROR: Out of memory at tomoyo_realpath_from_path.
[  331.398102][T14045] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  332.933219][T14088] netlink: 'syz.0.2118': attribute type 4 has an invalid length.
[  332.963548][T14088] netlink: 'syz.0.2118': attribute type 4 has an invalid length.
[  333.326523][T14095] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2121'.
[  333.525679][T14099] fuse: Bad value for 'user_id'
[  333.527229][T14099] fuse: Bad value for 'user_id'
[  334.038401][T14112] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2126'.
[  334.045368][T14112] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2126'.
[  334.210057][T14097] uprobe: syz.0.2122:14097 failed to unregister, leaking uprobe
[  334.867358][ T4430] libceph: connect (1)[c::]:6789 error -101
[  334.872311][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  335.141892][ T4430] libceph: connect (1)[c::]:6789 error -101
[  335.144809][ T4430] libceph: mon0 (1)[c::]:6789 connect error
[  335.503948][T14136] ceph: No mds server is up or the cluster is laggy
[  335.693640][T14159] Driver unsupported XDP return value 0 on prog  (id 372) dev N/A, expect packet loss!
[  336.449051][T14173] overlayfs: failed to resolve './file1': -2
[  337.396148][T14186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2150'.
[  337.402216][T14186] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  337.525277][T14195] xt_hashlimit: max too large, truncated to 1048576
[  337.527797][T14195] Cannot find set identified by id 0 to match
[  337.527962][T14194] binder: Binderfs stats mode cannot be changed during a remount
[  337.536024][   T24] libceph: connect (1)[c::]:6789 error -101
[  337.538314][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  337.615514][T14206] FAULT_INJECTION: forcing a failure.
[  337.615514][T14206] name failslab, interval 1, probability 0, space 0, times 0
[  337.619879][T14206] CPU: 0 UID: 0 PID: 14206 Comm: syz.2.2154 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  337.619895][T14206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  337.619901][T14206] Call Trace:
[  337.619905][T14206]  <TASK>
[  337.619909][T14206]  dump_stack_lvl+0x16c/0x1f0
[  337.619938][T14206]  should_fail_ex+0x512/0x640
[  337.619953][T14206]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  337.619967][T14206]  should_failslab+0xc2/0x120
[  337.619979][T14206]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  337.619991][T14206]  ? __skb_datagram_iter+0x1a8/0x8c0
[  337.620005][T14206]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  337.620018][T14206]  ? scm_fp_dup+0x63/0x440
[  337.620029][T14206]  kmemdup_noprof+0x29/0x60
[  337.620041][T14206]  scm_fp_dup+0x63/0x440
[  337.620052][T14206]  __unix_dgram_recvmsg+0xa2c/0xee0
[  337.620069][T14206]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[  337.620083][T14206]  ? do_user_addr_fault+0x843/0x1370
[  337.620097][T14206]  ? __lock_acquire+0xaa4/0x1ba0
[  337.620115][T14206]  unix_dgram_recvmsg+0xd0/0x110
[  337.620130][T14206]  ____sys_recvmsg+0x5f6/0x6b0
[  337.620146][T14206]  ? __pfx_____sys_recvmsg+0x10/0x10
[  337.620158][T14206]  ? import_iovec+0x86/0xb0
[  337.620205][T14206]  ? __lock_acquire+0x5ca/0x1ba0
[  337.620221][T14206]  ___sys_recvmsg+0x114/0x1a0
[  337.620233][T14206]  ? __pfx____sys_recvmsg+0x10/0x10
[  337.620250][T14206]  ? get_pid_task+0xb0/0x250
[  337.620263][T14206]  ? __pfx___might_resched+0x10/0x10
[  337.620277][T14206]  do_recvmmsg+0x568/0x740
[  337.620289][T14206]  ? __pfx_do_recvmmsg+0x10/0x10
[  337.620309][T14206]  ? __fget_files+0x20e/0x3c0
[  337.620326][T14206]  __sys_recvmmsg+0x21c/0x280
[  337.620336][T14206]  ? __pfx___sys_recvmmsg+0x10/0x10
[  337.620348][T14206]  ? __pfx_ksys_write+0x10/0x10
[  337.620359][T14206]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  337.620370][T14206]  ? lockdep_hardirqs_on+0x7c/0x110
[  337.620383][T14206]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  337.620396][T14206]  __do_fast_syscall_32+0x73/0x120
[  337.620410][T14206]  do_fast_syscall_32+0x32/0x80
[  337.620423][T14206]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  337.620440][T14206] RIP: 0023:0xf708e579
[  337.620448][T14206] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  337.620458][T14206] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  337.620467][T14206] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000f40
[  337.620473][T14206] RDX: 00000000000007e4 RSI: 0000000000000002 RDI: 0000000000000000
[  337.620478][T14206] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  337.620484][T14206] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  337.620490][T14206] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  337.620502][T14206]  </TASK>
[  337.752868][T14204] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  337.814912][   T24] libceph: connect (1)[c::]:6789 error -101
[  337.819664][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  338.013981][T14219] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2160'.
[  338.238699][T14191] ceph: No mds server is up or the cluster is laggy
[  338.943663][T14238] dvmrp9: entered allmulticast mode
[  339.198312][ T5942] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  339.345947][ T5942] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  339.349243][ T5942] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  339.352326][ T5942] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  339.358777][ T5942] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  339.361706][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.364464][ T5942] usb 5-1: Product: syz
[  339.366050][ T5942] usb 5-1: Manufacturer: syz
[  339.367714][ T5942] usb 5-1: SerialNumber: syz
[  339.370789][ T5942] usb 5-1: config 0 descriptor??
[  339.375712][ T5942] adutux 5-1:0.0: interrupt endpoints not found
[  339.849996][ T5942] libceph: connect (1)[c::]:6789 error -101
[  339.852048][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  339.874835][    T9] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  340.047012][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  340.051334][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  340.055766][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  340.082380][    T9] usb 7-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  340.088440][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.091858][    T9] usb 7-1: Product: syz
[  340.093788][    T9] usb 7-1: Manufacturer: syz
[  340.104867][ T5942] libceph: connect (1)[c::]:6789 error -101
[  340.108234][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  340.120358][    T9] usb 7-1: SerialNumber: syz
[  340.144473][    T9] usb 7-1: config 0 descriptor??
[  340.255441][    T9] adutux 7-1:0.0: interrupt endpoints not found
[  340.614923][ T5942] libceph: connect (1)[c::]:6789 error -101
[  340.616972][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  340.642011][T14253] ceph: No mds server is up or the cluster is laggy
[  340.832565][T14278] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2176'.
