last executing test programs:

4.572497779s ago: executing program 0 (id=2711):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x749381, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x40046109, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)

4.482075511s ago: executing program 1 (id=2714):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x60, &(0x7f00000000c0)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x6}}, @NFT_MSG_NEWTABLE={0x24, 0x0, 0xa, 0x206, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_FLAGS={0x8}]}, @NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x0, 0x0, 0x0, {0x2, 0x0, 0x2}}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0xa0, 0x2, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_USERDATA={0x44, 0x6, "13b09305f011e93726f322ebab9ee0976f480cff24c5d9f334b230abcdbbd33ab340bb00f248d11ab48d6327c30ce39d28bc53619ac508080b6711da64575c12"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_USERDATA={0xe, 0x6, "26289d5011d097541fa7"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x5}}, @NFT_MSG_DELFLOWTABLE={0x38, 0x18, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x180}, 0x1, 0x0, 0x0, 0x40090}, 0x20000000)

4.349108352s ago: executing program 1 (id=2715):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x3, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000004000000000000018110000", @ANYRESOCT, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(0xffffffffffffffff, r2, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f00000001c0)="d32fed3f3378a73bcbad3e35eb501ba1d912dff75924077acf6ea4d25ddf4f0f", 0x20}, {&(0x7f0000000440)="0aaadd926ea5ce37ed71fd6515dcc8589f086c5b7996ab01b6c2dcbafe2b3a9658a96fecd3a81804184055754163ed161be6e7b2c6b6f22dcbeb259677c3863711810c5337531f8b32622f23167d7ead7244579ae6f825556ef113bd2c49c48ba93b4062f84448360778815c9e9690a6e8e87073dee4b6cf2a67f1b6bb6155a1230b806f0c7f6920a91f87c18419ed1e1bf4af461f8913d6549272d09ac38d2f2279fd6400a0fd3366cb62047b278e78507536", 0xb3}, {&(0x7f0000000500)="978e4f472a7d4497478ef8dada008f332c6b1b190ceb0f8dc1c02510c836bfe0b8bdbecfc7747375a2d30109b3c09703c7a2ea38735f6c4012006bc2968071fa73dc406d4f43f7ebd6e5534d4ec9f4811aff10763af3e28a2725d6a975ee8fdf104b036d74fbdeeddc5382e116b17eb50c4c4752717d51eed430df5540dc56e6151c9a19eabbd05b801ebced905a771c1669a860dec1d3ddcf9939f3694ddc31203df292e2", 0xa5}], 0x3, 0x8, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000001340)="0e9849f1332c3a4f7cd80c990e6bb6b5979749a4fbaef24bc5bcc03ac73ad01da6441277f5ac3b4d0ab075522859b01dff8f24e16cd420439da93470adbb7411843f018e01848aec434d0395f241ae92"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000180)={0x0, 0x0})

4.190586399s ago: executing program 2 (id=2719):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000000)=0x1)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
write$evdev(r2, &(0x7f0000000100)=[{{}, 0x12, 0x4, 0x77}], 0x18)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001a80)={0x4, 0x0, &(0x7f0000001900)=[@enter_looper], 0x1, 0x0, &(0x7f0000000040)="a1"})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setxattr$security_ima(&(0x7f0000000200)='./file0/../file0/file0\x00', &(0x7f0000000280), &(0x7f0000000400)=ANY=[@ANYBLOB], 0xf, 0x2)
read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0xffffffffffffffda, r3}, 0x50)

3.89067318s ago: executing program 2 (id=2720):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000380)='source\xcf\x87\x86\x1bY\x0f\xde\xd6\xcd\xc0\x01\xd3\x19>K\x04\xfe\x86YG\xa5\x0f\xed\xa0\x9f\x1e\x14R\x9e\x04\xfa\xed\xd0TG&\x88\xeaz\x9aD\xf8Tt\x8c\x00{\x1fm\xfe\x9c\xf6_h\x9e\xfc\'', &(0x7f00000001c0)='sou\x01ce', 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'geneve0\x00'})
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f0000000340)={{0x2, 0x0, @broadcast}, {0x0, @link_local}, 0xa, {0x2, 0x800, @multicast2}, 'wg0\x00'})
r7 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r7, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e2a, @broadcast}, {0x0, @remote}, 0x4a, {}, 'veth1_to_bridge\x00'})
r8 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x141000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r9, 0xc1105511, &(0x7f0000000140)={0xa, 0x0, 0x1, 0x0, 'syz0\x00'})
madvise(&(0x7f0000cd0000/0x4000)=nil, 0xffffffffdf32ffff, 0x16)
tkill(r8, 0xb)
r10 = socket$netlink(0x10, 0x3, 0x400000000000004)
open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x9100)
sendmsg$TCPDIAG_GETSOCK(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x50, 0x12, 0x101, 0x70bd27, 0x25dfdbfe, {0x11, 0x4, 0x9, 0x5, {0x4e23, 0x4e22, [0x1000, 0xc8000000, 0xaf, 0x200], [0x8, 0x1, 0x7bf, 0x400], 0x0, [0x3, 0xe1c]}, 0x5, 0xea18}, [@INET_DIAG_REQ_BYTECODE={0x1c}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

3.395902389s ago: executing program 0 (id=2721):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000400)={'team0\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, &(0x7f0000000340)=<r6=>0x0, 0x0)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r7, 0x26, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r8 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00')
read$char_usb(r8, &(0x7f0000000000)=""/178, 0xb2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, 0x0, 0x0, 0x4)
ioctl$LOOP_CHANGE_FD(r8, 0x4c06, r5)
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)={@map, 0xffffffffffffffff, 0x5, 0x0, 0x0, @void, @value}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x300, &(0x7f0000000580)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x311}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r1}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x8044)
openat$cdrom(0xffffff9c, &(0x7f00000002c0), 0x800, 0x0)

3.395033437s ago: executing program 1 (id=2722):
r0 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$link(0x8, 0x0, r0) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x2c, 0x3, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x804)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r1 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x4000010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff})
sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0x5b, 0x0}}], 0x800000000000214, 0x20000001) (async)
openat$nullb(0xffffff9c, &(0x7f00000000c0), 0x224400, 0x0) (async)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$packet(0x11, 0x3, 0x300) (async)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0) (async)
io_setup(0x30, &(0x7f0000000600)=<r6=>0x0) (async)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4000)
r8 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000300), 0x101002) (async)
dup3(r7, r5, 0x80000)
io_submit(r6, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r8, &(0x7f00000000c0)="01", 0x24}])
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)

3.200365668s ago: executing program 1 (id=2724):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000002f00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10, 0x0}}], 0x1, 0x20004000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x2000, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="07000000400081001fff02000000200001801400040000000000000000000000ffffac1414aa060001000a"], 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x24000800)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
prctl$PR_SET_NAME(0xf, &(0x7f0000000240)=')-/\x00')
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x81, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, r5, 0x7}, 0x14}}, 0x0)

2.899663886s ago: executing program 2 (id=2726):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
pwrite64(r0, &(0x7f0000000080)="7c20fc4593ce36c91cb772f20d6f2a5b53f0c066c3", 0x15, 0xd084)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x8, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001000)={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mmap(&(0x7f00005b1000/0x4000)=nil, 0x4000, 0x0, 0x21011, r2, 0x0)
syz_clone(0xa0000280, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = memfd_create(&(0x7f00000005c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18', 0x0)
ioctl$FS_IOC_RESVSP(r3, 0x402c5828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100})
ftruncate(r3, 0x3)
lseek(r3, 0x0, 0x3)
r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r4, &(0x7f0000000540)="0b8393b6167aa5d73dad0a66a7c9277d481343d806b77c2ca991d28a336cca04457118d40ecc80b9e740666d460730b94c5c", 0x32)
write$qrtrtun(r4, &(0x7f0000000780)="9d8dfa5e53b6183d874f9e93a18dd009a09582ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315424fa0a1622da79faba797889083", 0x4e)
write$UHID_INPUT(r4, &(0x7f0000001300)={0x8, {"af0014920c989bde943127351c7e048fe805d44569c987d51286ac5e80b0961cfe3629729c82e28c53b31e3ecbb8722bff9c0906027d5cb6fbd929cb4b5e657cc88a443809e6a720828c27b6519e7c18904d67528373733934aa5240afd60544d489e1ec3779ac45095c12c6c5f13c086306dfbbd31926b74150ff2c87db2be1d995e9b3a16fb7360de12618b05d94c291acfcdab84c919de60133f54a0a18d2517c1d0de417ae39fec1c9fa306573205051a9880da1f213b9a27c22b72d42d92b7b260b41bcc1868a0404936774ea5209f02929ec3eef4298818ddb708de6c0e1fda05436037d7d4042d2de3adebc8a62f58ec6ccb4160435c4393ba913250b56ec2fce544a01a5a3ce4363fd497fb256910f31e9416f5b719d64f931bd6d71b54787841b3e49e01fe6ac9598ddb5ef1aeb3d1cabb75845d46806a494b6cf89ec9c8203b92dd0dadc5a3c02545cd005b5f26b7d2b848cb684cb58245d591472d5109e7fbe1175656d729fdd689af57802b33d7d53d427aa57eb0af7a63d9f73be83cd9c12bd06463083b4cc853aad416e9faf484fa069d3b7599b6fc6d94152811403201b91da2547ff6721b0ea237c37464b47b3b4f37384e50ba5773a63356991a5abef659e089cc95e5c3b6d8428115efcf9e89e2743b167d7b9824392d868c159fd1264bea8b9b8b26769d15a27df3af350e2a6e9e37b35c153bf980e8ad15de3b0f3add5f98eb2cbc03eeb2b04e6fb032991d7a88b14c7d2cf2959fc4ed27c4c93c13f5760d0803f10afb91effb45967b4793c58e4bc2e4348c93b4e59f1544a01e89530f6056cda3f972050ae79d9297af71cce0d82c764db2422967f05c9847715c66321e8ab0075a361e8fd78a956074945e687ec1ad01f8dfeb7f3ae2c25daff35617a5d752ad5b019689f10c789d0196f73011f5a4e002aebb676ccb2d8b92ff6c1eb60de10ed0d42f2d19fe96786938eca0fd09a3f16f7b52ef806183282c05ff9fccf96abd096b442c73c494c78c4161ce0599bf6e637664f5dbefa129e69a0d53525d77f871716052385649c1249a402a4a9ecadfd7182a4aba3fc48d76890dfe8a5442ff1b833b95fdb7ae5f052e5c18e9b0ad482ed80c4567f0d0645e6525e3390195b3a4314ab063ffca639d2b181efe15d5bb09e967900fd55ad9db7f6ba99268e0d7e2785c5b14f801b16b6fe9966bb3fa88352bc2ca79aa9a77ec5f9c271dcc62b6124a4d5ed1014fa6eb98521d4be4ca4323311d39e44002e71469326056d98af69fd42eed1dfec48d191587b35e2641abe8c80a2553b92cb43feea49505b5b5ca35dfaf06c693730033ebcad45b6b8026d4722b5c7e13d69269808f438816f77a7b1ed2d31ab44968657e70a51e8d98e520e3628014a09e55f36ca5c4c630d687b20e5a7bdfd6d43613fd3738c8ec1464561586987388885b7a424c949a3110e5de795ffdcf1ef43fb8b5b0364cdb0e9a62c1c6922f08125d456f0ee5d58fa670ff071a8d5b57c06efe30d960f9a67d3dd7dd6ec13c799f9b89d90593ba794c5c582f8bd583af0a59043a1da36cee8e2cc173610960e33300ec48cf7281887ffe66e7ec113a29ed339556d84d638ae9554bb20f2a7695da8bcad10e5f155fe5d54eb511087f7abb4a8ae9e78e233b1e079a44c9cdf2529ed3166c24f80a2bda3b2dfdd2e1c2f650cc35fccf8cb17c03681c6f379f535eeaf46caa1dd95f0b72ea6cf301f2d713844b36c7e90e052528f04a668e1dc5ed11e95bbb86268c712af3f6c77d538c9d3dafeceaacc7ba6b20d9266d75c7470d627725700bfd36a9faf5488532a0871a00e18466f3499e3e3270513168d05f52472045b8558d3fb7880805b6fe3a56b3df9eaea72d147f94ee09e763fcf66d0c71b708fb842bbe619eeeaf483fa717864ab435ca03503285591364727a3615582c80d2023897f7bfdda9b00d095ec11f42482f3851a9232ed09ec6733d54020a9e3b98cb3a014f094e9d968672632a30f967a6d2f00c64fb0aefbeb64510edca5496c9f69379f71412f08fe6afeeb604040a42f00290bc04a40f66f0b84c9c6d7e4d1bc213ed49142215b259be08a0a305c68cbec769ce195ea62b7a2ce632da0a98b469284fd7802bb8c47943ac1c8a7a2b0ee36ed45cde2d13cc00ecc11ca9516d9e917fa28d703566b8d5743c5aba0da662f0446768c6d0df6773d1b0c46dac6a6213aa7b5095a8bd9f34048394a8baac9ec65d740ad8acb8eb683702eaf509c30b547bf355561ca00841efdccd413295a430344d17d2d5f4f435d0a33fafe1b4f6826e9d91436b379cc46039551997e54692487562f65a406b769f2856d37c87a73e2e3738c9afdfa5e0f088bbd2799c7c722c23a7cc37266af557beecb9cc8340bc76ba85a147530f3a9bd8cfe82358c0d799f0687540d463e0f010d1e914f043027284292bf31af75301e27689910393e41f877832797dd7c184249e7b2ec0a79b0decb9a3eead5b3c82ac60fe1485829bf75b8af597b5fd9e47460ebb6d809733eb790027094b019ef2bfb76d75876a5e1e312e80e841c5e074c78b35be6a4070c99372dbb13dc27966a8d448b8e3225b11af907985f3142d41da70a682166814fce9e535cca37058bbb3a02894f6ada82c266e763f431d7e1926da2fc86805b02d6af712c82e7a36e667bd3091661be9cc0cdbd3b3cc690594cf8bac39dd9dac1f883cfb0e500759b0e5dc36721b3ed452addc26d39733a2d76d852d897298009dea9546bae66e9aac7f35277e025d440ca93fdec4bbd58970a130fc79056af96f81b0461ef0e16d4fb12014313438a4bb95b2f9cac98e24a713ed14b539ceddf55e90b6c000044a24be6597e2c5a397a772d7c493ad53a05d6076b584ee7c1615ee7f9de627ac9d7d0d4a12b5a080a9c4977da436704bc9eb9f1d25ba91498e4b575550a69aab83e9157a910c4b2907ea97bcc171dcb7ff6fa982dee16d5c5aaaf93fcc225a6c67c96e54ead190f9c6f949b8025988a46d29c86cf18623882d5aa996a3ece81881ba63e0e7d62b585a179631c7e22f924be7aad5699af389c6651c92848153007d9929683648c8a3fb102a50d9a3e9c83e6cabeae5f97d7faad7a803f8c6dbd9237fa4bec7b33db2cc4db5cd7b3baf1c4f4ddc1f16ec6484cbd1adecab06617045b2d5bac8d1bf97a37ed2780a967a678095a6849cabd87256dbe46f52c960ba8ead52e666a131abfb019d2ac7dd2b055bf91168322b23821a522d241f27a2e7ef892d589a0e55b606167e53b0725a089cae5ef65f02f8a2f32dedb370bf2dc34dac5218be294e755915b399cece7e5c3fa887909961a3d626e4a43bab7edd193a9bc0a7a764640943a635fec7722ff8b3add819b26b78c4e54ff970c15d6b27971cd135d288f081a66e792a8ee5b2d89d5945a99f4216ac21fd9a61e305b4a908f4cbe38e5ccd5eab65f5962877a570524809dffa4ca0ed90d505601d7d244273f20cc47feca7259bd1362e334be459e25a59d4873fc8ede03744c88599a5e5f2a6fb0ca08d085e40c8bd71a0777f7715153e71f4a67f6bb73bbbcd766a9dd4287671dcf6b7daacc4f4b81b32ea0d0381fc32807fe9393249e596d3d5ae4bc5a1cb3e48d63478679eb381fbe8cafd2c6890ba29c1af695f2597c6b472a163b7584dde7327933b9d5e88e0d77e3a3d526a619966dde7f82c7ab7a67a59ded2c880ee0e2f736f054b7d99cc68df48c28d76ab12762c85d07a1f3215d3d4ef2ebd65b0f7eacf62ec12997ccdada731992513263a06e063c27eccfdb3c9d1199136c1a2c3d6b5ea6b2e96c9aa6be3bfbda408b2779ad4eba91809a495c1b872e40d49b0acf4b19b4677e6ea8d07b9a621816c4c5f0e5aa364d4803567da0b2b646604563b31aaa298130576690cbab52bf1ddad7c64a7a416ceb36d6b3202f377ed003e8d74cabd4a6a7be18c95716022cc30c45157d6743785746cf8b0e21ec3208336ab0a43ad9c058fffa3021f84ca8b037dea55254ab944493ca03d025a4b42df3e5b830b81471cddf81fd14aed18e45cfed27b1ef015827942f833a0eee4cc0fcd57f0180f83f32e17d27e4784e42eb1a256404aa6e12f9daabddb907230b20693f3bc74723be6808d95c6463ef7bb6bc4a756fdc805ef4077303e5cd504e6c1754ee8303ee92b94808782984f75c0df49436d3859c092133b0545dac0d8f84fc95a1f0f38e4ecbe3f935d33e86b97bb11ca6f502a602bc7e05b4e6514ddc8ae4d8231874b350b32f96ff6cfbe03f1bf5a0fda73c15eca00afe85c026f5e34e699910ab16502b224b8f383a9a863ca351a1e87c17baadb3f7141aa1295a2a6be4d88d1347da9c356ba9b3bfcc678b58add1b224a0c9b7c3cc4c828abc56acd320e8a8ad22da90a0cf6ae40a471c150581da040297aed0e4889c5963bd8c1415acecbd932f9acda87315e3b2dade276b8324dc7d95141cdd8c4fba82c834a95f9efeb2c74c31e7fd32f96a6a68d9e9942c0bdc55bedd1617e47420877b9f640094a37ceea39656468215ebe789a277f585adc1cc0285b53e33afae1616b0806aeed78b6cc4da54e3bdfa3d49ead4e4fa3623f86a4dfa3042ed403684c62a5d148a30c99c24c3cf9a8858e02800e49e0eed84472a559c9f208f6c3310050e4c5948320b5b4eeefe583bb0bcc0bc01356e76e3465f66a7d0c56ca7abc069db5bd7ad20ec01307f391b5bc890b5034271ee31d5bd374a9422a08ce949667512c8d0bb60eb5d4d22fa0e2a5d172edc7b7386abe63222ef8fc5c676828a1441c5ed19ed5827b0d73d568efc51f46f65ea4f205ac26924d6a7f11477fe23049e0de65bd534c81756556c1cd8bc70b3ce71e4e13d44500773e0767bc735c98f0e1d06dc79e43b946a2faaf698e188cf5909e433edbc546beffcbdea76064ff9d5d56273ca05af42c541b896bc5a942665599c9a8f52db36dbd6d42e8f9bb3446df5f44e3971eb408d0c63381b4aa5997441e01a5eff9fa51d82b7d60d8c3ead784e50b562db074b19e855e8290896b808611c40ed7e0691f758103208900d69cd4c86310318d339eeb473b4bea27be94622560cf35416eea7333bb72110afe202dfcc55c755ed32ea9b4851378b554546b52ebd71b90828733ac3040daf1e3d23bfcadd20bb9248731ab11155aebd259b7e693ebad5d43e6a85f14ea317f31eca905634f9e8d5b1ff73dc5dbd2bbeef6c2965932c885969e00e1939685b472c097b4504c9e6f273e1038045e5ac4010ac232288b77de7d3433a143292f145465b6d1f9020aa4f8405bda4310059b82ad8fd41e698a7824456e11f44e577dc5d5a0eb93b98421a2867c3d40627f9061c1d5689205915c7a91da42348ad3bd12038d84175bddaee423b73c93aebf873c850ef44d66324a80ad0cf268998d71fac6988cb0b1879ebcb6c4c3bce2c45daf73db246bc55fb8221341ef760f5f5264113a437e03cbcf03bb276cdc4100138afc6a1eeb9d90e7f43ce8abbd8be6b9c5b54920f76f07d1557167292feb4c970da3f582d40c0661af8f043e01db8016e2600f655175fa7d705bda3a14d1733ccf6603b7f8709b71f2046211468460791330234fa21f417e6a68cdb1d4496808923a87d02f0ebfb09e102a7c9f7c870c082d6993d10e0de2dbe119ac811848661ab30ab8d7a528acf262bf7d21c2f235e5638be58171b61bed99ac3fef801562aabcf3feff77fe9498d09de3e9c3cf18914392433030595aa31d9c79abc29350a2a2a1d0c2f311246", 0x1000}}, 0x1006)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r6, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000040)=0x1000000, 0x4)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x30)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f000801}, 0x80)