[  340.850720][T14277] fuse: Unknown parameter 'uid'
[  340.904650][T14269] FAULT_INJECTION: forcing a failure.
[  340.904650][T14269] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  340.914707][T14269] CPU: 3 UID: 0 PID: 14269 Comm: syz.2.2168 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  340.914730][T14269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  340.914739][T14269] Call Trace:
[  340.914744][T14269]  <TASK>
[  340.914752][T14269]  dump_stack_lvl+0x16c/0x1f0
[  340.914775][T14269]  should_fail_ex+0x512/0x640
[  340.914800][T14269]  save_fsave_header+0x17b/0x2e0
[  340.914824][T14269]  ? __pfx_save_fsave_header+0x10/0x10
[  340.914851][T14269]  ? copy_fpstate_to_sigframe+0x2ca/0xb10
[  340.914870][T14269]  ? rcu_is_watching+0x12/0xc0
[  340.914885][T14269]  ? __local_bh_enable_ip+0xa4/0x120
[  340.914905][T14269]  copy_fpstate_to_sigframe+0x7a0/0xb10
[  340.914930][T14269]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  340.914954][T14269]  ? __sigqueue_free+0xba/0x2a0
[  340.914975][T14269]  ? collect_signal+0x263/0x540
[  340.914998][T14269]  get_sigframe+0x4a8/0x9c0
[  340.915021][T14269]  ? __pfx_get_sigframe+0x10/0x10
[  340.915041][T14269]  ? rcu_is_watching+0x12/0xc0
[  340.915053][T14269]  ? _raw_spin_unlock_irq+0x23/0x50
[  340.915071][T14269]  ? siginfo_layout+0x177/0x290
[  340.915088][T14269]  ia32_setup_frame+0xe2/0xa50
[  340.915108][T14269]  ? __pfx_ia32_setup_frame+0x10/0x10
[  340.915128][T14269]  arch_do_signal_or_restart+0x59e/0x7a0
[  340.915150][T14269]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  340.915177][T14269]  ? __pfx_do_preadv+0x10/0x10
[  340.915207][T14269]  syscall_exit_to_user_mode+0x150/0x2a0
[  340.915227][T14269]  __do_fast_syscall_32+0x80/0x120
[  340.915249][T14269]  do_fast_syscall_32+0x32/0x80
[  340.915268][T14269]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  340.915291][T14269] RIP: 0023:0xf708e579
[  340.915304][T14269] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  340.915318][T14269] RSP: 002b:00000000f505d55c EFLAGS: 00000296 ORIG_RAX: 000000000000014d
[  340.915332][T14269] RAX: fffffffffffffffc RBX: 0000000000000008 RCX: 0000000080000480
[  340.915343][T14269] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 0000000000000700
[  340.915352][T14269] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  340.915360][T14269] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  340.915368][T14269] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  340.915388][T14269]  </TASK>
[  340.963191][T14281] sg_write: data in/out 834/501 bytes for SCSI command 0xcf-- guessing data in;
[  340.963191][T14281]    program syz.3.2177 not setting count and/or reply_len properly
[  341.532767][ T5942] libceph: connect (1)[c::]:6789 error -101
[  341.534884][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  341.537061][ T5942] libceph: connect (1)[c::]:6789 error -101
[  341.539247][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  341.795013][ T5942] libceph: connect (1)[c::]:6789 error -101
[  341.797006][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  341.947853][ T5942] usb 5-1: USB disconnect, device number 15
[  342.131464][T14308] macsec0: entered promiscuous mode
[  342.133394][T14308] macsec0: entered allmulticast mode
[  342.135185][T14308] veth1_macvtap: entered allmulticast mode
[  342.362038][ T5942] libceph: connect (1)[c::]:6789 error -101
[  342.367489][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  342.371516][T14295] ceph: No mds server is up or the cluster is laggy
[  342.645937][   T24] usb 7-1: USB disconnect, device number 13
[  342.684864][T14324] netlink: 136 bytes leftover after parsing attributes in process `syz.2.2187'.
[  342.768928][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  342.774164][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.568516][T14348] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  343.626570][T14352] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2195'.
[  343.878877][T14366] FAULT_INJECTION: forcing a failure.
[  343.878877][T14366] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  343.883260][T14366] CPU: 2 UID: 0 PID: 14366 Comm: syz.0.2200 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  343.883275][T14366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  343.883281][T14366] Call Trace:
[  343.883285][T14366]  <TASK>
[  343.883299][T14366]  dump_stack_lvl+0x16c/0x1f0
[  343.883317][T14366]  should_fail_ex+0x512/0x640
[  343.883334][T14366]  _copy_from_user+0x2e/0xd0
[  343.883349][T14366]  get_compat_msghdr+0xa7/0x170
[  343.883360][T14366]  ? __pfx_get_compat_msghdr+0x10/0x10
[  343.883373][T14366]  ? __lock_acquire+0x5ca/0x1ba0
[  343.883394][T14366]  ___sys_recvmsg+0x191/0x1a0
[  343.883411][T14366]  ? __pfx____sys_recvmsg+0x10/0x10
[  343.883437][T14366]  ? get_pid_task+0xb0/0x250
[  343.883458][T14366]  ? __pfx___might_resched+0x10/0x10
[  343.883480][T14366]  do_recvmmsg+0x568/0x740
[  343.883501][T14366]  ? __pfx_do_recvmmsg+0x10/0x10
[  343.883534][T14366]  ? __fget_files+0x20e/0x3c0
[  343.883568][T14366]  __sys_recvmmsg+0x21c/0x280
[  343.883584][T14366]  ? __pfx___sys_recvmmsg+0x10/0x10
[  343.883596][T14366]  ? __pfx_ksys_write+0x10/0x10
[  343.883621][T14366]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  343.883632][T14366]  ? lockdep_hardirqs_on+0x7c/0x110
[  343.883644][T14366]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  343.883658][T14366]  __do_fast_syscall_32+0x73/0x120
[  343.883672][T14366]  do_fast_syscall_32+0x32/0x80
[  343.883685][T14366]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  343.883698][T14366] RIP: 0023:0xf7fd8579
[  343.883706][T14366] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  343.883716][T14366] RSP: 002b:00000000f50d555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  343.883726][T14366] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000f40
[  343.883732][T14366] RDX: 00000000000007e4 RSI: 0000000000000002 RDI: 0000000000000000
[  343.883738][T14366] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  343.883743][T14366] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  343.883749][T14366] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  343.883761][T14366]  </TASK>
[  343.979399][T14360] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  344.140798][T14376] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2201'.
[  344.182981][T14388] FAULT_INJECTION: forcing a failure.
[  344.182981][T14388] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  344.187325][T14388] CPU: 3 UID: 0 PID: 14388 Comm: syz.0.2207 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  344.187344][T14388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  344.187350][T14388] Call Trace:
[  344.187354][T14388]  <TASK>
[  344.187358][T14388]  dump_stack_lvl+0x16c/0x1f0
[  344.187388][T14388]  should_fail_ex+0x512/0x640
[  344.187404][T14388]  _copy_from_user+0x2e/0xd0
[  344.187419][T14388]  get_compat_msghdr+0xa7/0x170
[  344.187430][T14388]  ? __pfx_get_compat_msghdr+0x10/0x10
[  344.187444][T14388]  ___sys_sendmsg+0x1ae/0x1d0
[  344.187456][T14388]  ? __pfx____sys_sendmsg+0x10/0x10
[  344.187483][T14388]  __sys_sendmsg+0x16d/0x220
[  344.187494][T14388]  ? __pfx___sys_sendmsg+0x10/0x10
[  344.187510][T14388]  ? rcu_is_watching+0x12/0xc0
[  344.187521][T14388]  __do_fast_syscall_32+0x73/0x120
[  344.187535][T14388]  do_fast_syscall_32+0x32/0x80
[  344.187548][T14388]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  344.187561][T14388] RIP: 0023:0xf7fd8579
[  344.187569][T14388] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  344.187578][T14388] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  344.187590][T14388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  344.187595][T14388] RDX: 0000000020040840 RSI: 0000000000000000 RDI: 0000000000000000
[  344.187601][T14388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  344.187606][T14388] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  344.187611][T14388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  344.187624][T14388]  </TASK>
[  344.205743][T14389] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2208'.
[  344.217001][T14391] vlan0: entered promiscuous mode
[  344.256773][T14391] ip6gretap0: entered promiscuous mode
[  344.303468][T14398] Invalid source name
[  344.305032][T14398] UBIFS error (pid: 14398): cannot open "./file0", error -22
[  344.316207][T14400] Cannot find set identified by id 0 to match
[  344.345845][T14402] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2213'.
[  344.510572][T14416] trusted_key: encrypted_key: keylen parameter is missing
[  345.130731][T14428] netlink: 'syz.3.2219': attribute type 4 has an invalid length.
[  345.147446][T14428] netlink: 'syz.3.2219': attribute type 4 has an invalid length.
[  345.721681][T14440] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2223'.
[  345.725525][T14440] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2223'.
[  345.738682][T14442] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2224'.
[  345.742263][T14442] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2224'.
[  346.598057][T14457] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2228'.
[  346.641230][T14461] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  346.965726][T14474] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  346.970466][T14474] tipc: Resetting bearer <eth:syzkaller0>
[  347.124772][   T29] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  347.285961][   T29] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  347.289182][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  347.292181][   T29] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  347.379657][   T29] usb 8-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  347.382660][   T29] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.419588][   T29] usb 8-1: Product: syz
[  347.421047][   T29] usb 8-1: Manufacturer: syz
[  347.422531][   T29] usb 8-1: SerialNumber: syz
[  347.434924][   T29] usb 8-1: config 0 descriptor??
[  347.437847][   T29] adutux 8-1:0.0: interrupt endpoints not found
[  347.636319][T14465] tipc: Disabling bearer <eth:syzkaller0>
[  347.742444][T14483] macsec0: entered promiscuous mode
[  347.744526][T14483] macsec0: entered allmulticast mode
[  347.746344][T14483] veth1_macvtap: entered allmulticast mode
[  348.433440][T14492] loop6: detected capacity change from 0 to 63
[  349.350030][T14497] netlink: 136 bytes leftover after parsing attributes in process `syz.2.2240'.
[  349.503076][ T5943] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  349.506910][ T5943] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  349.509710][ T5943] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  349.513094][ T5943] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  349.517096][ T5943] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  349.534239][T14499] lo speed is unknown, defaulting to 1000
[  349.609311][T14499] chnl_net:caif_netlink_parms(): no params data found
[  349.702862][T14499] bridge0: port 1(bridge_slave_0) entered blocking state
[  349.705179][T14499] bridge0: port 1(bridge_slave_0) entered disabled state
[  349.707331][T14499] bridge_slave_0: entered allmulticast mode
[  349.709841][T14499] bridge_slave_0: entered promiscuous mode
[  349.712833][T14499] bridge0: port 2(bridge_slave_1) entered blocking state
[  349.715502][T14499] bridge0: port 2(bridge_slave_1) entered disabled state
[  349.717733][T14499] bridge_slave_1: entered allmulticast mode
[  349.720974][T14499] bridge_slave_1: entered promiscuous mode
[  349.760773][T14499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  349.775096][T14499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  349.831802][T14499] team0: Port device team_slave_0 added
[  349.835281][T14499] team0: Port device team_slave_1 added
[  349.869135][T14499] batman_adv: batadv0: Adding interface: batadv_slave_0
[  349.871227][T14499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  349.879760][T14499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  349.904750][   T24] usb 8-1: USB disconnect, device number 15
[  349.905522][T14499] batman_adv: batadv0: Adding interface: batadv_slave_1
[  349.908595][T14499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  349.916997][T14499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  349.989631][T14499] hsr_slave_0: entered promiscuous mode
[  349.991840][T14499] hsr_slave_1: entered promiscuous mode
[  349.993839][T14499] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  349.996618][T14499] Cannot create hsr debugfs directory
[  350.097917][   T63] bridge_slave_1: left allmulticast mode
[  350.099683][   T63] bridge_slave_1: left promiscuous mode
[  350.101542][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  350.109972][   T63] bridge_slave_0: left allmulticast mode
[  350.111876][   T63] bridge_slave_0: left promiscuous mode
[  350.113705][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  351.546023][ T5943] Bluetooth: hci4: command tx timeout
[  352.150057][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  352.154884][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  352.158918][   T63] bond0 (unregistering): Released all slaves
[  352.238063][   T63] tipc: Disabling bearer <udp:s>
[  352.244186][   T63] tipc: Left network mode
[  352.298680][T14523] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2246'.