2.899341844s ago: executing program 1 (id=2727):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r4, r3, &(0x7f000001f000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f00000001c0)="f22e268f426df30fc7f96626dcdf66baf80cb8f426338aef66bafc0c66ed0f79a9b6000000b9800000c00f3235002000000f300f206466bad104b0faee0f01c8b9a80800000f32", 0x47}], 0x1, 0x30, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x100000018})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r0, &(0x7f0000000000)={0xa0000001})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r1, {<r7=>0xffffffffffffffff, 0xffffffffffffffff}}, './file0\x00'})
mount$9p_xen(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x202000, &(0x7f0000000380)={'trans=xen,', {[{@cache_none}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/dev/kvm\x00'}}, {@euid_eq={'euid', 0x3d, r7}}, {@flag='async'}]}})
epoll_wait(r6, &(0x7f0000000340)=[{}], 0x1, 0x1000)
epoll_pwait(r6, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x0)

2.597045268s ago: executing program 3 (id=2728):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$video(0x0, 0x3ff, 0x0)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x8801, 0x0)
inotify_rm_watch(0xffffffffffffffff, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000140)={0x0, 0x1, 0x0, "ee471a55b5e2c266422ef07bbfd7a61e37466e060403bbd8115bd48970e86a02"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0xb, 0x0, 0x8, 0x0, 0x0, 0x2, 0x7c, 0x8, 0x9, 0x10}, {0x10000, 0x0, 0xc, 0x0, 0x2, 0x0, 0x7, 0x0, 0x5, 0x7, 0x14, 0x4}, {0x2000, 0xdddd0000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x4, 0xfc}, {0x5000, 0xd000, 0x0, 0xff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x2, 0x9, 0x0, 0xfc, 0x4, 0x0, 0x3, 0x0, 0x3c}, {0x0, 0xdddd1000, 0x4, 0x0, 0x0, 0xff, 0x2, 0xa7, 0xa, 0x2}, {0xeeef0000, 0xdddd1000, 0xe, 0xfe, 0x0, 0x0, 0x3, 0x80, 0x0, 0xfc}, {0x2000, 0x0, 0x3, 0x0, 0x0, 0x1, 0xfd, 0xa, 0x26}, {0xdddd1000}, {0xdddd1000, 0xfbff}, 0xddf8ffdb, 0x0, 0x0, 0x430, 0x0, 0x2501, 0xdddd0000, [0x100000, 0x6e, 0x2]})

2.594650956s ago: executing program 1 (id=2729):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000380)='source\xcf\x87\x86\x1bY\x0f\xde\xd6\xcd\xc0\x01\xd3\x19>K\x04\xfe\x86YG\xa5\x0f\xed\xa0\x9f\x1e\x14R\x9e\x04\xfa\xed\xd0TG&\x88\xeaz\x9aD\xf8Tt\x8c\x00{\x1fm\xfe\x9c\xf6_h\x9e\xfc\'', &(0x7f00000001c0)='sou\x01ce', 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'geneve0\x00'})
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f0000000340)={{0x2, 0x0, @broadcast}, {0x0, @link_local}, 0xa, {0x2, 0x800, @multicast2}, 'wg0\x00'})
r7 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@get={0xe0, 0x13, 0x1, 0x70bd25, 0x25dfdc00, {{'drbg_nopr_ctr_aes256\x00'}, '\x00', '\x00', 0x2000}}, 0xe0}}, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e2a, @broadcast}, {0x0, @remote}, 0x4a, {}, 'veth1_to_bridge\x00'})
r8 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x141000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r9, 0xc1105511, &(0x7f0000000140)={0xa, 0x0, 0x1, 0x0, 'syz0\x00'})
madvise(&(0x7f0000cd0000/0x4000)=nil, 0xffffffffdf32ffff, 0x16)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000200)={"6080d517", 0x3, 0x9, 0x1, 0x2, 0xfffffffc, "f9a927627a359827fdc4ed7cb20708", "ae6c49d8", "1c4391b3", "aa04df4e", ["e4e7d0b3748a08eb4117a58f", "a42a5eb8b97b66092e22038e", "00284dc8b857e17ccdef2efa", "d89c67314b6a13a76640b81a"]})
tkill(r8, 0xb)
r10 = socket$netlink(0x10, 0x3, 0x400000000000004)
open_tree(0xffffffffffffffff, 0x0, 0x9100)
sendmsg$TCPDIAG_GETSOCK(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x50, 0x12, 0x101, 0x70bd27, 0x25dfdbfe, {0x11, 0x4, 0x9, 0x5, {0x4e23, 0x4e22, [0x1000, 0xc8000000, 0xaf, 0x200], [0x8, 0x1, 0x7bf, 0x400], 0x0, [0x3, 0xe1c]}, 0x5, 0xea18}, [@INET_DIAG_REQ_BYTECODE={0x1c}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

2.476981848s ago: executing program 32 (id=2729):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000380)='source\xcf\x87\x86\x1bY\x0f\xde\xd6\xcd\xc0\x01\xd3\x19>K\x04\xfe\x86YG\xa5\x0f\xed\xa0\x9f\x1e\x14R\x9e\x04\xfa\xed\xd0TG&\x88\xeaz\x9aD\xf8Tt\x8c\x00{\x1fm\xfe\x9c\xf6_h\x9e\xfc\'', &(0x7f00000001c0)='sou\x01ce', 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'geneve0\x00'})
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r6, 0x8955, &(0x7f0000000340)={{0x2, 0x0, @broadcast}, {0x0, @link_local}, 0xa, {0x2, 0x800, @multicast2}, 'wg0\x00'})
r7 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@get={0xe0, 0x13, 0x1, 0x70bd25, 0x25dfdc00, {{'drbg_nopr_ctr_aes256\x00'}, '\x00', '\x00', 0x2000}}, 0xe0}}, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e2a, @broadcast}, {0x0, @remote}, 0x4a, {}, 'veth1_to_bridge\x00'})
r8 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x141000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r9, 0xc1105511, &(0x7f0000000140)={0xa, 0x0, 0x1, 0x0, 'syz0\x00'})
madvise(&(0x7f0000cd0000/0x4000)=nil, 0xffffffffdf32ffff, 0x16)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000200)={"6080d517", 0x3, 0x9, 0x1, 0x2, 0xfffffffc, "f9a927627a359827fdc4ed7cb20708", "ae6c49d8", "1c4391b3", "aa04df4e", ["e4e7d0b3748a08eb4117a58f", "a42a5eb8b97b66092e22038e", "00284dc8b857e17ccdef2efa", "d89c67314b6a13a76640b81a"]})
tkill(r8, 0xb)
r10 = socket$netlink(0x10, 0x3, 0x400000000000004)
open_tree(0xffffffffffffffff, 0x0, 0x9100)
sendmsg$TCPDIAG_GETSOCK(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x50, 0x12, 0x101, 0x70bd27, 0x25dfdbfe, {0x11, 0x4, 0x9, 0x5, {0x4e23, 0x4e22, [0x1000, 0xc8000000, 0xaf, 0x200], [0x8, 0x1, 0x7bf, 0x400], 0x0, [0x3, 0xe1c]}, 0x5, 0xea18}, [@INET_DIAG_REQ_BYTECODE={0x1c}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

2.317388571s ago: executing program 0 (id=2731):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x3, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000004000000000000018110000", @ANYRESOCT, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f00000001c0)="d32fed3f3378a73bcbad3e35eb501ba1d912dff75924077acf6ea4d25ddf4f0f", 0x20}, {&(0x7f0000000440)="0aaadd926ea5ce37ed71fd6515dcc8589f086c5b7996ab01b6c2dcbafe2b3a9658a96fecd3a81804184055754163ed161be6e7b2c6b6f22dcbeb259677c3863711810c5337531f8b32622f23167d7ead7244579ae6f825556ef113bd2c49c48ba93b4062f84448360778815c9e9690a6e8e87073dee4b6cf2a67f1b6bb6155a1230b806f0c7f6920a91f87c18419ed1e1bf4af461f8913d6549272d09ac38d2f2279fd6400a0fd3366cb62047b278e78507536", 0xb3}, {&(0x7f0000000500)="978e4f472a7d4497478ef8dada008f332c6b1b190ceb0f8dc1c02510c836bfe0b8bdbecfc7747375a2d30109b3c09703c7a2ea38735f6c4012006bc2968071fa73dc406d4f43f7ebd6e5534d4ec9f4811aff10763af3e28a2725d6a975ee8fdf104b036d74fbdeeddc5382e116b17eb50c4c4752717d51eed430df5540dc56e6151c9a19eabbd05b801ebced905a771c1669a860dec1d3ddcf9939f3694ddc31203df292e2", 0xa5}], 0x3, 0x8, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000001340)="0e9849f1332c3a4f7cd80c990e6bb6b5979749a4fbaef24bc5bcc03ac73ad01da6441277f5ac3b4d0ab075522859b01dff8f24e16cd420439da93470adbb7411843f018e01848aec434d0395f241ae92"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000180)={0x0, 0x0})

2.111393787s ago: executing program 0 (id=2732):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = openat$drirender128(0xffffff9c, &(0x7f0000000040), 0x169903, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f00000003c0)={0x2, 0x0, &(0x7f0000000380)=[<r1=>0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000400)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580), &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x2, 0x4000000000000092, 0x0, r1})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
r3 = userfaultfd(0x1)
r4 = gettid()
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r9 = dup(r8)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
r10 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r10, 0x0, 0x0)
r11 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r11, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(r10, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x43, 0x4}, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x200040c7}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(r11, 0x10f, 0x88)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))

1.949259046s ago: executing program 2 (id=2733):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

1.889564987s ago: executing program 2 (id=2734):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) (fail_nth: 2)

1.601526512s ago: executing program 2 (id=2735):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
write$cgroup_int(r0, &(0x7f0000000000), 0x12)
gettid()
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000001c0)={{0x0, 0x2}})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f00000000c0)={0x3, 0x2, 0x0, 0x0, 0x6})
timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_gettime(0x0, &(0x7f0000000280))
timer_create(0x0, &(0x7f0000000040)={0x0, 0x15, 0x800000000004, @thr={&(0x7f0000000800)="a3654250b9f3aea9464fea09ca95bdab56c9dbb432637dee034b9a05bfb17eda1c58c13f2519ee9ddb8cd79690d4b1a7e5405d8d80cdfd3cdb65751dea4f90c1196201fe2764449f3a3e091843b7b795eb7155cf926ee28b64c4bf2111dc46b7b33c10209e8eda0833c21314b8929ed83c37f04a423b2a9028b9f616ca73a5297baef0db95652b65da583be0ed4896584e4468c6260a80a6cf8700b10a0c9c897ca111f8f95a3a6b707a26f5602a0400008835350187f8397cf9bdd39232e95cf808926e234bbbe0a8453d81e1d13a0cc95544150ee49a5225328704eb56c46176a42e2713c53a7d5ae46c1fca00000000000000ae0649e97192cfc8f4d5a92e83fbf810be35d2c2c72b17e4c2eb3e611ba72753bea980fcf0b6dd3762e817496f15375780a2a8735a5fbed7ecc1e2d7", &(0x7f0000000740)="8d22f98e6f7f35cf142cca0c015657224cff3c23c2ed926e028ea4f55a09aa81e884619dbd31b72b87f755984221aad51171dc5080f541cecd586008231ee47ee893df1f67e49bc476caa7c5d9c6cd06be429ec3901c12451a2805770effc89023526bf90af27903555cdfe7e06d51fe53dd624dde4631dbcf76b7b3b750d023abf6e10c2709c0acde8247f49c2b6c55fd68e3ee6b936e2ae9d81d"}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioperm(0x7, 0x449, 0x7ff)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @local})
write$tun(r3, &(0x7f0000000480)=ANY=[@ANYBLOB="000006000100000000003d000000415e01600065000005119078ac1e0101ac1e0101865bffffffff050c0ac296e8e88cc674809605071d6d888cf0070b94abe21b3797eaa4d706125e2726e354805290bf4afebbdfdecebc000f125c2dd8413e454e21fb98a3b1050c2a70d070ae9d0fe830f81fd153f141ec010aeef383740dd8f40d4420e730ffff5ccd000000000000000000000001fffffffb00000008000000044434f7c1ac1414aa00000006ac14141f5ada34fc74a12a0000000007ac1414aa00000fff6401010080000001ffffffff00000200004e234e24009c90780100000001000000ecf9df09571af7798dcb7f64a9e3b6450984608f1deae1d689cb3904e784d96bb522e69472b57b23214cdda80c25ae10ce26b34cf46d84f1a43c17910d1da4d537be7d71b3f21f3ba61593e2583e673fc5bd73427416d351ef0b37620ae2f23d03d9a35a81b2b20bd121d888296b502e7d42c63fb015539bcaf0aa6a16370ab79479d0486278"], 0x16e)
ioperm(0x10000, 0xaa6, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
socket(0x21, 0x800, 0x1)
r6 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0xfffffffa)
dup(r6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@deltclass={0x6c, 0x29, 0x2, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x2, 0x5}, {0x10, 0xa}, {0x8, 0x9}}, [@TCA_RATE={0x6, 0x5, {0x7f, 0x6}}, @tclass_kind_options=@c_ingress={0xc}, @TCA_RATE={0x6, 0x5, {0x5, 0x3}}, @tclass_kind_options=@c_cake={0x9}, @tclass_kind_options=@c_cbs={0x8}, @tclass_kind_options=@c_cake={0x9}, @tclass_kind_options=@c_multiq={0xb}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

1.579067378s ago: executing program 3 (id=2736):
r0 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
close(r0)
socket$xdp(0x2c, 0x3, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bind$rose(r1, &(0x7f0000000000)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000003400000001ed00007b130000000000001d440000000000007a0a00fe00ffffffdb03000000000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37ca3c23b12c72058459b6cf548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb00f8ffff92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca485683cdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b508bc1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6cab44feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d086fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a974242aabfc8adbadc9ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37afe20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a049414089c1ae8f3476236b05dd0500a4843a62c591f8d2b1a62d0db8dc826219bd87398b33e140792297d023ef52de2e75b9dbbfb8712ccc15c69cfb4c6c1bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd61000000000000000000000000000000000000000000000000000000000000000000000000f637782e317d492b2392fd0ea81397a80227f271bad21d688af35a2bd02c15d20f3d62a50e20260642c25f304c8034a5f4d8e45e701dbd84294d1096e715662b8223e10e98c4c38451fc5c702084e3fa9b184e0d0fba44acf3bb8a846cf680dfbf312cddfdb2043288fa6b67fa762c8b75d4478756ef240f2b314e4d77a3afb4fcec92248327004d1dac7ac87a6f8cb04d82acc307d60e4713bd9a8f29091d3048c669a5f5439e0a906ce098d177b9579882586511cfe6a23e57c44d1654899f077b5636e4181f3de6b814bedcac5290ad8018bbe4424edc6d9b0e61b404bb7a2d4883bbc200de8332029cbc04a0bc52ab39c9ba1a7491a18d713f4169c3cf3a2becfe458687c562950bddfb58e6cf23ed86eec11214d70c7142c487ca405f9ac813189fcc7c4eae47e9ecc5b39c0d2861ff17d7c9c1ebc20244e52b87c8589efdd3b1b4e603ba65fd85864057f3e7bdd39cde36021745c9302117ddaaab0c1ddacce1aa4a4fd021b9c1d9829c905ec903946d98fb41180fe28df358cbba009743875e0a0eba096ad6e4a16a443e26358c2bc02efbc540ad7e1f3564ef6f4dba9fe91350036cef773f421f7c209e26877b6fca000000000000000000000000000025cef574b07f18f65f499daa3b5b5a37ab2c484aab9b2884821d989a00"/3465], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r4 = dup(r3)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r5=>0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0xfffff9e3, 0x5})
r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r8, 0x31e)
r9 = accept4$nfc_llcp(r7, &(0x7f0000000080), &(0x7f0000000140)=0x58, 0x800)
clock_gettime(0x0, &(0x7f0000002680)={<r10=>0x0, <r11=>0x0})
recvmmsg(r9, &(0x7f0000002080)=[{{&(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000280)=""/103, 0x67}, {&(0x7f0000002880)=""/177, 0xb1}, {&(0x7f0000000200)=""/15, 0xf}], 0x3, &(0x7f0000000600)=""/243, 0xf3}, 0x6}, {{&(0x7f0000000500)=@xdp, 0x80, &(0x7f0000000400)=[{&(0x7f0000000700)=""/161, 0xa1}, {&(0x7f00000007c0)=""/133, 0x85}], 0x2, &(0x7f0000000880)=""/62, 0x3e}, 0x7000000}, {{&(0x7f0000000900)=@nfc, 0x80, &(0x7f0000002480)=[{&(0x7f0000002140)=""/34, 0x22}, {&(0x7f0000002180)=""/112, 0x70}, {&(0x7f0000002200)}, {&(0x7f0000002240)=""/44, 0x2c}, {&(0x7f0000002280)=""/96, 0x60}, {&(0x7f0000002300)=""/73, 0x49}, {&(0x7f0000002380)=""/116, 0x74}, {&(0x7f0000002400)=""/100, 0x64}, {&(0x7f0000002700)=""/211, 0xd3}], 0x9, &(0x7f00000009c0)=""/118, 0x76}, 0x80000001}, {{&(0x7f0000000a40)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @remote}}, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000bc0)=""/236, 0xec}, {&(0x7f0000000ac0)=""/161, 0xa1}], 0x2, &(0x7f0000000d00)=""/127, 0x7f}, 0x3}, {{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000000d80)=""/69, 0x45}, {&(0x7f0000000e00)=""/231, 0xe7}, {&(0x7f0000000f00)=""/104, 0x68}, {&(0x7f0000002800)=""/125, 0x7d}, {&(0x7f00000025c0)=""/92, 0x5c}], 0x5}, 0x1}, {{0x0, 0x0, &(0x7f00000025c0), 0x0, &(0x7f0000002500)=""/133, 0x85}, 0xf}], 0x6, 0x2003, &(0x7f00000026c0)={r10, r11+10000000})
write$UHID_INPUT(r7, &(0x7f0000001040)={0xc, {"a2e3ad21ed0d52f91b23090987f70e06d038e7ff7fc6e5539b3264078b089b0c08384d090890e0878f0e1ac6e7049b334a959b4b9a240a5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31310d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe2c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c63d36770243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1008892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928900d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b03000000cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c113d12a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571ebff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4804afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa34046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d789364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c220300000007b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000ebffffffffffffff00", 0x1000}}, 0x1006)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x28004, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',privport,access=', @ANYRESHEX=r5])

1.451464111s ago: executing program 3 (id=2737):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, 0x0, 0x4000800)
syz_emit_vhci(0x0, 0x10)
socket$netlink(0x10, 0x3, 0xa)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000000240)={0x34, r1, 0x301, 0x0, 0x0, {0x17}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(r2, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003d000b08d25a80648c7494f90224fc60580002400c000400030082c137153e3719ac018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r4, 0x0, 0x40000}, 0x18)
get_mempolicy(0x0, 0x0, 0x5fe7, &(0x7f0000394000/0x3000)=nil, 0x3)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x4)

1.450990908s ago: executing program 3 (id=2738):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000003680), r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000fc07ffff00000000000000008500000041000000850000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161142, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FD_FRAMES(r1, 0x65, 0x8, 0x0, &(0x7f00000023c0))
socket$igmp(0x2, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x4, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x5, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000)
bpf$MAP_CREATE(0x300000000000000, 0x0, 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

961.677926ms ago: executing program 0 (id=2739):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x3, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000004000000000000018110000", @ANYRESOCT, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f00000001c0)="d32fed3f3378a73bcbad3e35eb501ba1d912dff75924077acf6ea4d25ddf4f0f", 0x20}, {&(0x7f0000000440)="0aaadd926ea5ce37ed71fd6515dcc8589f086c5b7996ab01b6c2dcbafe2b3a9658a96fecd3a81804184055754163ed161be6e7b2c6b6f22dcbeb259677c3863711810c5337531f8b32622f23167d7ead7244579ae6f825556ef113bd2c49c48ba93b4062f84448360778815c9e9690a6e8e87073dee4b6cf2a67f1b6bb6155a1230b806f0c7f6920a91f87c18419ed1e1bf4af461f8913d6549272d09ac38d2f2279fd6400a0fd3366cb62047b278e78507536", 0xb3}, {&(0x7f0000000500)="978e4f472a7d4497478ef8dada008f332c6b1b190ceb0f8dc1c02510c836bfe0b8bdbecfc7747375a2d30109b3c09703c7a2ea38735f6c4012006bc2968071fa73dc406d4f43f7ebd6e5534d4ec9f4811aff10763af3e28a2725d6a975ee8fdf104b036d74fbdeeddc5382e116b17eb50c4c4752717d51eed430df5540dc56e6151c9a19eabbd05b801ebced905a771c1669a860dec1d3ddcf9939f3694ddc31203df292e2", 0xa5}], 0x3, 0x8, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000001340)="0e9849f1332c3a4f7cd80c990e6bb6b5979749a4fbaef24bc5bcc03ac73ad01da6441277f5ac3b4d0ab075522859b01dff8f24e16cd420439da93470adbb7411843f018e01848aec434d0395f241ae92"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000180)={0x0, 0x0})

61.757234ms ago: executing program 3 (id=2740):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x1)
getpeername$ax25(r0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
sendfile(r2, r2, 0x0, 0x3)
r3 = memfd_create(&(0x7f0000000540)='\xdd#\x00\xe6Z\x00\xafq%\xa5\x83\xa6#\r\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\xf9\xff\xff\xff\x00\x17?$^\xe1Ob\xe1Y\x03\x00\x00\x00\x00\x00\x00\x00\xce\xe5\x19THP\xf4O\xe2\x9f\xd9\xae\xcf>/\xdc\xaa<\x96\xedE>{\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0\xb04\xb7T5\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\x03\x8a\xc40\xbe\xe3\x93A\x15\xec\xdb\xaa\xdc\n\xcbC\x15\xfcp\x11\xdai\f{\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\x82t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9\x87\xb6^r\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9w\xd2\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T[\xb7\xa4\xb0\bk&\xede\x8b\xc2\xb2\xcd\xef\xcf\x0fE\xc5\x86]\xc0]}\xdd^\xf6&\x16>c\x9d\x9c\xc9\x01\x04\x00\x00\xe9h\xbd\x10p\x8f\x14\x1f2\"\x1b;\xfda\x19\x8bo^\x96\x9a~Q\xce\x95\x02\xb8e\xbbG\xb0V[\xfe\x80\x94$y\x8a\\@\xa9^\x95!IJ\xcf\xf7\xafoX/qG\x97ITp\x01\xae\f\"n;%\xecT\xf6\xb6\xbf;\xde\xec\xb4z\xaa\xd9%\xa5;wy~\xcb\x9a\xd7\r\xe2\xcd\xf0C\x16\xbf0\x89\xb4\xf5\x86\xf3\x99\x9bq\xd3\x15\xe1:\x86\xe4\x14\x805K\xcf\xf6\xda\xd1A>\xf4r>\xfdyAH\x0f\x00'/426, 0x0)
fsetxattr$security_ima(r3, &(0x7f0000000080), &(0x7f0000000040)=@md5={0x1, "d70ec82c696148625acfe64606069033"}, 0xfeb5, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

61.442999ms ago: executing program 3 (id=2741):
r0 = socket$alg(0x26, 0x5, 0x0)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000e80)='/sys/kernel/profiling', 0x22042, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
r9 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
readv(r9, &(0x7f0000000040)=[{0x0}], 0x1)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
splice(r1, 0x0, r4, 0x0, 0xbfd1, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000140), &(0x7f0000000240)="ddac60005ccf9be6d65273838fab11f553ccb01776cb8b1d37c2c72f4f5d6cf65761305b81f892cf4598e4e54a5264462d3e068cf5582cb82b4fa26620ed0d48421d174e115b5903e106ada86abd01beb62a1c7075625be6be5239dcc6df568393a9a8730ff13dd2d2881f12cc1b8e07c7345b38ffc3bb9952d9036e8e9340b0feecf243df512b336e115625559f10c202d64b26089f03642f", 0x99, 0xfffffffffffffffd)
r10 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
write(r10, &(0x7f0000000040)="f8db5948f6541e5f84cc9c4cb7f528922f6e98bd566eb1903db9f3cc89b2797112b845c89a348fb550bb2fb3f01ee012c61ac8a3b4bd06e5973438fde930", 0x3e)
fcntl$dupfd(r10, 0x0, r10)
socket$nl_route(0x10, 0x3, 0x0)
r11 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'bridge0\x00'})

0s ago: executing program 0 (id=2742):
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x10d880)
syz_usb_disconnect(r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1)
sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x34, r2, 0x6ff, 0x0, 0x25dfdbfc, {0x52}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x48004}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000600))
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b00000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r4}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x6, 0x4, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[r5], 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x315500, 0x0)
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r6, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0xfffffffd}, &(0x7f0000000180), 0x0)
bind$inet(r9, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xe)

kernel console output (not intermixed with test programs):