[  352.487136][   T63] hsr_slave_0: left promiscuous mode
[  352.489579][   T63] hsr_slave_1: left promiscuous mode
[  352.491541][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  352.499060][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  352.510038][   T63] veth1_macvtap: left allmulticast mode
[  352.855919][   T24] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  353.007603][   T24] usb 8-1: Using ep0 maxpacket: 32
[  353.013568][   T24] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  353.035124][   T24] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  353.043345][   T24] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  353.046529][   T24] usb 8-1: Product: syz
[  353.047862][   T24] usb 8-1: Manufacturer: syz
[  353.049348][   T24] usb 8-1: SerialNumber: syz
[  353.052147][   T24] usb 8-1: config 0 descriptor??
[  353.054278][T14531] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  353.287038][   T29] usb 8-1: USB disconnect, device number 16
[  353.312494][   T63] team0 (unregistering): Port device team_slave_1 removed
[  353.399126][   T63] team0 (unregistering): Port device team_slave_0 removed
[  353.614720][ T5943] Bluetooth: hci4: command tx timeout
[  353.802593][   T24] libceph: connect (1)[c::]:6789 error -101
[  353.804869][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  353.807894][   T24] libceph: connect (1)[c::]:6789 error -101
[  353.809880][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  354.074933][   T24] libceph: connect (1)[c::]:6789 error -101
[  354.078401][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  354.139989][T14499] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  354.154969][T14499] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  354.163107][T14499] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  354.169389][T14499] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  354.223608][T14499] 8021q: adding VLAN 0 to HW filter on device bond0
[  354.233482][T14499] 8021q: adding VLAN 0 to HW filter on device team0
[  354.249134][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.251429][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  354.259982][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.262863][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.382029][T14499] 8021q: adding VLAN 0 to HW filter on device batadv0
[  354.413910][T14499] veth0_vlan: entered promiscuous mode
[  354.420361][T14499] veth1_vlan: entered promiscuous mode
[  354.434342][T14499] veth0_macvtap: entered promiscuous mode
[  354.438669][T14499] veth1_macvtap: entered promiscuous mode
[  354.446887][T14499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  354.450255][T14499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.454059][T14499] batman_adv: batadv0: Interface activated: batadv_slave_0
[  354.462131][T14499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  354.466480][T14499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.472059][T14499] batman_adv: batadv0: Interface activated: batadv_slave_1
[  354.486965][T14499] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  354.489839][T14499] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  354.490214][   T63] IPVS: stop unused estimator thread 0...
[  354.492574][T14499] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  354.497487][T14499] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  354.500648][T14546] ceph: No mds server is up or the cluster is laggy
[  354.556965][   T95] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  354.559611][   T95] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  354.572112][   T95] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  354.575023][   T95] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  354.587120][T14562] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2255'.
[  355.695061][ T5943] Bluetooth: hci4: command tx timeout
[  357.599742][T14619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2270'.
[  357.775023][ T5943] Bluetooth: hci4: command tx timeout
[  357.811688][  T144] libceph: connect (1)[c::]:6789 error -101
[  357.813847][  T144] libceph: mon0 (1)[c::]:6789 connect error
[  358.364964][ T5979] libceph: connect (1)[c::]:6789 error -101
[  358.367262][ T5979] libceph: mon0 (1)[c::]:6789 connect error
[  358.874822][ T5979] libceph: connect (1)[c::]:6789 error -101
[  358.876861][ T5979] libceph: mon0 (1)[c::]:6789 connect error
[  358.964747][T14623] ceph: No mds server is up or the cluster is laggy
[  359.634519][T14653] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  359.639363][T14653] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  359.646471][T14653] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  359.652420][T14653] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  359.657700][T14653] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  359.682256][T14651] lo speed is unknown, defaulting to 1000
[  359.948309][T14651] chnl_net:caif_netlink_parms(): no params data found
[  360.020228][T14651] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.022876][T14651] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.025859][T14651] bridge_slave_0: entered allmulticast mode
[  360.031139][T14651] bridge_slave_0: entered promiscuous mode
[  360.039116][T14651] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.041574][T14651] bridge0: port 2(bridge_slave_1) entered disabled state
[  360.044039][T14651] bridge_slave_1: entered allmulticast mode
[  360.058956][T14661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2280'.
[  360.077579][T14651] bridge_slave_1: entered promiscuous mode
[  360.083163][T14661] netlink: 'syz.1.2280': attribute type 298 has an invalid length.
[  360.171612][T14651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  360.181192][T14651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  360.207275][   T24] libceph: connect (1)[c::]:6789 error -101
[  360.210712][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  360.242332][T14651] team0: Port device team_slave_0 added
[  360.247806][T14651] team0: Port device team_slave_1 added
[  360.367834][T14651] batman_adv: batadv0: Adding interface: batadv_slave_0
[  360.370711][T14651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  360.386873][T14651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  360.393182][T14651] batman_adv: batadv0: Adding interface: batadv_slave_1
[  360.402279][T14651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  360.415728][T14651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  360.464923][   T24] libceph: connect (1)[c::]:6789 error -101
[  360.467410][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  360.503867][T14651] hsr_slave_0: entered promiscuous mode
[  360.507783][T14651] hsr_slave_1: entered promiscuous mode
[  360.510615][T14651] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  360.512999][T14651] Cannot create hsr debugfs directory
[  360.669350][T14651] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  360.673464][T14651] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  360.677917][T14651] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  360.684155][T14651] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  360.701780][T14651] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.704005][T14651] bridge0: port 2(bridge_slave_1) entered forwarding state
[  360.706377][T14651] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.708513][T14651] bridge0: port 1(bridge_slave_0) entered forwarding state
[  360.753137][T14651] 8021q: adding VLAN 0 to HW filter on device bond0
[  360.763021][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.767485][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  360.784078][T14651] 8021q: adding VLAN 0 to HW filter on device team0
[  360.795331][   T79] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.798230][   T79] bridge0: port 1(bridge_slave_0) entered forwarding state
[  360.806126][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.808520][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  360.911466][T14651] 8021q: adding VLAN 0 to HW filter on device batadv0
[  360.959744][T14668] ceph: No mds server is up or the cluster is laggy
[  361.046389][T14651] veth0_vlan: entered promiscuous mode
[  361.057937][T14651] veth1_vlan: entered promiscuous mode
[  361.073629][T14651] veth0_macvtap: entered promiscuous mode
[  361.083881][T14651] veth1_macvtap: entered promiscuous mode
[  361.092955][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  361.096866][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.100059][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  361.103352][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.107540][T14651] batman_adv: batadv0: Interface activated: batadv_slave_0
[  361.112890][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  361.117033][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.120194][T14651] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  361.123405][T14651] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  361.129025][T14651] batman_adv: batadv0: Interface activated: batadv_slave_1
[  361.144105][T14651] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  361.147699][T14651] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  361.150449][T14651] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  361.153141][T14651] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  361.161092][T14705] wg1: entered promiscuous mode
[  361.162688][T14705] wg1: entered allmulticast mode