5936] Bluetooth: hci2: command tx timeout
[  565.684092][   T24] libceph: connect (1)[c::]:6789 error -101
[  565.687188][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  565.789104][T15075] ceph: No mds server is up or the cluster is laggy
[  566.140275][T15088] overlayfs: overlapping lowerdir path
[  566.502207][   T34] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  566.532829][T15097] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  566.535013][T15097] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  566.537731][T15097] vhci_hcd vhci_hcd.0: Device attached
[  566.657763][   T34] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  566.662732][   T34] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  566.666778][   T34] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  566.670744][   T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.678796][   T34] usb 6-1: config 0 descriptor??
[  566.687421][   T34] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  566.690687][   T34] dvb-usb: bulk message failed: -22 (3/0)
[  566.700974][   T34] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  566.705535][   T34] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  566.709294][   T34] usb 6-1: media controller created
[  566.712202][   T34] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  566.721040][   T34] dvb-usb: bulk message failed: -22 (6/0)
[  566.723666][   T34] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  566.728678][   T34] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input9
[  566.736804][   T34] dvb-usb: schedule remote query interval to 150 msecs.
[  566.739461][   T34] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  566.772169][T13657] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[  566.895815][   T34] dvb-usb: bulk message failed: -22 (1/0)
[  566.898672][   T34] dvb-usb: error while querying for an remote control event.
[  567.062202][   T34] dvb-usb: bulk message failed: -22 (1/0)
[  567.064813][   T34] dvb-usb: error while querying for an remote control event.
[  567.111811][T15105] ptrace attach of "/syz-executor exec"[15106] was attempted by "/syz-executor exec"[15105]
[  567.212166][T15098] vhci_hcd: connection reset by peer
[  567.216075][T14871] vhci_hcd: stop threads
[  567.217702][T14871] vhci_hcd: release socket
[  567.219526][T14871] vhci_hcd: disconnect device
[  567.232290][   T34] dvb-usb: bulk message failed: -22 (1/0)
[  567.234704][   T34] dvb-usb: error while querying for an remote control event.
[  567.392177][   T34] dvb-usb: bulk message failed: -22 (1/0)
[  567.396070][   T34] dvb-usb: error while querying for an remote control event.
[  567.483791][ T5936] Bluetooth: hci2: command tx timeout
[  567.562222][   T34] dvb-usb: bulk message failed: -22 (1/0)
[  567.564413][   T34] dvb-usb: error while querying for an remote control event.
[  567.609837][T15122] lo speed is unknown, defaulting to 1000
[  567.614165][T15122] vxcan1 speed is unknown, defaulting to 1000
[  567.722298][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  567.724276][   T64] dvb-usb: error while querying for an remote control event.
[  567.892366][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  567.894400][   T64] dvb-usb: error while querying for an remote control event.
[  568.052313][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  568.056036][   T64] dvb-usb: error while querying for an remote control event.
[  568.212821][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  568.215388][   T64] dvb-usb: error while querying for an remote control event.
[  568.372308][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  568.374769][   T64] dvb-usb: error while querying for an remote control event.
[  568.499530][T15133] syz.0.2296 (15133) used greatest stack depth: 21016 bytes left
[  568.532788][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  568.535151][   T64] dvb-usb: error while querying for an remote control event.
[  568.670440][T15139] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2298'.
[  568.674430][T15139] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  568.692225][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  568.694753][   T64] dvb-usb: error while querying for an remote control event.
[  568.862163][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  568.864370][   T64] dvb-usb: error while querying for an remote control event.
[  569.026593][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  569.030888][   T64] dvb-usb: error while querying for an remote control event.
[  569.054015][   T64] libceph: connect (1)[c::]:6789 error -101
[  569.060437][   T64] libceph: mon0 (1)[c::]:6789 connect error
[  569.064253][   T64] libceph: connect (1)[c::]:6789 error -101
[  569.067147][   T64] libceph: mon0 (1)[c::]:6789 connect error
[  569.101458][T15148] ceph: No mds server is up or the cluster is laggy
[  569.212189][   T64] dvb-usb: bulk message failed: -22 (1/0)
[  569.215086][   T64] dvb-usb: error while querying for an remote control event.
[  569.276987][T15153] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2301'.
[  569.354399][ T3226] usb 6-1: USB disconnect, device number 9
[  569.359979][T15157] MPI: mpi too large (130952 bits)
[  569.390452][ T3226] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  569.448395][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.451060][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x4
[  569.457809][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.461255][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.464500][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.467171][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.469777][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.472519][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x1
[  569.475171][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.477803][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.480411][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.483590][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.486287][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.489055][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.491739][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.494683][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.497239][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.499868][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.502788][   T64] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  569.505417][   T64] hid-generic 0000:0000:0000.0006: item fetching failed at offset 20/43
[  569.508579][   T64] hid-generic 0000:0000:0000.0006: probe with driver hid-generic failed with error -22
[  569.622369][ T5936] Bluetooth: hci2: command tx timeout
[  569.818668][T15163] lo speed is unknown, defaulting to 1000
[  569.821488][T15163] vxcan1 speed is unknown, defaulting to 1000
[  570.051828][   T24] libceph: connect (1)[c::]:6789 error -101
[  570.055371][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  570.057983][   T24] libceph: connect (1)[c::]:6789 error -101
[  570.060463][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  570.110480][T15179] ceph: No mds server is up or the cluster is laggy
[  570.300867][T15187] fuse: Unknown parameter '0x0000000000000005'
[  570.405889][T15191] sp0: Synchronizing with TNC
[  570.438035][T15191] [U] è
[  570.593313][T15197] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  570.771377][T15214] Device name cannot be null; rc = [-22]
[  570.956706][   T79] libceph: connect (1)[c::]:6789 error -101
[  570.958721][   T79] libceph: mon0 (1)[c::]:6789 connect error
[  570.988848][T15222] ceph: No mds server is up or the cluster is laggy
[  571.112711][T15217] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  571.807587][T15254] overlayfs: overlapping lowerdir path
[  571.897033][T15265] lo speed is unknown, defaulting to 1000
[  571.902002][T15265] vxcan1 speed is unknown, defaulting to 1000
[  572.177430][T15271] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  572.189224][T13657] vhci_hcd: vhci_device speed not set
[  572.392693][T15276] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2326'.
[  572.512564][T15276] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  572.515948][T15276] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  572.518768][T15276] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  572.521748][T15276] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  572.564069][T15283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2327'.
[  572.615457][T15284] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2327'.
[  572.642390][T15276] vxlan1: entered promiscuous mode
[  573.573274][T15305] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  573.580539][T15307] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2335'.
[  573.836466][T15328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2339'.
[  573.855026][T15328] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2339'.
[  575.308290][T15348] lo speed is unknown, defaulting to 1000
[  575.310852][T15348] vxcan1 speed is unknown, defaulting to 1000
[  575.623127][T15368] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  575.666249][T15370] lo speed is unknown, defaulting to 1000
[  575.669683][T15370] vxcan1 speed is unknown, defaulting to 1000
[  576.097663][T15395] FAULT_INJECTION: forcing a failure.
[  576.097663][T15395] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  576.103506][T15395] CPU: 1 UID: 0 PID: 15395 Comm: syz.2.2354 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  576.103521][T15395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  576.103527][T15395] Call Trace:
[  576.103531][T15395]  <TASK>
[  576.103535][T15395]  dump_stack_lvl+0x16c/0x1f0
[  576.103552][T15395]  should_fail_ex+0x512/0x640
[  576.103568][T15395]  _copy_from_iter+0x2a4/0x15b0
[  576.103584][T15395]  ? __alloc_skb+0x200/0x380
[  576.103595][T15395]  ? __pfx__copy_from_iter+0x10/0x10
[  576.103611][T15395]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  576.103628][T15395]  netlink_sendmsg+0x829/0xdd0
[  576.103642][T15395]  ? __pfx_netlink_sendmsg+0x10/0x10
[  576.103654][T15395]  ? __import_iovec+0x1c8/0x660
[  576.103672][T15395]  ____sys_sendmsg+0xa95/0xc70
[  576.103684][T15395]  ? gfs2_create_inode+0x1bf0/0x32c0
[  576.103697][T15395]  ? __pfx_____sys_sendmsg+0x10/0x10
[  576.103711][T15395]  ? get_compat_msghdr+0x11a/0x170
[  576.103727][T15395]  ___sys_sendmsg+0x134/0x1d0
[  576.103738][T15395]  ? __pfx____sys_sendmsg+0x10/0x10
[  576.103765][T15395]  __sys_sendmsg+0x16d/0x220
[  576.103776][T15395]  ? __pfx___sys_sendmsg+0x10/0x10
[  576.103792][T15395]  ? rcu_is_watching+0x12/0xc0
[  576.103803][T15395]  __do_fast_syscall_32+0x73/0x120
[  576.103819][T15395]  do_fast_syscall_32+0x32/0x80
[  576.103832][T15395]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  576.103844][T15395] RIP: 0023:0xf704e579
[  576.103852][T15395] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  576.103861][T15395] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  576.103871][T15395] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  576.103898][T15395] RDX: 0000000004000010 RSI: 0000000000000000 RDI: 0000000000000000
[  576.103904][T15395] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  576.103910][T15395] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  576.103915][T15395] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  576.103928][T15395]  </TASK>
[  576.341267][T15413] FAULT_INJECTION: forcing a failure.
[  576.341267][T15413] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  576.344944][T15399] overlayfs: overlapping lowerdir path
[  576.348265][T15413] CPU: 0 UID: 0 PID: 15413 Comm: syz.0.2357 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  576.348280][T15413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  576.348286][T15413] Call Trace:
[  576.348290][T15413]  <TASK>
[  576.348294][T15413]  dump_stack_lvl+0x16c/0x1f0
[  576.348311][T15413]  should_fail_ex+0x512/0x640
[  576.348328][T15413]  _copy_from_iter+0x2a4/0x15b0
[  576.348344][T15413]  ? __alloc_skb+0x200/0x380
[  576.348355][T15413]  ? __pfx__copy_from_iter+0x10/0x10
[  576.348375][T15413]  netlink_sendmsg+0x829/0xdd0
[  576.348390][T15413]  ? __pfx_netlink_sendmsg+0x10/0x10
[  576.348403][T15413]  ? __import_iovec+0x1c8/0x660
[  576.348433][T15413]  ____sys_sendmsg+0xa95/0xc70
[  576.348449][T15413]  ? __pfx_____sys_sendmsg+0x10/0x10
[  576.348462][T15413]  ? get_compat_msghdr+0x11a/0x170
[  576.348478][T15413]  ___sys_sendmsg+0x134/0x1d0
[  576.348490][T15413]  ? __pfx____sys_sendmsg+0x10/0x10
[  576.348517][T15413]  __sys_sendmsg+0x16d/0x220
[  576.348527][T15413]  ? __pfx___sys_sendmsg+0x10/0x10
[  576.348542][T15413]  ? rcu_is_watching+0x12/0xc0
[  576.348557][T15413]  ? rcu_is_watching+0x12/0xc0
[  576.348567][T15413]  __do_fast_syscall_32+0x73/0x120
[  576.348582][T15413]  do_fast_syscall_32+0x32/0x80
[  576.348595][T15413]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  576.348607][T15413] RIP: 0023:0xf712e579
[  576.348615][T15413] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  576.348624][T15413] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  576.348634][T15413] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000a80
[  576.348641][T15413] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  576.348646][T15413] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  576.348651][T15413] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  576.348657][T15413] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  576.348669][T15413]  </TASK>
[  576.523328][T15419] Bluetooth: MGMT ver 1.23
[  577.060410][T15436] FAULT_INJECTION: forcing a failure.
[  577.060410][T15436] name failslab, interval 1, probability 0, space 0, times 0
[  577.066727][T15436] CPU: 3 UID: 0 PID: 15436 Comm: syz.3.2365 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  577.066750][T15436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  577.066759][T15436] Call Trace:
[  577.066766][T15436]  <TASK>
[  577.066772][T15436]  dump_stack_lvl+0x16c/0x1f0
[  577.066799][T15436]  should_fail_ex+0x512/0x640
[  577.066821][T15436]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  577.066842][T15436]  should_failslab+0xc2/0x120
[  577.066862][T15436]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  577.066880][T15436]  ? __alloc_skb+0x2b2/0x380
[  577.066900][T15436]  __alloc_skb+0x2b2/0x380
[  577.066917][T15436]  ? __pfx___alloc_skb+0x10/0x10
[  577.066934][T15436]  ? tcp_chrono_stop+0x95/0x420
[  577.066963][T15436]  tcp_stream_alloc_skb+0x34/0x570
[  577.066988][T15436]  tcp_connect+0xe75/0x5480
[  577.067024][T15436]  ? __pfx_tcp_connect+0x10/0x10
[  577.067053][T15436]  ? __pfx_tcp_fastopen_defer_connect+0x10/0x10
[  577.067081][T15436]  ? inet6_hash_connect+0xe2/0x180
[  577.067101][T15436]  tcp_v6_connect+0x155a/0x2150
[  577.067126][T15436]  ? __pfx_tcp_v6_connect+0x10/0x10
[  577.067164][T15436]  ? mptcp_connect+0x579/0xfe0
[  577.067181][T15436]  mptcp_connect+0x579/0xfe0
[  577.067202][T15436]  __inet_stream_connect+0x3c5/0x1020
[  577.067230][T15436]  ? __pfx___inet_stream_connect+0x10/0x10
[  577.067250][T15436]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  577.067276][T15436]  ? __pfx_inet_stream_connect+0x10/0x10
[  577.067299][T15436]  ? __local_bh_enable_ip+0xa4/0x120
[  577.067319][T15436]  ? __pfx_inet_stream_connect+0x10/0x10
[  577.067339][T15436]  inet_stream_connect+0x57/0xa0
[  577.067361][T15436]  __sys_connect_file+0x13e/0x1a0
[  577.067389][T15436]  __sys_connect+0x14d/0x170
[  577.067403][T15436]  ? __pfx___sys_connect+0x10/0x10
[  577.067435][T15436]  ? __pfx_ksys_write+0x10/0x10
[  577.067457][T15436]  __ia32_sys_connect+0x71/0xb0
[  577.067472][T15436]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  577.067495][T15436]  __do_fast_syscall_32+0x73/0x120
[  577.067519][T15436]  do_fast_syscall_32+0x32/0x80
[  577.067540][T15436]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  577.067560][T15436] RIP: 0023:0xf710e579
[  577.067574][T15436] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  577.067589][T15436] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 000000000000016a
[  577.067604][T15436] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  577.067615][T15436] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[  577.067624][T15436] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  577.067633][T15436] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  577.067642][T15436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  577.067663][T15436]  </TASK>
[  577.073488][T15437] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2364'.
[  577.133531][T15440] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2364'.
[  578.602355][T12176] Bluetooth: hci1: command 0x0c1a tx timeout
[  578.602473][ T5936] Bluetooth: hci1: Opcode 0x0c24 failed: -110
[  578.771007][T15480] lo speed is unknown, defaulting to 1000
[  578.775002][T15480] vxcan1 speed is unknown, defaulting to 1000
[  578.921911][T15484] lo speed is unknown, defaulting to 1000
[  578.955418][T15484] vxcan1 speed is unknown, defaulting to 1000
[  579.635750][T15496] mkiss: ax0: crc mode is auto.
[  579.653092][T15496] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2382'.
[  579.656051][T15496] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2382'.
[  579.658983][T15496] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2382'.
[  579.661933][T15496] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2382'.
[  580.002545][T15498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2383'.
[  580.109854][T15503] macvlan2: entered promiscuous mode
[  580.111647][T15503] macvlan2: entered allmulticast mode
[  580.117541][T15503] bond0: entered allmulticast mode
[  580.120034][T15503] bond0: entered promiscuous mode
[  580.123323][T15503] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  580.128210][T15503] team0: Port device macvlan2 added
[  580.352181][   T58] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  580.438301][T12176] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  580.441912][T12176] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  580.447452][T12176] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  580.450917][T12176] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  580.453838][T12176] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  580.487484][T15508] lo speed is unknown, defaulting to 1000
[  580.491082][T15508] vxcan1 speed is unknown, defaulting to 1000
[  580.512501][   T58] usb 5-1: Using ep0 maxpacket: 16
[  580.516317][   T58] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  580.519659][   T58] usb 5-1: config 0 has no interface number 0
[  580.522409][   T58] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  580.527027][   T58] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  580.532698][   T58] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  580.535824][   T58] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  580.538619][   T58] usb 5-1: Product: syz
[  580.540012][   T58] usb 5-1: SerialNumber: syz
[  580.545200][   T58] usb 5-1: config 0 descriptor??
[  580.549701][   T58] cm109 5-1:0.8: invalid payload size 0, expected 4
[  580.573455][   T58] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input10