[  361.254288][   T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  361.264379][   T95] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  361.264809][   T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  361.269917][   T95] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  361.425950][T14702] xt_CT: No such helper "syz1"
[  361.695055][ T5943] Bluetooth: hci1: command tx timeout
[  361.920552][   T65] libceph: connect (1)[c::]:6789 error -101
[  361.923240][   T65] libceph: mon0 (1)[c::]:6789 connect error
[  362.184956][   T65] libceph: connect (1)[c::]:6789 error -101
[  362.187648][   T65] libceph: mon0 (1)[c::]:6789 connect error
[  362.240816][T14653] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  362.246486][T14653] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  362.249332][T14653] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  362.252487][T14653] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  362.262418][T14653] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  362.306030][T14732] lo speed is unknown, defaulting to 1000
[  362.406323][T14732] chnl_net:caif_netlink_parms(): no params data found
[  362.509425][T14732] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.511794][T14732] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.514264][T14732] bridge_slave_0: entered allmulticast mode
[  362.518046][T14732] bridge_slave_0: entered promiscuous mode
[  362.522008][T14732] bridge0: port 2(bridge_slave_1) entered blocking state
[  362.525066][T14732] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.528025][T14732] bridge_slave_1: entered allmulticast mode
[  362.531762][T14732] bridge_slave_1: entered promiscuous mode
[  362.563186][T14732] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  362.567788][T14732] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  362.602827][T14723] ceph: No mds server is up or the cluster is laggy
[  362.605821][T14732] team0: Port device team_slave_0 added
[  362.622418][T14732] team0: Port device team_slave_1 added
[  362.634833][   T65] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  362.673537][T14732] batman_adv: batadv0: Adding interface: batadv_slave_0
[  362.676406][T14732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  362.684677][T14732] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  362.689012][T14732] batman_adv: batadv0: Adding interface: batadv_slave_1
[  362.691185][T14732] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  362.699368][T14732] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  362.761581][T14732] hsr_slave_0: entered promiscuous mode
[  362.763811][T14732] hsr_slave_1: entered promiscuous mode
[  362.766761][T14732] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  362.769106][T14732] Cannot create hsr debugfs directory
[  362.786262][   T65] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  362.789429][   T65] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  362.792908][   T65] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  362.796220][   T65] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  362.803013][   T65] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 8.42
[  362.809523][   T65] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  362.812697][   T65] usb 9-1: Manufacturer: syz
[  362.817277][   T65] usb 9-1: config 0 descriptor??
[  363.026626][T14753] FAULT_INJECTION: forcing a failure.
[  363.026626][T14753] name failslab, interval 1, probability 0, space 0, times 0
[  363.030605][T14753] CPU: 2 UID: 0 PID: 14753 Comm: syz.3.2299 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  363.030619][T14753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  363.030625][T14753] Call Trace:
[  363.030629][T14753]  <TASK>
[  363.030633][T14753]  dump_stack_lvl+0x16c/0x1f0
[  363.030649][T14753]  should_fail_ex+0x512/0x640
[  363.030665][T14753]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  363.030679][T14753]  should_failslab+0xc2/0x120
[  363.030692][T14753]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  363.030704][T14753]  ? media_pipeline_add_pad+0x658/0x990
[  363.030723][T14753]  krealloc_noprof+0x1fb/0x380
[  363.030733][T14753]  ? kasan_save_track+0x14/0x30
[  363.030745][T14753]  media_pipeline_add_pad+0x658/0x990
[  363.030762][T14753]  __media_pipeline_start+0x2e8/0x2030
[  363.030771][T14753]  ? kasan_save_free_info+0x3b/0x60
[  363.030786][T14753]  ? __pfx___mutex_lock+0x10/0x10
[  363.030802][T14753]  ? __pfx___media_pipeline_start+0x10/0x10
[  363.030813][T14753]  ? rcu_is_watching+0x12/0xc0
[  363.030826][T14753]  media_pipeline_start+0x49/0x70
[  363.030835][T14753]  video_device_pipeline_start+0x79/0xa0
[  363.030847][T14753]  vimc_capture_start_streaming+0x7d/0x130
[  363.030858][T14753]  ? __pfx_vimc_capture_start_streaming+0x10/0x10
[  363.030869][T14753]  vb2_start_streaming+0x15f/0x5a0
[  363.030884][T14753]  ? __bitmap_weight+0xd7/0x110
[  363.030896][T14753]  vb2_core_streamon+0x2a7/0x450
[  363.030912][T14753]  vb2_ioctl_streamon+0xf4/0x170
[  363.030928][T14753]  __video_do_ioctl+0xb3d/0xfc0
[  363.030942][T14753]  ? __might_fault+0xe3/0x190
[  363.030953][T14753]  ? __pfx___video_do_ioctl+0x10/0x10
[  363.030969][T14753]  video_usercopy+0x47c/0x1440
[  363.030982][T14753]  ? __pfx___video_do_ioctl+0x10/0x10
[  363.030994][T14753]  ? __pfx_video_usercopy+0x10/0x10
[  363.031011][T14753]  ? hook_file_ioctl_common+0x145/0x410
[  363.031026][T14753]  v4l2_ioctl+0x1ba/0x250
[  363.031036][T14753]  ? fput+0x71/0xf0
[  363.031049][T14753]  v4l2_compat_ioctl32+0x214/0x2c0
[  363.031059][T14753]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  363.031069][T14753]  __ia32_compat_sys_ioctl+0x24c/0x360
[  363.031085][T14753]  __do_fast_syscall_32+0x73/0x120
[  363.031099][T14753]  do_fast_syscall_32+0x32/0x80
[  363.031113][T14753]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  363.031125][T14753] RIP: 0023:0xf7f22579
[  363.031133][T14753] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  363.031142][T14753] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  363.031152][T14753] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040045612
[  363.031158][T14753] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  363.031164][T14753] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  363.031169][T14753] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  363.031175][T14753] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  363.031187][T14753]  </TASK>
[  363.084881][   T65] rc_core: IR keymap rc-hauppauge not found
[  363.120070][T14756] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  363.121066][   T65] Registered IR keymap rc-empty
[  363.142313][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.164692][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.187206][   T65] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0
[  363.192354][   T65] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input11
[  363.199097][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.215150][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.234787][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.264712][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.294833][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.314875][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.341567][T14732] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  363.344798][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.345715][T14732] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  363.351618][T14732] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  363.360628][T14732] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  363.364708][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.385061][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.399658][T14732] 8021q: adding VLAN 0 to HW filter on device bond0
[  363.404696][   T65] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  363.419435][T14732] 8021q: adding VLAN 0 to HW filter on device team0
[  363.427203][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  363.429460][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  363.435334][   T95] bridge0: port 2(bridge_slave_1) entered blocking state
[  363.436451][   T65] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  363.438206][   T95] bridge0: port 2(bridge_slave_1) entered forwarding state
[  363.441124][   T65] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  363.449460][   T65] usb 9-1: USB disconnect, device number 2
[  363.566385][T14732] 8021q: adding VLAN 0 to HW filter on device batadv0
[  363.591001][T14732] veth0_vlan: entered promiscuous mode
[  363.607487][T14732] veth1_vlan: entered promiscuous mode
[  363.621487][T14732] veth0_macvtap: entered promiscuous mode
[  363.626168][T14732] veth1_macvtap: entered promiscuous mode
[  363.633963][T14732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.637680][T14732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.640704][T14732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.644022][T14732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.648981][T14732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.652322][T14732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.656290][T14732] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.662168][T14732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.668331][T14732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.671927][T14732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.676685][T14732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.679556][T14732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.684080][T14732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.689049][T14732] batman_adv: batadv0: Interface activated: batadv_slave_1
[  363.694104][T14779] FAULT_INJECTION: forcing a failure.