[  580.738126][   T78] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.741915][   T78] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  580.751955][    C2] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  580.831134][   T78] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.836117][   T78] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  580.850358][T15508] chnl_net:caif_netlink_parms(): no params data found
[  580.927623][   T78] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  580.932328][   T78] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  580.970396][T12317] usb 5-1: USB disconnect, device number 9
[  580.970613][    C2] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  580.974945][    C2] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  580.982220][T12317] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  581.041204][   T78] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  581.045600][   T78] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  581.053768][T15508] bridge0: port 1(bridge_slave_0) entered blocking state
[  581.056727][T15508] bridge0: port 1(bridge_slave_0) entered disabled state
[  581.059240][T15508] bridge_slave_0: entered allmulticast mode
[  581.060157][T15522] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2389'.
[  581.062202][T15508] bridge_slave_0: entered promiscuous mode
[  581.067927][T15508] bridge0: port 2(bridge_slave_1) entered blocking state
[  581.070365][T15508] bridge0: port 2(bridge_slave_1) entered disabled state
[  581.073821][T15508] bridge_slave_1: entered allmulticast mode
[  581.076664][T15508] bridge_slave_1: entered promiscuous mode
[  581.110568][T15508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  581.115816][T15508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  581.150741][T15508] team0: Port device team_slave_0 added
[  581.173309][T15508] team0: Port device team_slave_1 added
[  581.232904][T15508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  581.236214][T15508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  581.247510][T15508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  581.260777][T15508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  581.263803][T15508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  581.276683][T15508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  581.849270][T12317] libceph: connect (1)[c::]:6789 error -101
[  581.851331][T12317] libceph: mon0 (1)[c::]:6789 connect error
[  581.905364][T15540] ceph: No mds server is up or the cluster is laggy
[  582.522364][ T5936] Bluetooth: hci3: command tx timeout
[  583.113568][   T78] bond0 (unregistering): left allmulticast mode
[  583.116052][   T78] bond0 (unregistering): left promiscuous mode
[  583.128980][   T78] team0: Port device macvlan2 removed
[  583.134255][   T78] bond0 (unregistering): Released all slaves
[  583.209909][   T78] bond1 (unregistering): Released all slaves
[  583.273459][T15543] lo speed is unknown, defaulting to 1000
[  583.276090][T15543] vxcan1 speed is unknown, defaulting to 1000
[  583.307322][T15508] hsr_slave_0: entered promiscuous mode
[  583.309683][T15508] hsr_slave_1: entered promiscuous mode
[  583.313159][T15508] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  583.315650][T15508] Cannot create hsr debugfs directory
[  583.317570][   T78] : left promiscuous mode
[  583.640262][T15559] mkiss: ax0: crc mode is auto.
[  584.127017][   T78] veth1_macvtap: left promiscuous mode
[  584.130136][   T78] veth0_macvtap: left promiscuous mode
[  584.132429][   T78] veth1_vlan: left promiscuous mode
[  584.205929][T15561] syz.0.2396 (15561) used greatest stack depth: 20664 bytes left
[  584.332319][T15585] No control pipe specified
[  584.387888][T15586] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2402'.
[  584.612312][ T5936] Bluetooth: hci3: command tx timeout
[  585.573992][T15586] team_slave_0 (unregistering): left promiscuous mode
[  585.579993][T15586] team0: Port device team_slave_0 removed
[  585.754387][T13657] libceph: connect (1)[c::]:6789 error -101
[  585.756768][T13657] libceph: mon0 (1)[c::]:6789 connect error
[  585.760139][T13657] libceph: connect (1)[c::]:6789 error -101
[  585.782855][T15601] autofs: Unknown parameter 'bpf'
[  585.821484][T15596] ceph: No mds server is up or the cluster is laggy
[  585.831627][T13657] libceph: mon0 (1)[c::]:6789 connect error
[  585.885052][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x6
[  585.906523][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x1
[  585.939099][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  585.942203][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  585.944733][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  585.947274][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  585.951600][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  585.955391][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  585.957949][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  585.960526][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  585.977553][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  585.980470][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.002692][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.005678][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.009512][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.014180][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.017682][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.020331][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.024403][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.027126][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.029726][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.032609][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.035816][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.038426][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.041027][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.047555][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.050199][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.064699][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.089035][T15508] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  586.097972][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.108532][T15508] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  586.116116][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.124237][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.127080][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.129736][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.133726][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.136402][T13657] hid-generic 0000:007F:FFFFFFFE.0007: unknown main item tag 0x0
[  586.136586][T15508] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  586.153174][T13657] hid-generic 0000:007F:FFFFFFFE.0007: hidraw1: <UNKNOWN> HID v0.08 Device [syz1] on syz1
[  586.167849][T15508] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  586.311647][T15508] 8021q: adding VLAN 0 to HW filter on device bond0
[  586.336822][T15508] 8021q: adding VLAN 0 to HW filter on device team0
[  586.354500][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  586.357577][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  586.367650][T14874] bridge0: port 2(bridge_slave_1) entered blocking state
[  586.370787][T14874] bridge0: port 2(bridge_slave_1) entered forwarding state
[  586.569854][T15508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  586.590986][T15508] veth0_vlan: entered promiscuous mode
[  586.599690][T15508] veth1_vlan: entered promiscuous mode
[  586.615853][T15508] veth0_macvtap: entered promiscuous mode
[  586.619868][T15508] veth1_macvtap: entered promiscuous mode
[  586.629106][T15508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  586.633164][T15508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.636312][T15508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  586.639738][T15508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.645410][T15508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  586.653871][T15508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.657435][T15508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.660724][T15508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  586.665966][T15508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  586.670318][T15508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  586.676851][T15508] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  586.679844][T15508] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  586.683350][ T5936] Bluetooth: hci3: command tx timeout
[  586.685486][T15508] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  586.688296][T15508] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  586.727407][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.729960][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  586.759493][T14873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.762933][T14873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  587.087240][T15657] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2413'.
[  587.091198][T15657] netlink: 'syz.1.2413': attribute type 5 has an invalid length.
[  587.094532][T15657] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2413'.
[  587.100186][T15657] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  587.103549][T15657] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  587.107446][T15657] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  587.111291][T15657] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  587.116218][T15657] geneve2: entered promiscuous mode
[  587.118743][T15657] geneve2: entered allmulticast mode
[  587.928337][T15685] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2419'.
[  587.945972][ T2291] kernel write not supported for file /dsp (pid: 2291 comm: kworker/0:2)
[  588.633413][T12176] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  588.643316][T12176] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  588.647464][T12176] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  588.653136][T12176] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  588.656353][T12176] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  588.719556][T15695] lo speed is unknown, defaulting to 1000
[  588.722050][T15695] vxcan1 speed is unknown, defaulting to 1000
[  588.762305][T12176] Bluetooth: hci3: command tx timeout
[  588.876466][T15695] chnl_net:caif_netlink_parms(): no params data found
[  589.017296][T15695] bridge0: port 1(bridge_slave_0) entered blocking state
[  589.020656][T15695] bridge0: port 1(bridge_slave_0) entered disabled state
[  589.029808][T15695] bridge_slave_0: entered allmulticast mode
[  589.033188][T15695] bridge_slave_0: entered promiscuous mode
[  589.038502][T15695] bridge0: port 2(bridge_slave_1) entered blocking state
[  589.041621][T15695] bridge0: port 2(bridge_slave_1) entered disabled state
[  589.045194][T15695] bridge_slave_1: entered allmulticast mode
[  589.048031][T15695] bridge_slave_1: entered promiscuous mode
[  589.081352][T15695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  589.088026][T15695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  589.125786][T15695] team0: Port device team_slave_0 added
[  589.130213][T15695] team0: Port device team_slave_1 added
[  589.161946][T15695] batman_adv: batadv0: Adding interface: batadv_slave_0
[  589.165792][T15695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.174167][   T64] usb 7-1: new low-speed USB device number 12 using dummy_hcd
[  589.174780][T15695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  589.182958][T15695] batman_adv: batadv0: Adding interface: batadv_slave_1
[  589.186054][T15695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  589.196994][T15695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  589.237985][T15695] hsr_slave_0: entered promiscuous mode
[  589.240406][T15695] hsr_slave_1: entered promiscuous mode
[  589.242680][T15695] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  589.245220][T15695] Cannot create hsr debugfs directory
[  589.323958][   T64] usb 7-1: config index 0 descriptor too short (expected 1307, got 27)
[  589.326969][   T64] usb 7-1: config 0 has an invalid interface number: 0 but max is -1
[  589.329899][   T64] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 0
[  589.333057][   T64] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  589.336728][   T64] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  589.339995][   T64] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  589.346939][   T64] usb 7-1: string descriptor 0 read error: -22
[  589.349204][   T64] usb 7-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  589.352645][   T64] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.361780][   T64] usb 7-1: config 0 descriptor??
[  589.365945][T15710] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  589.369132][   T64] hub 7-1:0.0: bad descriptor, ignoring hub
[  589.371390][   T64] hub 7-1:0.0: probe with driver hub failed with error -5
[  589.372564][T15695] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  589.376626][   T64] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input11
[  589.377300][T15695] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.456829][T15695] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  589.460083][T15695] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.516141][T15695] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  589.519643][T15695] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.605008][T15695] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  589.609383][T15695] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  589.738274][T15695] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  589.749150][T15695] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  589.756864][T15695] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  589.762948][T15695] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  589.832007][T15721] Cannot find add_set index 0 as target
[  589.834992][T15695] 8021q: adding VLAN 0 to HW filter on device bond0
[  589.849110][T15695] 8021q: adding VLAN 0 to HW filter on device team0
[  589.880433][T15695] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  589.884152][T15695] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  589.909499][    C1] usb_acecad 7-1:0.0: can't resubmit intr, dummy_hcd.2-1/input0, status -1
[  589.935559][   T78] bridge0: port 1(bridge_slave_0) entered blocking state
[  589.938021][   T78] bridge0: port 1(bridge_slave_0) entered forwarding state
[  589.941253][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  589.946335][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  590.130227][T15695] 8021q: adding VLAN 0 to HW filter on device batadv0
[  590.184839][T15695] veth0_vlan: entered promiscuous mode
[  590.195047][T15695] veth1_vlan: entered promiscuous mode
[  590.216186][T15695] veth0_macvtap: entered promiscuous mode
[  590.221299][T15695] veth1_macvtap: entered promiscuous mode
[  590.230008][T15695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  590.235960][T15695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.239969][T15695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  590.245098][T15695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.249048][T15695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  590.253760][T15695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.260348][T15695] batman_adv: batadv0: Interface activated: batadv_slave_0
[  590.265300][T15695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.268868][T15695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.272145][T15695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.275560][T15695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.278760][T15695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.283113][T15695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.287176][T15695] batman_adv: batadv0: Interface activated: batadv_slave_1
[  590.296552][T15695] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  590.299432][T15695] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  590.302703][T15695] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  590.305579][T15695] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  590.335312][T15735] tmpfs: Unknown parameter '–eh âota'
[  590.692320][T12176] Bluetooth: hci4: command tx timeout
[  591.017359][T15731] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  591.020768][T15731] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  591.034558][T15731] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  591.045733][T15731] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  591.048169][T15731] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  591.051028][T15731] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  591.057885][T15731] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  591.061081][T15731] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  591.067683][T15731] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  591.129760][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  591.135503][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  591.154799][T14872] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  591.157892][T14872] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  591.200805][T15744] FAULT_INJECTION: forcing a failure.
[  591.200805][T15744] name failslab, interval 1, probability 0, space 0, times 0
[  591.205115][T15744] CPU: 3 UID: 0 PID: 15744 Comm: syz.0.2425 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  591.205131][T15744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  591.205136][T15744] Call Trace:
[  591.205140][T15744]  <TASK>
[  591.205144][T15744]  dump_stack_lvl+0x16c/0x1f0
[  591.205162][T15744]  should_fail_ex+0x512/0x640
[  591.205176][T15744]  ? __kvmalloc_node_noprof+0x122/0x600
[  591.205188][T15744]  should_failslab+0xc2/0x120
[  591.205201][T15744]  __kvmalloc_node_noprof+0x135/0x600
[  591.205211][T15744]  ? bucket_table_alloc.isra.0+0x83/0x460
[  591.205227][T15744]  ? bucket_table_alloc.isra.0+0x83/0x460
[  591.205239][T15744]  bucket_table_alloc.isra.0+0x83/0x460
[  591.205253][T15744]  rhashtable_init_noprof+0x41a/0x7e0
[  591.205268][T15744]  rhltable_init_noprof+0x20/0x60
[  591.205281][T15744]  nf_tables_newtable+0xf94/0x1b40
[  591.205297][T15744]  ? __pfx___nla_validate_parse+0x10/0x10
[  591.205309][T15744]  ? __pfx_nf_tables_newtable+0x10/0x10
[  591.205325][T15744]  ? __nla_parse+0x40/0x60
[  591.205336][T15744]  nfnetlink_rcv_batch+0x1908/0x2350
[  591.205356][T15744]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  591.205368][T15744]  ? consume_skb+0xcc/0x100
[  591.205381][T15744]  ? find_held_lock+0x2b/0x80
[  591.205392][T15744]  ? __local_bh_enable_ip+0xa4/0x120
[  591.205403][T15744]  ? lockdep_hardirqs_on+0x7c/0x110
[  591.205423][T15744]  ? __pfx___dev_queue_xmit+0x10/0x10
[  591.205450][T15744]  ? __nla_parse+0x40/0x60
[  591.205461][T15744]  nfnetlink_rcv+0x3c1/0x430
[  591.205474][T15744]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  591.205490][T15744]  netlink_unicast+0x53a/0x7f0
[  591.205504][T15744]  ? __pfx_netlink_unicast+0x10/0x10
[  591.205520][T15744]  netlink_sendmsg+0x8d1/0xdd0