[  363.694104][T14779] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  363.696109][  T836] libceph: connect (1)[c::]:6789 error -101
[  363.696724][T14732] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.696741][T14732] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.696755][T14732] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.696768][T14732] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.698949][T14779] CPU: 1 UID: 0 PID: 14779 Comm: syz.2.2304 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  363.698963][T14779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  363.698970][T14779] Call Trace:
[  363.698973][T14779]  <TASK>
[  363.698977][T14779]  dump_stack_lvl+0x16c/0x1f0
[  363.698994][T14779]  should_fail_ex+0x512/0x640
[  363.699022][T14779]  _copy_from_user+0x2e/0xd0
[  363.699038][T14779]  get_compat_msghdr+0xa7/0x170
[  363.699050][T14779]  ? __pfx_get_compat_msghdr+0x10/0x10
[  363.699061][T14779]  ? __lock_acquire+0x5ca/0x1ba0
[  363.699077][T14779]  ___sys_recvmsg+0x191/0x1a0
[  363.699088][T14779]  ? __pfx____sys_recvmsg+0x10/0x10
[  363.699105][T14779]  ? get_pid_task+0xb0/0x250
[  363.699119][T14779]  ? __pfx___might_resched+0x10/0x10
[  363.699132][T14779]  do_recvmmsg+0x568/0x740
[  363.699150][T14779]  ? __pfx_do_recvmmsg+0x10/0x10
[  363.699170][T14779]  ? __fget_files+0x20e/0x3c0
[  363.699187][T14779]  __sys_recvmmsg+0x21c/0x280
[  363.699198][T14779]  ? __pfx___sys_recvmmsg+0x10/0x10
[  363.699210][T14779]  ? __pfx_ksys_write+0x10/0x10
[  363.699221][T14779]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  363.699232][T14779]  ? lockdep_hardirqs_on+0x7c/0x110
[  363.699244][T14779]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  363.699258][T14779]  __do_fast_syscall_32+0x73/0x120
[  363.699272][T14779]  do_fast_syscall_32+0x32/0x80
[  363.699285][T14779]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  363.699298][T14779] RIP: 0023:0xf70fe579
[  363.699306][T14779] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  363.699315][T14779] RSP: 002b:00000000f50cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  363.699325][T14779] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000f40
[  363.699331][T14779] RDX: 00000000000007e4 RSI: 0000000000000002 RDI: 0000000000000000
[  363.699336][T14779] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  363.699342][T14779] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  363.699347][T14779] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  363.699360][T14779]  </TASK>
[  363.774682][ T5943] Bluetooth: hci1: command tx timeout
[  363.776901][  T836] libceph: mon0 (1)[c::]:6789 connect error
[  363.821420][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.825236][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.839877][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.843584][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.982094][T14790] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2307'.
[  364.045480][  T836] libceph: connect (1)[c::]:6789 error -101
[  364.047548][  T836] libceph: mon0 (1)[c::]:6789 connect error
[  364.287058][T14794] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2308'.
[  364.326812][T14796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2309'.
[  364.334696][ T5943] Bluetooth: hci2: command tx timeout
[  364.554871][  T836] libceph: connect (1)[c::]:6789 error -101
[  364.556828][  T836] libceph: mon0 (1)[c::]:6789 connect error
[  364.582760][T14778] ceph: No mds server is up or the cluster is laggy
[  364.669613][T14813] lo speed is unknown, defaulting to 1000
[  365.398842][T14825] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2317'.