[  591.205534][T15744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  591.205546][T15744]  ? __import_iovec+0x1c8/0x660
[  591.205564][T15744]  ____sys_sendmsg+0xa95/0xc70
[  591.205579][T15744]  ? __pfx_____sys_sendmsg+0x10/0x10
[  591.205592][T15744]  ? get_compat_msghdr+0x11a/0x170
[  591.205609][T15744]  ___sys_sendmsg+0x134/0x1d0
[  591.205620][T15744]  ? __pfx____sys_sendmsg+0x10/0x10
[  591.205647][T15744]  __sys_sendmsg+0x16d/0x220
[  591.205657][T15744]  ? __pfx___sys_sendmsg+0x10/0x10
[  591.205673][T15744]  ? rcu_is_watching+0x12/0xc0
[  591.205685][T15744]  __do_fast_syscall_32+0x73/0x120
[  591.205700][T15744]  do_fast_syscall_32+0x32/0x80
[  591.205713][T15744]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  591.205726][T15744] RIP: 0023:0xf705e579
[  591.205734][T15744] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  591.205743][T15744] RSP: 002b:00000000f504e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  591.205753][T15744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380
[  591.205759][T15744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  591.205764][T15744] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  591.205770][T15744] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  591.205775][T15744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  591.205787][T15744]  </TASK>
[  591.918146][T12317] libceph: connect (1)[c::]:6789 error -101
[  591.920415][T12317] libceph: mon0 (1)[c::]:6789 connect error
[  592.000545][   T57] usb 7-1: USB disconnect, device number 12
[  592.004902][T15761] ceph: No mds server is up or the cluster is laggy
[  592.431901][T15773] lo speed is unknown, defaulting to 1000
[  592.436449][T15773] vxcan1 speed is unknown, defaulting to 1000
[  592.442260][T12176] Bluetooth: hci2: command 0x0c1a tx timeout
[  593.087622][T12176] Bluetooth: hci4: command 0x040f tx timeout
[  593.097545][T12176] Bluetooth: hci3: command 0x0c1a tx timeout
[  593.099060][T15787] FAULT_INJECTION: forcing a failure.
[  593.099060][T15787] name failslab, interval 1, probability 0, space 0, times 0
[  593.106167][T15787] CPU: 2 UID: 0 PID: 15787 Comm: syz.1.2447 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  593.106182][T15787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  593.106188][T15787] Call Trace:
[  593.106191][T15787]  <TASK>
[  593.106195][T15787]  dump_stack_lvl+0x16c/0x1f0
[  593.106213][T15787]  should_fail_ex+0x512/0x640
[  593.106227][T15787]  ? __kmalloc_noprof+0xbf/0x510
[  593.106240][T15787]  ? ethnl_default_notify+0x1a7/0x940
[  593.106252][T15787]  should_failslab+0xc2/0x120
[  593.106264][T15787]  __kmalloc_noprof+0xd2/0x510
[  593.106274][T15787]  ? __pfx___ethnl_set_coalesce.isra.0+0x10/0x10
[  593.106288][T15787]  ? rpm_resume+0x771/0x1310
[  593.106300][T15787]  ? __pfx_ethnl_default_notify+0x10/0x10
[  593.106311][T15787]  ethnl_default_notify+0x1a7/0x940
[  593.106322][T15787]  ? __pfx_ethnl_default_notify+0x10/0x10
[  593.106337][T15787]  ? ethnl_set_coalesce+0xb8/0x170
[  593.106351][T15787]  ? __pfx_ethnl_set_coalesce+0x10/0x10
[  593.106366][T15787]  ? __pfx_ethnl_default_notify+0x10/0x10
[  593.106376][T15787]  ethtool_notify+0xbf/0x200
[  593.106386][T15787]  ethnl_default_set_doit+0x4e5/0xb10
[  593.106397][T15787]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  593.106409][T15787]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  593.106424][T15787]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  593.106440][T15787]  genl_family_rcv_msg_doit+0x206/0x2f0
[  593.106455][T15787]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  593.106468][T15787]  ? trace_cap_capable+0x18d/0x200
[  593.106481][T15787]  ? bpf_lsm_capable+0x9/0x10
[  593.106491][T15787]  ? security_capable+0x7e/0x260
[  593.106501][T15787]  ? ns_capable+0xd7/0x110
[  593.106513][T15787]  genl_rcv_msg+0x55c/0x800
[  593.106528][T15787]  ? __pfx_genl_rcv_msg+0x10/0x10
[  593.106540][T15787]  ? __pfx___dev_queue_xmit+0x10/0x10
[  593.106556][T15787]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  593.106567][T15787]  ? __lock_acquire+0xaa4/0x1ba0
[  593.106583][T15787]  netlink_rcv_skb+0x16a/0x440
[  593.106594][T15787]  ? __pfx_genl_rcv_msg+0x10/0x10
[  593.106608][T15787]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  593.106626][T15787]  ? __pfx_down_read+0x10/0x10
[  593.106643][T15787]  ? netlink_deliver_tap+0x1ae/0xd30
[  593.106662][T15787]  genl_rcv+0x28/0x40
[  593.106678][T15787]  netlink_unicast+0x53a/0x7f0
[  593.106699][T15787]  ? __pfx_netlink_unicast+0x10/0x10
[  593.106727][T15787]  netlink_sendmsg+0x8d1/0xdd0
[  593.106750][T15787]  ? __pfx_netlink_sendmsg+0x10/0x10
[  593.106772][T15787]  ? __import_iovec+0x1c8/0x660
[  593.106801][T15787]  ____sys_sendmsg+0xa95/0xc70
[  593.106821][T15787]  ? __pfx_____sys_sendmsg+0x10/0x10
[  593.106833][T15787]  ? get_compat_msghdr+0x11a/0x170
[  593.106850][T15787]  ___sys_sendmsg+0x134/0x1d0
[  593.106862][T15787]  ? __pfx____sys_sendmsg+0x10/0x10
[  593.106889][T15787]  __sys_sendmsg+0x16d/0x220
[  593.106900][T15787]  ? __pfx___sys_sendmsg+0x10/0x10
[  593.106915][T15787]  ? rcu_is_watching+0x12/0xc0
[  593.106926][T15787]  ? rcu_is_watching+0x12/0xc0
[  593.106936][T15787]  __do_fast_syscall_32+0x73/0x120
[  593.106951][T15787]  do_fast_syscall_32+0x32/0x80
[  593.106964][T15787]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  593.106977][T15787] RIP: 0023:0xf70de579
[  593.106985][T15787] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  593.106999][T15787] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  593.107009][T15787] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  593.107014][T15787] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000
[  593.107020][T15787] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  593.107025][T15787] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  593.107031][T15787] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  593.107043][T15787]  </TASK>
[  594.173025][T15809] lo speed is unknown, defaulting to 1000
[  594.175765][T15809] vxcan1 speed is unknown, defaulting to 1000
[  594.427302][T15818] binder: 15815:15818 ioctl c0306201 800003c0 returned -14
[  594.522188][T12176] Bluetooth: hci2: command 0x0c1a tx timeout
[  595.172320][ T5936] Bluetooth: hci4: command 0x040f tx timeout
[  595.183598][T12176] Bluetooth: hci3: command 0x0c1a tx timeout
[  595.648785][T15836] block nbd3: NBD_DISCONNECT
[  595.651510][T15836] block nbd3: Disconnected due to user request.
[  595.657138][T15836] block nbd3: shutting down sockets
[  595.801595][ T5936] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  595.808169][ T5936] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  595.816682][ T5936] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  595.844578][ T5936] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  595.864058][ T5936] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  595.918836][   T46] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  595.922502][   T46] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  595.966768][T15839] lo speed is unknown, defaulting to 1000
[  595.969996][T15839] vxcan1 speed is unknown, defaulting to 1000
[  596.002344][   T10] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  596.073122][   T46] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.077661][   T46] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  596.160032][T15839] chnl_net:caif_netlink_parms(): no params data found
[  596.162620][   T10] usb 8-1: Using ep0 maxpacket: 32
[  596.166903][   T10] usb 8-1: config 8 has an invalid interface number: 181 but max is 0
[  596.170593][   T10] usb 8-1: config 8 has no interface number 0
[  596.173800][   T10] usb 8-1: config 8 interface 181 has no altsetting 0
[  596.178895][   T10] usb 8-1: New USB device found, idVendor=046d, idProduct=08a7, bcdDevice=9c.fb
[  596.183200][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.186652][   T10] usb 8-1: Product: syz
[  596.188464][   T10] usb 8-1: Manufacturer: syz
[  596.190533][   T10] usb 8-1: SerialNumber: syz
[  596.289865][T15839] bridge0: port 1(bridge_slave_0) entered blocking state
[  596.292735][T15839] bridge0: port 1(bridge_slave_0) entered disabled state
[  596.295255][T15839] bridge_slave_0: entered allmulticast mode
[  596.298327][T15839] bridge_slave_0: entered promiscuous mode
[  596.329153][   T46] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.333712][   T46] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  596.341344][T15839] bridge0: port 2(bridge_slave_1) entered blocking state
[  596.344382][T15839] bridge0: port 2(bridge_slave_1) entered disabled state
[  596.347400][T15839] bridge_slave_1: entered allmulticast mode
[  596.353071][T15839] bridge_slave_1: entered promiscuous mode
[  596.424350][   T46] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  596.427788][   T46] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  596.438400][T15839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  596.454312][T15839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  596.470123][T15856] lo speed is unknown, defaulting to 1000
[  596.493356][T15839] team0: Port device team_slave_0 added
[  596.497654][T15839] team0: Port device team_slave_1 added
[  596.514694][T15856] vxcan1 speed is unknown, defaulting to 1000
[  596.529563][T15839] batman_adv: batadv0: Adding interface: batadv_slave_0
[  596.531930][T15839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.540421][T15839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  596.546286][T15839] batman_adv: batadv0: Adding interface: batadv_slave_1
[  596.548579][T15839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.557721][T15839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  596.559652][   T10] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08a7
[  596.563615][   T10] gspca_zc3xx: reg_w_i err -71
[  596.602685][ T5936] Bluetooth: hci2: command 0x0c1a tx timeout
[  596.655799][T15839] hsr_slave_0: entered promiscuous mode
[  596.658302][T15839] hsr_slave_1: entered promiscuous mode
[  596.660486][T15839] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  596.664731][T15839] Cannot create hsr debugfs directory
[  596.700596][T15854] lo speed is unknown, defaulting to 1000
[  596.716602][T15854] vxcan1 speed is unknown, defaulting to 1000
[  597.152263][   T10] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  597.154909][   T10] gspca_zc3xx 8-1:8.181: probe with driver gspca_zc3xx failed with error -71
[  597.161607][   T10] usb 8-1: USB disconnect, device number 9
[  597.242474][ T5936] Bluetooth: hci3: command 0x0c1a tx timeout
[  597.242817][T12176] Bluetooth: hci4: command 0x040f tx timeout
[  597.290684][T15867] overlayfs: missing 'lowerdir'
[  597.967578][T12176] Bluetooth: hci0: command tx timeout
[  598.196908][T15875] program syz.3.2469 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  598.266494][   T46]  (unregistering): Released all slaves
[  598.861682][T15888] syz.0.2470 (15888): drop_caches: 2
[  598.885661][T15888] syz.0.2470 (15888): drop_caches: 2
[  598.897906][T15892] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2471'.
[  599.097681][   T46] hsr_slave_0: left promiscuous mode
[  599.100400][   T46] hsr_slave_1: left promiscuous mode
[  599.143620][   T46] veth1_macvtap: left promiscuous mode
[  599.145573][   T46] veth0_macvtap: left promiscuous mode
[  599.147436][   T46] veth1_vlan: left promiscuous mode
[  599.149699][   T46] veth0_vlan: left promiscuous mode
[  599.322317][T12176] Bluetooth: hci4: command 0x040f tx timeout
[  600.042322][T12176] Bluetooth: hci0: command tx timeout
[  600.479466][T15914] netlink: 'syz.2.2473': attribute type 10 has an invalid length.
[  600.671197][T15915] vim2m vim2m.0: vidioc_s_fmt queue busy
[  600.762613][T15915] netfs: Couldn't get user pages (rc=-14)
[  600.816680][T15916] 9pnet_fd: Insufficient options for proto=fd
[  600.960359][T15914] veth0_vlan: left promiscuous mode
[  600.988619][T15914] veth0_vlan: entered promiscuous mode
[  601.020353][T15914] team0: Device veth0_vlan failed to register rx_handler
[  601.270756][T15839] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  601.293143][T15839] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  601.300632][T15839] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  601.307400][T15839] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  601.393565][   T46] IPVS: stop unused estimator thread 0...
[  601.403603][T12176] Bluetooth: hci4: command 0x040f tx timeout
[  601.408258][T15839] 8021q: adding VLAN 0 to HW filter on device bond0
[  601.419471][T15839] 8021q: adding VLAN 0 to HW filter on device team0
[  601.427687][T14875] bridge0: port 1(bridge_slave_0) entered blocking state
[  601.430122][T14875] bridge0: port 1(bridge_slave_0) entered forwarding state
[  601.439370][T14875] bridge0: port 2(bridge_slave_1) entered blocking state
[  601.441965][T14875] bridge0: port 2(bridge_slave_1) entered forwarding state
[  601.487263][T15931] binder: 15918:15931 ioctl 80049370 80000100 returned -22
[  601.583319][T15839] 8021q: adding VLAN 0 to HW filter on device batadv0
[  601.616716][T15839] veth0_vlan: entered promiscuous mode
[  601.625708][T15839] veth1_vlan: entered promiscuous mode
[  601.654304][T15839] veth0_macvtap: entered promiscuous mode
[  601.658972][T15839] veth1_macvtap: entered promiscuous mode
[  601.669369][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  601.673134][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  601.676518][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  601.680874][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  601.684965][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  601.688752][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  601.693215][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  601.696937][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  601.701382][T15839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  601.709825][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  601.713532][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  601.717136][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  601.721617][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  601.726352][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  601.730834][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  601.734160][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  601.737815][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  601.742530][T15839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  601.753516][T15839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  601.756666][T15839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  601.760827][T15839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  601.763937][T15839] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  601.801691][T14872] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.808791][T14872] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.830687][T14873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.834320][T14873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  602.122182][T12176] Bluetooth: hci0: command tx timeout
[  602.284557][   T57] libceph: connect (1)[c::]:6789 error -101
[  602.286754][   T57] libceph: mon0 (1)[c::]:6789 connect error
[  602.381319][T15976] ceph: No mds server is up or the cluster is laggy
[  602.471022][T15986] No control pipe specified
[  602.655727][T15992] lo speed is unknown, defaulting to 1000
[  602.724147][T15992] vxcan1 speed is unknown, defaulting to 1000
[  603.024597][   T10] libceph: connect (1)[c::]:6789 error -101
[  603.027437][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  603.154847][T16003] ceph: No mds server is up or the cluster is laggy
[  603.290923][T16017] lo speed is unknown, defaulting to 1000
[  603.359061][T16019] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2489'.
[  603.402874][T16025] No control pipe specified
[  603.461420][T16026] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2492'.
[  603.486193][T12176] Bluetooth: hci4: command 0x040f tx timeout
[  603.586418][T16026] team0: Port device team_slave_0 removed
[  603.848715][T16050] FAULT_INJECTION: forcing a failure.
[  603.848715][T16050] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  603.856001][T16050] CPU: 1 UID: 0 PID: 16050 Comm: syz.3.2498 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  603.856015][T16050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  603.856021][T16050] Call Trace:
[  603.856025][T16050]  <TASK>
[  603.856029][T16050]  dump_stack_lvl+0x16c/0x1f0
[  603.856071][T16050]  should_fail_ex+0x512/0x640
[  603.856092][T16050]  _copy_from_user+0x2e/0xd0
[  603.856107][T16050]  copy_from_sockptr_offset.constprop.0+0x153/0x1a0
[  603.856121][T16050]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  603.856137][T16050]  compat_ipv6_mcast_join_leave+0xdc/0x1e0
[  603.856151][T16050]  ? __pfx_compat_ipv6_mcast_join_leave+0x10/0x10
[  603.856170][T16050]  ? __local_bh_enable_ip+0xa4/0x120
[  603.856182][T16050]  ? lockdep_hardirqs_on+0x7c/0x110
[  603.856197][T16050]  do_ipv6_setsockopt+0x310b/0x4320
[  603.856211][T16050]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  603.856224][T16050]  ? find_held_lock+0x2b/0x80
[  603.856234][T16050]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  603.856245][T16050]  ? __lock_acquire+0x5ca/0x1ba0
[  603.856268][T16050]  ? __pfx___might_resched+0x10/0x10
[  603.856281][T16050]  ? aa_sk_perm+0x2f4/0xb10
[  603.856293][T16050]  ? ipv6_setsockopt+0xcb/0x170
[  603.856304][T16050]  ipv6_setsockopt+0xcb/0x170
[  603.856316][T16050]  udpv6_setsockopt+0x7d/0xd0
[  603.856331][T16050]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  603.856345][T16050]  do_sock_setsockopt+0x221/0x470
[  603.856357][T16050]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  603.856378][T16050]  __sys_setsockopt+0x120/0x1a0
[  603.856390][T16050]  __ia32_sys_setsockopt+0xbc/0x160
[  603.856400][T16050]  ? lockdep_hardirqs_on+0x7c/0x110
[  603.856412][T16050]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  603.856425][T16050]  __do_fast_syscall_32+0x73/0x120
[  603.856440][T16050]  do_fast_syscall_32+0x32/0x80
[  603.856454][T16050]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  603.856465][T16050] RIP: 0023:0xf710e579
[  603.856473][T16050] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  603.856483][T16050] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  603.856492][T16050] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029
[  603.856498][T16050] RDX: 000000000000002a RSI: 0000000080000140 RDI: 0000000000000088
[  603.856504][T16050] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  603.856509][T16050] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  603.856514][T16050] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  603.856527][T16050]  </TASK>
[  604.022212][T12317] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  604.194912][T12317] usb 5-1: config 0 has no interfaces?
[  604.198617][T12317] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  604.201780][T12317] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.204597][T12176] Bluetooth: hci0: command tx timeout
[  604.206701][T12317] usb 5-1: Product: syz
[  604.208722][T12317] usb 5-1: Manufacturer: syz
[  604.210883][T12317] usb 5-1: SerialNumber: syz
[  604.237603][T12317] usb 5-1: config 0 descriptor??
[  604.362710][T16058] lo speed is unknown, defaulting to 1000
[  604.366274][T16058] vxcan1 speed is unknown, defaulting to 1000
[  604.971132][T16069] FAULT_INJECTION: forcing a failure.
[  604.971132][T16069] name failslab, interval 1, probability 0, space 0, times 0
[  604.985456][T16069] CPU: 0 UID: 0 PID: 16069 Comm: syz.3.2503 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  604.985474][T16069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  604.985480][T16069] Call Trace:
[  604.985484][T16069]  <TASK>
[  604.985500][T16069]  dump_stack_lvl+0x16c/0x1f0
[  604.985518][T16069]  should_fail_ex+0x512/0x640
[  604.985532][T16069]  ? fs_reclaim_acquire+0xae/0x150
[  604.985548][T16069]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  604.985562][T16069]  should_failslab+0xc2/0x120
[  604.985574][T16069]  __kmalloc_noprof+0xd2/0x510
[  604.985588][T16069]  tomoyo_realpath_from_path+0xc2/0x6e0
[  604.985602][T16069]  ? tomoyo_profile+0x47/0x60
[  604.985618][T16069]  tomoyo_path_number_perm+0x245/0x580
[  604.985629][T16069]  ? tomoyo_path_number_perm+0x237/0x580
[  604.985641][T16069]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  604.985667][T16069]  ? find_held_lock+0x2b/0x80
[  604.985676][T16069]  ? hook_file_ioctl_common+0x145/0x410
[  604.985687][T16069]  ? __fget_files+0x204/0x3c0
[  604.985704][T16069]  ? __fget_files+0x20e/0x3c0
[  604.985718][T16069]  ? fput+0x20/0xf0
[  604.985731][T16069]  security_file_ioctl_compat+0x9b/0x240
[  604.985745][T16069]  __ia32_compat_sys_ioctl+0xc3/0x360
[  604.985760][T16069]  __do_fast_syscall_32+0x73/0x120
[  604.985775][T16069]  do_fast_syscall_32+0x32/0x80
[  604.985788][T16069]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  604.985801][T16069] RIP: 0023:0xf710e579
[  604.985809][T16069] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  604.985823][T16069] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  604.985833][T16069] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501
[  604.985839][T16069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  604.985844][T16069] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  604.985849][T16069] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  604.985855][T16069] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  604.985868][T16069]  </TASK>
[  604.986117][T16069] ERROR: Out of memory at tomoyo_realpath_from_path.
[  604.997665][T16067] overlayfs: missing 'lowerdir'
[  605.332974][T16080] lo speed is unknown, defaulting to 1000
[  605.337626][T16080] vxcan1 speed is unknown, defaulting to 1000
[  605.698256][T16084] overlayfs: missing 'lowerdir'
[  606.693343][T12317] usb 5-1: USB disconnect, device number 10
[  606.827538][T16098] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  606.832231][   T34] IPVS: starting estimator thread 0...
[  606.922638][T16101] IPVS: using max 26 ests per chain, 62400 per kthread
[  607.041124][   T79] libceph: connect (1)[c::]:6789 error -101
[  607.044022][   T79] libceph: mon0 (1)[c::]:6789 connect error
[  607.101569][T16111] ceph: No mds server is up or the cluster is laggy
[  607.116877][ T2291] libceph: connect (1)[c::]:6789 error -101
[  607.119286][ T2291] libceph: mon0 (1)[c::]:6789 connect error
[  607.122026][ T2291] libceph: connect (1)[c::]:6789 error -101
[  607.124499][ T2291] libceph: mon0 (1)[c::]:6789 connect error
[  607.179647][T16114] ceph: No mds server is up or the cluster is laggy
[  607.350548][T16123] tipc: Started in network mode
[  607.353434][T16123] tipc: Node identity 563a60d8b73e, cluster identity 4711
[  607.356032][T16123] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  607.380016][T16123] syzkaller0: entered promiscuous mode
[  607.381957][T16123] syzkaller0: entered allmulticast mode
[  607.388114][T16123] tipc: Resetting bearer <eth:syzkaller0>
[  607.405297][T16124] overlayfs: missing 'lowerdir'
[  607.454021][T16122] tipc: Resetting bearer <eth:syzkaller0>
[  608.329220][T16134] netlink: 'syz.3.2521': attribute type 3 has an invalid length.
[  608.337731][T16134] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2521'.
[  608.407720][T16136] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  608.448563][   T58] tipc: Node number set to 3775160536
[  608.844859][T16122] tipc: Disabling bearer <eth:syzkaller0>
[  608.859534][T16131] lo: entered allmulticast mode
[  608.920392][T16142] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  609.050117][T16146] netlink: 'syz.2.2525': attribute type 10 has an invalid length.
[  609.058149][T16146] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2525'.
[  609.098887][T16146] team0: Port device geneve0 added
[  609.436068][T16151] lo speed is unknown, defaulting to 1000
[  609.439860][T16151] vxcan1 speed is unknown, defaulting to 1000
[  610.970378][T16170] lo speed is unknown, defaulting to 1000
[  610.976018][T16170] vxcan1 speed is unknown, defaulting to 1000
[  611.411974][   T40] audit: type=1800 audit(1746579814.779:337): pid=16178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2532" name="blkio.throttle.io_service_bytes_recursive" dev="9p" ino=35913963 res=0 errno=0
[  611.681353][T16188] binder: 16187:16188 ioctl c0306201 80001440 returned -11
[  611.715123][T16190] FAULT_INJECTION: forcing a failure.
[  611.715123][T16190] name failslab, interval 1, probability 0, space 0, times 0
[  611.720657][T16190] CPU: 2 UID: 0 PID: 16190 Comm: syz.0.2535 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  611.720680][T16190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  611.720690][T16190] Call Trace:
[  611.720696][T16190]  <TASK>
[  611.720703][T16190]  dump_stack_lvl+0x16c/0x1f0
[  611.720730][T16190]  should_fail_ex+0x512/0x640
[  611.720757][T16190]  ? __kmalloc_noprof+0xbf/0x510
[  611.720777][T16190]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  611.720802][T16190]  should_failslab+0xc2/0x120
[  611.720821][T16190]  __kmalloc_noprof+0xd2/0x510
[  611.720838][T16190]  ? __pfx___mutex_trylock_common+0x10/0x10
[  611.720867][T16190]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  611.720896][T16190]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  611.720920][T16190]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  611.720942][T16190]  ? trace_cap_capable+0x18d/0x200
[  611.720965][T16190]  ? bpf_lsm_capable+0x9/0x10
[  611.720982][T16190]  ? security_capable+0x7e/0x260
[  611.720997][T16190]  ? ns_capable+0xd7/0x110
[  611.721018][T16190]  genl_rcv_msg+0x55c/0x800
[  611.721044][T16190]  ? __pfx_genl_rcv_msg+0x10/0x10
[  611.721065][T16190]  ? __pfx___dev_queue_xmit+0x10/0x10
[  611.721090][T16190]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  611.721116][T16190]  ? __lock_acquire+0xaa4/0x1ba0
[  611.721141][T16190]  netlink_rcv_skb+0x16a/0x440
[  611.721160][T16190]  ? __pfx_genl_rcv_msg+0x10/0x10
[  611.721183][T16190]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  611.721215][T16190]  ? __pfx_down_read+0x10/0x10
[  611.721240][T16190]  ? netlink_deliver_tap+0x1ae/0xd30
[  611.721263][T16190]  genl_rcv+0x28/0x40
[  611.721283][T16190]  netlink_unicast+0x53a/0x7f0
[  611.721306][T16190]  ? __pfx_netlink_unicast+0x10/0x10
[  611.721332][T16190]  netlink_sendmsg+0x8d1/0xdd0
[  611.721356][T16190]  ? __pfx_netlink_sendmsg+0x10/0x10
[  611.721378][T16190]  ? __import_iovec+0x1c8/0x660
[  611.721409][T16190]  ____sys_sendmsg+0xa95/0xc70
[  611.721434][T16190]  ? __pfx_____sys_sendmsg+0x10/0x10
[  611.721456][T16190]  ? get_compat_msghdr+0x11a/0x170
[  611.721497][T16190]  ___sys_sendmsg+0x134/0x1d0
[  611.721516][T16190]  ? __pfx____sys_sendmsg+0x10/0x10
[  611.721545][T16190]  __sys_sendmsg+0x16d/0x220
[  611.721556][T16190]  ? __pfx___sys_sendmsg+0x10/0x10
[  611.721573][T16190]  ? rcu_is_watching+0x12/0xc0
[  611.721584][T16190]  __do_fast_syscall_32+0x73/0x120
[  611.721600][T16190]  do_fast_syscall_32+0x32/0x80
[  611.721613][T16190]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  611.721626][T16190] RIP: 0023:0xf705e579
[  611.721635][T16190] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  611.721645][T16190] RSP: 002b:00000000f504e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  611.721655][T16190] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  611.721661][T16190] RDX: 0000000000000084 RSI: 0000000000000000 RDI: 0000000000000000
[  611.721666][T16190] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  611.721671][T16190] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  611.721677][T16190] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  611.721689][T16190]  </TASK>
[  611.829112][    C2] vkms_vblank_simulate: vblank timer overrun
[  612.125753][T16204] lo speed is unknown, defaulting to 1000
[  612.130726][T16204] vxcan1 speed is unknown, defaulting to 1000
[  612.340995][T12317] libceph: connect (1)[c::]:6789 error -101
[  612.343511][T12317] libceph: mon0 (1)[c::]:6789 connect error
[  612.345617][T16201] ceph: No mds server is up or the cluster is laggy
[  612.348243][T12317] libceph: connect (1)[c::]:6789 error -101
[  612.350383][T12317] libceph: mon0 (1)[c::]:6789 connect error
[  613.060903][T16217] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  613.063099][T16217] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  613.066381][T16217] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  613.068449][T16217] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  613.071061][T16217] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  613.074157][T16217] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  613.077557][T16217] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  613.094480][T16217] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2543'.
[  613.247667][   T34] libceph: connect (1)[c::]:6789 error -101
[  613.250459][   T34] libceph: mon0 (1)[c::]:6789 connect error
[  613.259673][   T34] libceph: connect (1)[c::]:6789 error -101
[  613.263163][   T34] libceph: mon0 (1)[c::]:6789 connect error
[  613.374469][T16229] ceph: No mds server is up or the cluster is laggy
[  613.557909][T16244] FAULT_INJECTION: forcing a failure.
[  613.557909][T16244] name failslab, interval 1, probability 0, space 0, times 0
[  613.568926][T16244] CPU: 2 UID: 0 PID: 16244 Comm: syz.0.2548 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  613.568941][T16244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  613.568947][T16244] Call Trace:
[  613.568951][T16244]  <TASK>
[  613.568955][T16244]  dump_stack_lvl+0x16c/0x1f0
[  613.568973][T16244]  should_fail_ex+0x512/0x640
[  613.568987][T16244]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  613.569004][T16244]  should_failslab+0xc2/0x120
[  613.569016][T16244]  __kmalloc_cache_noprof+0x6a/0x3e0
[  613.569032][T16244]  ? sctp_has_association+0xdd/0x270
[  613.569060][T16244]  ? sctp_association_new+0xbb/0x2a00
[  613.569073][T16244]  sctp_association_new+0xbb/0x2a00
[  613.569087][T16244]  sctp_connect_new_asoc+0x1b6/0x790
[  613.569098][T16244]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  613.569109][T16244]  ? sctp_endpoint_lookup_assoc+0x15c/0x2a0
[  613.569126][T16244]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  613.569143][T16244]  sctp_sendmsg+0x15f9/0x1ee0
[  613.569157][T16244]  ? __pfx_sctp_sendmsg+0x10/0x10
[  613.569174][T16244]  ? __might_fault+0xe3/0x190
[  613.569186][T16244]  ? __pfx_aa_sk_perm+0x10/0x10
[  613.569199][T16244]  ? __pfx_sctp_sendmsg+0x10/0x10
[  613.569210][T16244]  inet_sendmsg+0x119/0x140
[  613.569224][T16244]  __sys_sendto+0x431/0x510
[  613.569235][T16244]  ? __pfx___sys_sendto+0x10/0x10
[  613.569256][T16244]  ? ksys_write+0x1b9/0x240
[  613.569265][T16244]  ? __pfx_ksys_write+0x10/0x10
[  613.569276][T16244]  __ia32_sys_sendto+0xdd/0x1b0
[  613.569285][T16244]  ? lockdep_hardirqs_on+0x7c/0x110
[  613.569297][T16244]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  613.569311][T16244]  __do_fast_syscall_32+0x73/0x120
[  613.569325][T16244]  do_fast_syscall_32+0x32/0x80
[  613.569339][T16244]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  613.569350][T16244] RIP: 0023:0xf705e579
[  613.569359][T16244] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  613.569368][T16244] RSP: 002b:00000000f502d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[  613.569377][T16244] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080847fff
[  613.569383][T16244] RDX: 0000000000034000 RSI: 0000000000000000 RDI: 000000008005ffe4
[  613.569389][T16244] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  613.569395][T16244] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  613.569400][T16244] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  613.569413][T16244]  </TASK>
[  614.172668][T16260] lo speed is unknown, defaulting to 1000
[  614.177946][T16260] vxcan1 speed is unknown, defaulting to 1000
[  614.376525][T16265] No control pipe specified
[  614.476572][T16268] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2551'.
[  614.509158][   T34] libceph: connect (1)[c::]:6789 error -101
[  614.511555][   T34] libceph: mon0 (1)[c::]:6789 connect error
[  614.516776][   T34] libceph: connect (1)[c::]:6789 error -101
[  614.518915][   T34] libceph: mon0 (1)[c::]:6789 connect error
[  614.589759][T16266] ceph: No mds server is up or the cluster is laggy
[  614.819239][T16288] FAULT_INJECTION: forcing a failure.
[  614.819239][T16288] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  614.825203][T16288] CPU: 1 UID: 0 PID: 16288 Comm: syz.0.2557 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  614.825218][T16288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  614.825224][T16288] Call Trace:
[  614.825227][T16288]  <TASK>
[  614.825231][T16288]  dump_stack_lvl+0x16c/0x1f0
[  614.825249][T16288]  should_fail_ex+0x512/0x640
[  614.825265][T16288]  _copy_to_user+0x32/0xd0
[  614.825281][T16288]  simple_read_from_buffer+0xcb/0x170
[  614.825297][T16288]  proc_fail_nth_read+0x197/0x270
[  614.825311][T16288]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  614.825325][T16288]  ? rw_verify_area+0xcf/0x680
[  614.825338][T16288]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  614.825352][T16288]  vfs_read+0x1de/0xc70
[  614.825362][T16288]  ? __pfx___mutex_lock+0x10/0x10
[  614.825376][T16288]  ? __pfx_vfs_read+0x10/0x10
[  614.825388][T16288]  ? __fget_files+0x20e/0x3c0
[  614.825419][T16288]  ksys_read+0x12a/0x240
[  614.825429][T16288]  ? __pfx_ksys_read+0x10/0x10
[  614.825439][T16288]  ? rcu_is_watching+0x12/0xc0
[  614.825450][T16288]  __do_fast_syscall_32+0x73/0x120
[  614.825465][T16288]  do_fast_syscall_32+0x32/0x80
[  614.825478][T16288]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  614.825490][T16288] RIP: 0023:0xf705e579
[  614.825498][T16288] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  614.825508][T16288] RSP: 002b:00000000f504e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  614.825517][T16288] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f504e620
[  614.825523][T16288] RDX: 000000000000000f RSI: 00000000f73c2ff4 RDI: 0000000000000000
[  614.825529][T16288] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  614.825534][T16288] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  614.825539][T16288] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  614.825551][T16288]  </TASK>
[  614.924427][   T40] audit: type=1400 audit(1746579818.299:338): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=16289 comm="syz.2.2558"
[  615.122547][T12176] Bluetooth: hci0: command 0x0c1a tx timeout
[  615.122635][ T5936] Bluetooth: hci4: command 0x040f tx timeout
[  615.122768][ T5290] Bluetooth: hci3: command 0x0c1a tx timeout
[  615.122810][ T5290] Bluetooth: hci2: command 0x0c1a tx timeout
[  615.822289][T16315] lo speed is unknown, defaulting to 1000
[  615.827508][T16315] vxcan1 speed is unknown, defaulting to 1000
[  616.330598][T16320] lo speed is unknown, defaulting to 1000
[  616.335891][T16320] vxcan1 speed is unknown, defaulting to 1000
[  616.761956][T16326] FAULT_INJECTION: forcing a failure.
[  616.761956][T16326] name failslab, interval 1, probability 0, space 0, times 0
[  616.767437][T16326] CPU: 2 UID: 0 PID: 16326 Comm: syz.2.2568 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  616.767452][T16326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  616.767458][T16326] Call Trace:
[  616.767462][T16326]  <TASK>
[  616.767466][T16326]  dump_stack_lvl+0x16c/0x1f0
[  616.767484][T16326]  should_fail_ex+0x512/0x640
[  616.767501][T16326]  ? __kmalloc_node_noprof+0xc5/0x500
[  616.767540][T16326]  should_failslab+0xc2/0x120
[  616.767552][T16326]  __kmalloc_node_noprof+0xd8/0x500
[  616.767563][T16326]  ? __get_vm_area_node+0x1e5/0x300
[  616.767577][T16326]  ? __vmalloc_node_range_noprof+0x3eb/0x1540
[  616.767594][T16326]  __vmalloc_node_range_noprof+0x3eb/0x1540
[  616.767610][T16326]  ? __kernel_text_address+0xd/0x40
[  616.767629][T16326]  ? kernel_read_file+0x6ff/0x910
[  616.767643][T16326]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  616.767658][T16326]  ? stack_trace_save+0x8e/0xc0
[  616.767668][T16326]  ? ima_read_file+0x142/0x1a0
[  616.767688][T16326]  ? __pfx_ima_read_file+0x10/0x10
[  616.767708][T16326]  ? __kasan_check_byte+0x13/0x50
[  616.767728][T16326]  ? kernel_read_file+0x6ff/0x910
[  616.767745][T16326]  vmalloc_noprof+0x6b/0x90
[  616.767767][T16326]  ? kernel_read_file+0x6ff/0x910
[  616.767786][T16326]  kernel_read_file+0x6ff/0x910
[  616.767805][T16326]  ? __pfx_kernel_read_file+0x10/0x10
[  616.767821][T16326]  init_module_from_file+0xb8/0x150
[  616.767834][T16326]  ? __pfx_init_module_from_file+0x10/0x10
[  616.767853][T16326]  ? find_held_lock+0x2b/0x80
[  616.767863][T16326]  ? idempotent_init_module+0x5e1/0x790
[  616.767876][T16326]  ? do_raw_spin_unlock+0x172/0x230
[  616.767891][T16326]  idempotent_init_module+0x227/0x790
[  616.767904][T16326]  ? __pfx_idempotent_init_module+0x10/0x10
[  616.767916][T16326]  ? find_held_lock+0x2b/0x80
[  616.767933][T16326]  __ia32_sys_finit_module+0xbc/0x140
[  616.767951][T16326]  __do_fast_syscall_32+0x73/0x120
[  616.767966][T16326]  do_fast_syscall_32+0x32/0x80
[  616.767979][T16326]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  616.767992][T16326] RIP: 0023:0xf712e579
[  616.768000][T16326] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  616.768010][T16326] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 000000000000015e
[  616.768020][T16326] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  616.768026][T16326] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000
[  616.768032][T16326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  616.768037][T16326] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  616.768042][T16326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  616.768054][T16326]  </TASK>
[  616.768059][T16326] syz.2.2568: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  616.875125][T16326] CPU: 3 UID: 0 PID: 16326 Comm: syz.2.2568 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  616.875152][T16326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  616.875159][T16326] Call Trace:
[  616.875163][T16326]  <TASK>
[  616.875166][T16326]  dump_stack_lvl+0x16c/0x1f0
[  616.875185][T16326]  warn_alloc+0x248/0x3a0
[  616.875197][T16326]  ? __pfx_warn_alloc+0x10/0x10
[  616.875206][T16326]  ? dump_stack_lvl+0x185/0x1f0
[  616.875218][T16326]  ? lockdep_hardirqs_on+0x7c/0x110
[  616.875234][T16326]  ? rcu_is_watching+0x12/0xc0