[  365.855274][ T5943] Bluetooth: hci1: command tx timeout
[  365.897416][T14836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  365.900697][T14836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  365.903693][T14836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  365.907048][T14836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  365.910046][T14836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  365.913223][T14836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  365.916431][T14836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  365.920139][T14836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.132802][  T836] libceph: connect (1)[c::]:6789 error -101
[  366.135742][  T836] libceph: mon0 (1)[c::]:6789 connect error
[  366.395013][ T5942] libceph: connect (1)[c::]:6789 error -101
[  366.397296][ T5942] libceph: mon0 (1)[c::]:6789 connect error
[  366.425186][ T5943] Bluetooth: hci2: command tx timeout
[  366.485438][T14829] ==================================================================
[  366.488096][T14829] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x132/0x320
[  366.490478][T14829] Write of size 4064 at addr ffffc90007eb9020 by task syz.1.2318/14829
[  366.493986][T14829] 
[  366.494979][T14829] CPU: 3 UID: 0 PID: 14829 Comm: syz.1.2318 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  366.494994][T14829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  366.495001][T14829] Call Trace:
[  366.495005][T14829]  <TASK>
[  366.495009][T14829]  dump_stack_lvl+0x116/0x1f0
[  366.495024][T14829]  print_report+0xc3/0x670
[  366.495036][T14829]  ? __virt_addr_valid+0x5e/0x590
[  366.495051][T14829]  ? vrealloc_noprof+0x132/0x320
[  366.495059][T14829]  kasan_report+0xe0/0x110
[  366.495070][T14829]  ? vrealloc_noprof+0x132/0x320
[  366.495080][T14829]  kasan_check_range+0xef/0x1a0
[  366.495093][T14829]  __asan_memset+0x23/0x50
[  366.495114][T14829]  vrealloc_noprof+0x132/0x320
[  366.495123][T14829]  push_insn_history+0x2ae/0x6c0
[  366.495135][T14829]  do_check_common+0xbd3/0xc2a0
[  366.495151][T14829]  ? __pfx_do_check_common+0x10/0x10
[  366.495160][T14829]  ? lockdep_hardirqs_on+0x7c/0x110
[  366.495173][T14829]  ? kfree+0x2b6/0x4d0
[  366.495187][T14829]  ? bpf_check+0x6c86/0xb460
[  366.495196][T14829]  ? bpf_check+0x7b2f/0xb460
[  366.495207][T14829]  bpf_check+0x7f51/0xb460
[  366.495221][T14829]  ? __pfx_bpf_check+0x10/0x10
[  366.495230][T14829]  ? pcpu_alloc_noprof+0x949/0x1470
[  366.495243][T14829]  ? __lock_acquire+0xaa4/0x1ba0
[  366.495259][T14829]  ? find_held_lock+0x2b/0x80
[  366.495269][T14829]  ? __asan_memset+0x23/0x50
[  366.495284][T14829]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  366.495297][T14829]  bpf_prog_load+0xe41/0x2490
[  366.495311][T14829]  ? __pfx_bpf_prog_load+0x10/0x10
[  366.495323][T14829]  ? __pfx___futex_wait+0x10/0x10
[  366.495340][T14829]  ? bpf_lsm_bpf+0x9/0x10
[  366.495351][T14829]  __sys_bpf+0x433c/0x4d80
[  366.495364][T14829]  ? __pfx___sys_bpf+0x10/0x10
[  366.495378][T14829]  ? lock_acquire+0x179/0x350
[  366.495390][T14829]  ? do_futex+0x122/0x350
[  366.495400][T14829]  ? __pfx_do_futex+0x10/0x10
[  366.495412][T14829]  ? xfd_validate_state+0x5d/0x180
[  366.495428][T14829]  ? rcu_is_watching+0x12/0xc0
[  366.495438][T14829]  __ia32_sys_bpf+0x76/0xe0
[  366.495452][T14829]  __do_fast_syscall_32+0x73/0x120
[  366.495465][T14829]  do_fast_syscall_32+0x32/0x80
[  366.495478][T14829]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  366.495491][T14829] RIP: 0023:0xf7fb3579
[  366.495499][T14829] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  366.495509][T14829] RSP: 002b:00000000f509455c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  366.495518][T14829] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0
[  366.495525][T14829] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  366.495530][T14829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  366.495536][T14829] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  366.495541][T14829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  366.495550][T14829]  </TASK>
[  366.495553][T14829] 
[  366.594164][T14829] The buggy address belongs to the virtual mapping at
[  366.594164][T14829]  [ffffc90007e99000, ffffc90007ebb000) created by:
[  366.594164][T14829]  kvrealloc_noprof+0x7d/0xd0
[  366.599582][T14829] 
[  366.600353][T14829] The buggy address belongs to the physical page:
[  366.602347][T14829] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x77a4 pfn:0x599ea
[  366.605117][T14829] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  366.607341][T14829] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  366.609991][T14829] raw: 00000000000077a4 0000000000000000 00000001ffffffff 0000000000000000
[  366.612636][T14829] page dumped because: kasan: bad access detected
[  366.614614][T14829] page_owner tracks the page as allocated
[  366.616485][T14829] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 14829, tgid 14826 (syz.1.2318), ts 366485306632, free_ts 366111079736
[  366.621791][T14829]  post_alloc_hook+0x181/0x1b0
[  366.623292][T14829]  get_page_from_freelist+0x135c/0x3920
[  366.625021][T14829]  __alloc_frozen_pages_noprof+0x5a8/0x23a0
[  366.626869][T14829]  alloc_pages_mpol+0x1fb/0x550
[  366.628405][T14829]  alloc_pages_noprof+0x131/0x390
[  366.629984][T14829]  __vmalloc_node_range_noprof+0x732/0x1540
[  366.631829][T14829]  __kvmalloc_node_noprof+0x2ff/0x600
[  366.633517][T14829]  kvrealloc_noprof+0x7d/0xd0
[  366.634994][T14829]  push_insn_history+0x2ae/0x6c0
[  366.636555][T14829]  do_check_common+0xbd3/0xc2a0
[  366.638078][T14829]  bpf_check+0x7f51/0xb460
[  366.639506][T14829]  bpf_prog_load+0xe41/0x2490
[  366.641011][T14829]  __sys_bpf+0x433c/0x4d80
[  366.642397][T14829]  __ia32_sys_bpf+0x76/0xe0
[  366.643825][T14829]  __do_fast_syscall_32+0x73/0x120
[  366.645475][T14829]  do_fast_syscall_32+0x32/0x80
[  366.647000][T14829] page last free pid 14837 tgid 14837 stack trace:
[  366.649037][T14829]  free_unref_folios+0x999/0x1630
[  366.650614][T14829]  shrink_folio_list+0x3255/0x40e0
[  366.652222][T14829]  evict_folios+0x779/0x1b60
[  366.653700][T14829]  try_to_shrink_lruvec+0x5a3/0x990
[  366.655323][T14829]  shrink_one+0x3e3/0x7a0
[  366.656694][T14829]  shrink_node+0x268e/0x3d20
[  366.658144][T14829]  do_try_to_free_pages+0x362/0x1920
[  366.659804][T14829]  try_to_free_pages+0x2a1/0x690
[  366.661384][T14829]  __alloc_frozen_pages_noprof+0x9fb/0x23a0
[  366.663226][T14829]  alloc_pages_mpol+0x1fb/0x550
[  366.664758][T14829]  alloc_pages_noprof+0x131/0x390
[  366.666356][T14829]  get_free_pages_noprof+0xc/0x40
[  366.667932][T14829]  kasan_populate_vmalloc_pte+0x2d/0x160
[  366.669708][T14829]  __apply_to_page_range+0x617/0xd60
[  366.671368][T14829]  alloc_vmap_area+0x919/0x2970
[  366.673177][T14829]  __get_vm_area_node+0x1a7/0x300
[  366.675197][T14829] 
[  366.676107][T14829] Memory state around the buggy address:
[  366.678219][T14829]  ffffc90007eb8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  366.680794][T14829]  ffffc90007eb8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  366.683270][T14829] >ffffc90007eb9000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  366.685702][T14829]                                ^
[  366.687295][T14829]  ffffc90007eb9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  366.689776][T14829]  ffffc90007eb9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  366.692246][T14829] ==================================================================
[  366.694789][    C3] vkms_vblank_simulate: vblank timer overrun
[  366.705326][T14829] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  366.707589][T14829] CPU: 3 UID: 0 PID: 14829 Comm: syz.1.2318 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[  366.711349][T14829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  366.714671][T14829] Call Trace:
[  366.715731][T14829]  <TASK>
[  366.716707][T14829]  dump_stack_lvl+0x3d/0x1f0
[  366.718168][T14829]  panic+0x71c/0x800
[  366.719430][T14829]  ? __pfx_panic+0x10/0x10
[  366.720846][T14829]  ? rcu_is_watching+0x12/0xc0
[  366.722369][T14829]  ? preempt_schedule_thunk+0x16/0x30
[  366.724056][T14829]  ? vrealloc_noprof+0x132/0x320
[  366.725614][T14829]  ? preempt_schedule_common+0x44/0xc0
[  366.727316][T14829]  ? vrealloc_noprof+0x132/0x320
[  366.728881][T14829]  check_panic_on_warn+0xab/0xb0
[  366.730445][T14829]  end_report+0x107/0x170
[  366.731809][T14829]  kasan_report+0xee/0x110
[  366.733227][T14829]  ? vrealloc_noprof+0x132/0x320
[  366.734783][T14829]  kasan_check_range+0xef/0x1a0
[  366.736326][T14829]  __asan_memset+0x23/0x50
[  366.737736][T14829]  vrealloc_noprof+0x132/0x320
[  366.739250][T14829]  push_insn_history+0x2ae/0x6c0
[  366.740813][T14829]  do_check_common+0xbd3/0xc2a0
[  366.742359][T14829]  ? __pfx_do_check_common+0x10/0x10
[  366.744018][T14829]  ? lockdep_hardirqs_on+0x7c/0x110
[  366.745649][T14829]  ? kfree+0x2b6/0x4d0
[  366.746938][T14829]  ? bpf_check+0x6c86/0xb460
[  366.748402][T14829]  ? bpf_check+0x7b2f/0xb460
[  366.750129][T14829]  bpf_check+0x7f51/0xb460
[  366.751926][T14829]  ? __pfx_bpf_check+0x10/0x10
[  366.753457][T14829]  ? pcpu_alloc_noprof+0x949/0x1470
[  366.755086][T14829]  ? __lock_acquire+0xaa4/0x1ba0
[  366.756662][T14829]  ? find_held_lock+0x2b/0x80
[  366.758145][T14829]  ? __asan_memset+0x23/0x50
[  366.759607][T14829]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  366.761207][T14829]  bpf_prog_load+0xe41/0x2490
[  366.762688][T14829]  ? __pfx_bpf_prog_load+0x10/0x10
[  366.764298][T14829]  ? __pfx___futex_wait+0x10/0x10
[  366.765879][T14829]  ? bpf_lsm_bpf+0x9/0x10
[  366.767223][T14829]  __sys_bpf+0x433c/0x4d80
[  366.768616][T14829]  ? __pfx___sys_bpf+0x10/0x10
[  366.770122][T14829]  ? lock_acquire+0x179/0x350
[  366.771606][T14829]  ? do_futex+0x122/0x350
[  366.772982][T14829]  ? __pfx_do_futex+0x10/0x10
[  366.774469][T14829]  ? xfd_validate_state+0x5d/0x180
[  366.776082][T14829]  ? rcu_is_watching+0x12/0xc0
[  366.777583][T14829]  __ia32_sys_bpf+0x76/0xe0
[  366.779035][T14829]  __do_fast_syscall_32+0x73/0x120
[  366.780650][T14829]  do_fast_syscall_32+0x32/0x80
[  366.782188][T14829]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  366.784552][T14829] RIP: 0023:0xf7fb3579
[  366.785946][T14829] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  366.792735][T14829] RSP: 002b:00000000f509455c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  366.795299][T14829] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0
[  366.797750][T14829] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  366.800204][T14829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  366.802646][T14829] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  366.805156][T14829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  366.807580][T14829]  </TASK>
[  366.809096][T14829] Kernel Offset: disabled
[  366.810458][T14829] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:51:33  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=1ffff920008ffed6 RCX=0000000000000000 RDX=dffffc0000000000
RSI=ffffffff8dccba91 RDI=ffffffff8bf467e0 RBP=ffff88802b239f18 RSP=ffffc900047ff640
R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000
R12=ffff8880247c8000 R13=0000000000000010 R14=ffff88802321a440 R15=0000000000000046
RIP=ffffffff8b690b95 RFL=00000096 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977ed000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2d4ae3 CR3=000000005b968000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000006 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a800000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000001849711 RBX=0000000000000001 RCX=ffffffff8b6903e9 RDX=0000000000000000
RSI=ffffffff8dbdad83 RDI=ffffffff8bf467e0 RBP=ffffed1003b55488 RSP=ffffc9000046fdf8
R8 =0000000000000001 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000000000
R12=0000000000000001 R13=ffff88801daaa440 R14=ffffffff90851a10 R15=0000000000000000
RIP=ffffffff8b68ec7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978ed000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f507cda4 CR3=000000005b968000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000006 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a800000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000001 RBX=ffff88802b541460 RCX=ffffffff81ae9e69 RDX=ffff888044df8000
RSI=ffffffff81ae9e43 RDI=0000000000000000 RBP=0000000000000003 RSP=ffffc900013aefe0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed10056a828d R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b43b180
RIP=ffffffff81ae9e62 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979ed000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7fc55c0 CR3=000000007843d000 CR4=00352ef0
DR0=0000000000000007 DR1=0000000000000002 DR2=0000000000000008 DR3=0000000000000c86 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854bf835 RDI=ffffffff9addebc0 RBP=ffffffff9addeb80 RSP=ffffc90007b8ef00
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000074697257
R12=0000000000000000 R13=0000000000000038 R14=ffffffff9addeb80 R15=ffffffff854bf7d0
RIP=ffffffff854bf85f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097aed000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f50cdda4 CR3=0000000063fd3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000006 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fc01c73620e10f6a 3908285ee5dd75f3
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7d0ed1c4917ff123 a032431973d27caa
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 97274ea75b5d9f7f 9b49150fc13e0f01
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f5497b866d54971 cbfb339eafba3149
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000007680
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 95bc0000b36a0000 00dedd49f966459c
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a7e0000c3130000 0100000013a23b6d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4400000000ded483 00ded35000decd8d
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 87e1b3d200def7dc e34722c100decd74
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f1b9de2e6abffd09 fdda87d36fcf5e47
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9217b65c2169e8a0 e06490aa691c250f
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000