[  616.875244][T16326]  ? trace_kmalloc+0x2b/0xd0
[  616.875256][T16326]  ? __get_vm_area_node+0x1e5/0x300
[  616.875274][T16326]  __vmalloc_node_range_noprof+0x1110/0x1540
[  616.875290][T16326]  ? __kernel_text_address+0xd/0x40
[  616.875308][T16326]  ? kernel_read_file+0x6ff/0x910
[  616.875322][T16326]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  616.875337][T16326]  ? stack_trace_save+0x8e/0xc0
[  616.875346][T16326]  ? ima_read_file+0x142/0x1a0
[  616.875361][T16326]  ? __pfx_ima_read_file+0x10/0x10
[  616.875375][T16326]  ? __kasan_check_byte+0x13/0x50
[  616.875387][T16326]  ? kernel_read_file+0x6ff/0x910
[  616.875398][T16326]  vmalloc_noprof+0x6b/0x90
[  616.875413][T16326]  ? kernel_read_file+0x6ff/0x910
[  616.875424][T16326]  kernel_read_file+0x6ff/0x910
[  616.875437][T16326]  ? __pfx_kernel_read_file+0x10/0x10
[  616.875452][T16326]  init_module_from_file+0xb8/0x150
[  616.875464][T16326]  ? __pfx_init_module_from_file+0x10/0x10
[  616.875483][T16326]  ? find_held_lock+0x2b/0x80
[  616.875494][T16326]  ? idempotent_init_module+0x5e1/0x790
[  616.875532][T16326]  ? do_raw_spin_unlock+0x172/0x230
[  616.875552][T16326]  idempotent_init_module+0x227/0x790
[  616.875566][T16326]  ? __pfx_idempotent_init_module+0x10/0x10
[  616.875577][T16326]  ? find_held_lock+0x2b/0x80
[  616.875595][T16326]  __ia32_sys_finit_module+0xbc/0x140
[  616.875608][T16326]  __do_fast_syscall_32+0x73/0x120
[  616.875623][T16326]  do_fast_syscall_32+0x32/0x80
[  616.875636][T16326]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  616.875649][T16326] RIP: 0023:0xf712e579
[  616.875657][T16326] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  616.875666][T16326] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 000000000000015e
[  616.875676][T16326] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  616.875681][T16326] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000
[  616.875687][T16326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  616.875692][T16326] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  616.875697][T16326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  616.875709][T16326]  </TASK>
[  616.875762][T16326] Mem-Info:
[  616.975297][T16326] active_anon:8534 inactive_anon:2 isolated_anon:0
[  616.975297][T16326]  active_file:6688 inactive_file:15364 isolated_file:0
[  616.975297][T16326]  unevictable:1768 dirty:812 writeback:0
[  616.975297][T16326]  slab_reclaimable:5972 slab_unreclaimable:68952
[  616.975297][T16326]  mapped:24698 shmem:4928 pagetables:725
[  616.975297][T16326]  sec_pagetables:319 bounce:0
[  616.975297][T16326]  kernel_misc_reclaimable:0
[  616.975297][T16326]  free:54911 free_pcp:3920 free_cma:0
[  617.009113][T16326] Node 0 active_anon:1428kB inactive_anon:0kB active_file:464kB inactive_file:412kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:372kB dirty:72kB writeback:0kB shmem:3644kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10280kB pagetables:768kB sec_pagetables:1148kB all_unreclaimable? yes Balloon:0kB
[  617.027577][T16326] Node 1 active_anon:32708kB inactive_anon:8kB active_file:26288kB inactive_file:61044kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:98420kB dirty:3176kB writeback:0kB shmem:16068kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3456kB pagetables:2132kB sec_pagetables:128kB all_unreclaimable? no Balloon:0kB
[  617.041030][T16326] Node 0 DMA free:3492kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:148kB local_pcp:0kB free_cma:0kB
[  617.052498][T16326] lowmem_reserve[]: 0 293 293 293 293
[  617.054729][T16326] Node 0 DMA32 free:21004kB boost:2048kB min:15496kB low:18856kB high:22216kB reserved_highatomic:4096KB active_anon:1424kB inactive_anon:0kB active_file:464kB inactive_file:412kB unevictable:3536kB writepending:72kB present:1032196kB managed:300228kB mlocked:0kB bounce:0kB free_pcp:2388kB local_pcp:284kB free_cma:0kB
[  617.066335][T16326] lowmem_reserve[]: 0 0 0 0 0
[  617.068638][T16326] Node 1 DMA32 free:207532kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:10240KB active_anon:32720kB inactive_anon:8kB active_file:26288kB inactive_file:61044kB unevictable:3536kB writepending:3184kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:1284kB local_pcp:128kB free_cma:0kB
[  617.080391][T16326] lowmem_reserve[]: 0 0 0 0 0
[  617.082470][T16326] Node 0 DMA: 69*4kB (U) 54*8kB (U) 20*16kB (U) 25*32kB (U) 4*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 3492kB
[  617.088481][T16326] Node 0 DMA32: 218*4kB (UEH) 114*8kB (UMEH) 30*16kB (UMEH) 49*32kB (UMEH) 100*64kB (UMEH) 20*128kB (UME) 9*256kB (UMEH) 5*512kB (UMH) 1*1024kB (M) 1*2048kB (M) 0*4096kB = 20728kB
[  617.097511][T16326] Node 1 DMA32: 611*4kB (UMEH) 824*8kB (UMEH) 643*16kB (UMEH) 787*32kB (UMEH) 485*64kB (UMEH) 114*128kB (UMEH) 51*256kB (UMEH) 46*512kB (UMEH) 13*1024kB (UME) 13*2048kB (UME) 10*4096kB (UM) = 207644kB
[  617.105525][T16326] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  617.109481][T16326] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  617.113627][T16326] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  617.122670][T16326] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  617.126618][T16326] 27367 total pagecache pages
[  617.128617][T16326] 140 pages in swap cache
[  617.130466][T16326] Free swap  = 123588kB
[  617.132899][T16326] Total swap = 124996kB
[  617.134694][T16326] 524155 pages RAM
[  617.136353][T16326] 0 pages HighMem/MovableOnly
[  617.138401][T16326] 208187 pages reserved
[  617.140197][T16326] 0 pages cma reserved
[  617.182206][ T5936] Bluetooth: hci2: command 0x0c1a tx timeout
[  617.184291][ T5936] Bluetooth: hci0: command 0x0c1a tx timeout
[  617.814766][T16352] netlink: 'syz.0.2577': attribute type 5 has an invalid length.
[  617.820113][T16352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  619.165603][T16375] FAULT_INJECTION: forcing a failure.
[  619.165603][T16375] name failslab, interval 1, probability 0, space 0, times 0
[  619.170399][T16375] CPU: 1 UID: 0 PID: 16375 Comm: syz.1.2584 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  619.170415][T16375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  619.170421][T16375] Call Trace:
[  619.170426][T16375]  <TASK>
[  619.170430][T16375]  dump_stack_lvl+0x16c/0x1f0
[  619.170461][T16375]  should_fail_ex+0x512/0x640
[  619.170475][T16375]  ? __kmalloc_noprof+0xbf/0x510
[  619.170487][T16375]  ? iter_file_splice_write+0x1cc/0x1150
[  619.170502][T16375]  should_failslab+0xc2/0x120
[  619.170514][T16375]  __kmalloc_noprof+0xd2/0x510
[  619.170528][T16375]  iter_file_splice_write+0x1cc/0x1150
[  619.170542][T16375]  ? current_time+0x11d/0x1a0
[  619.170552][T16375]  ? __pfx_current_time+0x10/0x10
[  619.170560][T16375]  ? __pfx_make_vfsgid+0x10/0x10
[  619.170575][T16375]  ? atime_needs_update+0x8b/0x710
[  619.170588][T16375]  ? __pfx_iter_file_splice_write+0x10/0x10
[  619.170603][T16375]  ? __lock_acquire+0xaa4/0x1ba0
[  619.170626][T16375]  ? __pfx_iter_file_splice_write+0x10/0x10
[  619.170641][T16375]  direct_splice_actor+0x18f/0x6c0
[  619.170657][T16375]  splice_direct_to_actor+0x342/0xa30
[  619.170672][T16375]  ? __pfx_direct_splice_actor+0x10/0x10
[  619.170693][T16375]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  619.170707][T16375]  ? get_pid_task+0xfc/0x250
[  619.170724][T16375]  do_splice_direct+0x174/0x240
[  619.170738][T16375]  ? __pfx_do_splice_direct+0x10/0x10
[  619.170752][T16375]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  619.170768][T16375]  ? rw_verify_area+0xcf/0x680
[  619.170783][T16375]  do_sendfile+0xafd/0xe50
[  619.170801][T16375]  ? __pfx_do_sendfile+0x10/0x10
[  619.170815][T16375]  ? __might_fault+0xe3/0x190
[  619.170826][T16375]  ? __might_fault+0x13b/0x190
[  619.170840][T16375]  __ia32_compat_sys_sendfile+0x162/0x220
[  619.170852][T16375]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  619.170865][T16375]  ? rcu_is_watching+0x12/0xc0
[  619.170876][T16375]  __do_fast_syscall_32+0x73/0x120
[  619.170891][T16375]  do_fast_syscall_32+0x32/0x80
[  619.170904][T16375]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  619.170916][T16375] RIP: 0023:0xf7f77579
[  619.170925][T16375] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  619.170934][T16375] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  619.170943][T16375] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000005
[  619.170949][T16375] RDX: 00000000800002c0 RSI: 0000000000007f03 RDI: 0000000000000000
[  619.170955][T16375] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  619.170960][T16375] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  619.170965][T16375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  619.170978][T16375]  </TASK>
[  619.276452][ T5936] Bluetooth: hci0: command 0x0c1a tx timeout
[  619.409747][T16381] lo speed is unknown, defaulting to 1000
[  619.413812][T16381] vxcan1 speed is unknown, defaulting to 1000
[  620.596998][   T10] libceph: connect (1)[c::]:6789 error -101
[  620.601909][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  620.658511][T16400] ceph: No mds server is up or the cluster is laggy
[  620.921465][   T58] libceph: connect (1)[c::]:6789 error -101
[  620.924556][   T58] libceph: mon0 (1)[c::]:6789 connect error
[  620.973414][T16411] ceph: No mds server is up or the cluster is laggy
[  621.052552][   T58] libceph: connect (1)[c::]:6789 error -101
[  621.057430][   T58] libceph: mon0 (1)[c::]:6789 connect error
[  621.060053][   T58] libceph: connect (1)[c::]:6789 error -101
[  621.062422][   T58] libceph: mon0 (1)[c::]:6789 connect error
[  621.137873][T16417] ceph: No mds server is up or the cluster is laggy
[  621.323429][T12176] Bluetooth: hci0: command 0x0c1a tx timeout
[  621.436038][T16432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2599'.
[  621.442004][T16432] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2599'.
[  622.483038][T16446] No control pipe specified
[  622.941630][T16454] lo speed is unknown, defaulting to 1000
[  622.944726][T16454] vxcan1 speed is unknown, defaulting to 1000
[  623.448647][T16475] FAULT_INJECTION: forcing a failure.
[  623.448647][T16475] name failslab, interval 1, probability 0, space 0, times 0
[  623.452950][T16475] CPU: 1 UID: 0 PID: 16475 Comm: syz.3.2607 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  623.452965][T16475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  623.452971][T16475] Call Trace:
[  623.452975][T16475]  <TASK>
[  623.452979][T16475]  dump_stack_lvl+0x16c/0x1f0
[  623.452996][T16475]  should_fail_ex+0x512/0x640
[  623.453010][T16475]  ? fs_reclaim_acquire+0xae/0x150
[  623.453026][T16475]  ? tomoyo_encode2+0x100/0x3e0
[  623.453038][T16475]  should_failslab+0xc2/0x120
[  623.453051][T16475]  __kmalloc_noprof+0xd2/0x510
[  623.453061][T16475]  ? d_absolute_path+0x136/0x1a0
[  623.453075][T16475]  tomoyo_encode2+0x100/0x3e0
[  623.453090][T16475]  tomoyo_encode+0x29/0x50
[  623.453102][T16475]  tomoyo_realpath_from_path+0x18f/0x6e0
[  623.453119][T16475]  tomoyo_check_open_permission+0x2ab/0x3c0
[  623.453132][T16475]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  623.453156][T16475]  ? do_raw_spin_lock+0x12c/0x2b0
[  623.453175][T16475]  tomoyo_file_open+0x6b/0x90
[  623.453190][T16475]  security_file_open+0x84/0x1e0
[  623.453204][T16475]  do_dentry_open+0x596/0x1c10
[  623.453218][T16475]  vfs_open+0x82/0x3f0
[  623.453232][T16475]  path_openat+0x1e5e/0x2d40
[  623.453246][T16475]  ? __pfx_path_openat+0x10/0x10
[  623.453259][T16475]  do_filp_open+0x20b/0x470
[  623.453268][T16475]  ? __pfx_do_filp_open+0x10/0x10
[  623.453287][T16475]  ? alloc_fd+0x471/0x7d0
[  623.453305][T16475]  do_sys_openat2+0x11b/0x1d0
[  623.453317][T16475]  ? __pfx_do_sys_openat2+0x10/0x10
[  623.453331][T16475]  ? __fget_files+0x20e/0x3c0
[  623.453348][T16475]  __ia32_compat_sys_openat+0x16d/0x210
[  623.453362][T16475]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  623.453375][T16475]  ? ksys_write+0x1b9/0x240
[  623.453384][T16475]  ? rcu_is_watching+0x12/0xc0
[  623.453394][T16475]  ? rcu_is_watching+0x12/0xc0
[  623.453404][T16475]  __do_fast_syscall_32+0x73/0x120
[  623.453419][T16475]  do_fast_syscall_32+0x32/0x80
[  623.453433][T16475]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  623.453445][T16475] RIP: 0023:0xf710e579
[  623.453453][T16475] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  623.453462][T16475] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  623.453471][T16475] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040
[  623.453477][T16475] RDX: 0000000000082002 RSI: 0000000000000000 RDI: 0000000000000000
[  623.453482][T16475] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  623.453488][T16475] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  623.453493][T16475] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  623.453505][T16475]  </TASK>
[  623.453515][T16475] ERROR: Out of memory at tomoyo_realpath_from_path.
[  623.624591][T16482] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2609'.
[  623.630132][T16482] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2609'.
[  623.752261][ T5996] libceph: connect (1)[c::]:6789 error -101
[  623.754368][ T5996] libceph: mon0 (1)[c::]:6789 connect error
[  623.756749][ T5996] libceph: connect (1)[c::]:6789 error -101
[  623.758937][ T5996] libceph: mon0 (1)[c::]:6789 connect error
[  623.804285][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  623.807115][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  623.807837][T16490] ceph: No mds server is up or the cluster is laggy
[  623.973454][T16498] FAULT_INJECTION: forcing a failure.
[  623.973454][T16498] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  623.979398][T16498] CPU: 1 UID: 0 PID: 16498 Comm: syz.2.2613 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  623.979419][T16498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  623.979428][T16498] Call Trace:
[  623.979434][T16498]  <TASK>
[  623.979460][T16498]  dump_stack_lvl+0x16c/0x1f0
[  623.979488][T16498]  should_fail_ex+0x512/0x640
[  623.979515][T16498]  _copy_to_user+0x32/0xd0
[  623.979542][T16498]  simple_read_from_buffer+0xcb/0x170
[  623.979568][T16498]  proc_fail_nth_read+0x197/0x270
[  623.979591][T16498]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  623.979616][T16498]  ? rw_verify_area+0xcf/0x680
[  623.979638][T16498]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  623.979661][T16498]  vfs_read+0x1de/0xc70
[  623.979681][T16498]  ? __pfx___mutex_lock+0x10/0x10
[  623.979703][T16498]  ? __pfx_vfs_read+0x10/0x10
[  623.979725][T16498]  ? __fget_files+0x20e/0x3c0
[  623.979756][T16498]  ksys_read+0x12a/0x240
[  623.979772][T16498]  ? __pfx_ksys_read+0x10/0x10
[  623.979789][T16498]  ? rcu_is_watching+0x12/0xc0
[  623.979810][T16498]  __do_fast_syscall_32+0x73/0x120
[  623.979835][T16498]  do_fast_syscall_32+0x32/0x80
[  623.979858][T16498]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  623.979884][T16498] RIP: 0023:0xf712e579
[  623.979899][T16498] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  623.979913][T16498] RSP: 002b:00000000f511e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  623.979929][T16498] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f511e620
[  623.979940][T16498] RDX: 000000000000000f RSI: 00000000f7492ff4 RDI: 0000000000000000
[  623.979951][T16498] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  623.979961][T16498] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  623.979969][T16498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  623.979991][T16498]  </TASK>
[  624.324358][T16510] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2616'.
[  624.618448][T16518] evm: overlay not supported
[  625.678566][T16550] lo speed is unknown, defaulting to 1000
[  625.682797][T16550] vxcan1 speed is unknown, defaulting to 1000
[  625.722141][T16555] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2628'.
[  625.763209][T16552] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  625.766194][T16552] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  625.769024][T16552] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  625.771960][T16552] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  625.824084][   T10] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  625.829471][   T10] hid-generic 0000:0000:0000.0008: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  625.877306][T16541] lo speed is unknown, defaulting to 1000
[  625.936201][T16541] vxcan1 speed is unknown, defaulting to 1000
[  626.148534][   T58] libceph: connect (1)[c::]:6789 error -101
[  626.150645][   T58] libceph: mon0 (1)[c::]:6789 connect error
[  626.155850][   T58] libceph: connect (1)[c::]:6789 error -101
[  626.157909][   T58] libceph: mon0 (1)[c::]:6789 connect error
[  626.275499][T16574] team0: Device gtp0 is of different type
[  626.314308][T16566] ceph: No mds server is up or the cluster is laggy
[  626.339013][T16576] batadv_slave_0: entered promiscuous mode
[  626.348371][T16575] batadv_slave_0: left promiscuous mode
[  626.427264][T16578] batadv_slave_0: entered promiscuous mode
[  626.430511][T16578] FAULT_INJECTION: forcing a failure.
[  626.430511][T16578] name failslab, interval 1, probability 0, space 0, times 0
[  626.437277][T16578] CPU: 0 UID: 0 PID: 16578 Comm: syz.3.2635 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  626.437293][T16578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  626.437300][T16578] Call Trace:
[  626.437304][T16578]  <TASK>
[  626.437308][T16578]  dump_stack_lvl+0x16c/0x1f0
[  626.437327][T16578]  should_fail_ex+0x512/0x640
[  626.437342][T16578]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  626.437355][T16578]  should_failslab+0xc2/0x120
[  626.437368][T16578]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  626.437380][T16578]  ? __alloc_skb+0x2b2/0x380
[  626.437393][T16578]  __alloc_skb+0x2b2/0x380
[  626.437403][T16578]  ? __pfx___alloc_skb+0x10/0x10
[  626.437413][T16578]  ? __mutex_trylock_common+0xe9/0x250
[  626.437428][T16578]  ? __pfx___mutex_trylock_common+0x10/0x10
[  626.437445][T16578]  netlink_dump+0x698/0xd00
[  626.437458][T16578]  ? __mutex_lock+0x1ca/0xb90
[  626.437472][T16578]  ? __pfx_netlink_dump+0x10/0x10
[  626.437483][T16578]  ? __rhashtable_lookup.constprop.0+0x3a5/0x760
[  626.437502][T16578]  ? __pfx_netlink_lookup+0x10/0x10
[  626.437517][T16578]  __netlink_dump_start+0x6d6/0x990
[  626.437531][T16578]  packet_diag_handler_dump+0x1f0/0x290
[  626.437547][T16578]  ? __pfx_packet_diag_handler_dump+0x10/0x10
[  626.437562][T16578]  ? __pfx_packet_diag_dump+0x10/0x10
[  626.437578][T16578]  ? sock_diag_lock_handler+0x10f/0x2e0
[  626.437598][T16578]  sock_diag_rcv_msg+0x437/0x790
[  626.437609][T16578]  netlink_rcv_skb+0x16a/0x440
[  626.437622][T16578]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  626.437639][T16578]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  626.437659][T16578]  ? netlink_deliver_tap+0x1ae/0xd30
[  626.437674][T16578]  netlink_unicast+0x53a/0x7f0
[  626.437688][T16578]  ? __pfx_netlink_unicast+0x10/0x10
[  626.437704][T16578]  netlink_sendmsg+0x8d1/0xdd0
[  626.437719][T16578]  ? __pfx_netlink_sendmsg+0x10/0x10
[  626.437737][T16578]  sock_write_iter+0x4fc/0x5b0
[  626.437752][T16578]  ? __pfx_sock_write_iter+0x10/0x10
[  626.437771][T16578]  ? bpf_lsm_file_permission+0x9/0x10
[  626.437787][T16578]  ? security_file_permission+0x71/0x210
[  626.437802][T16578]  ? rw_verify_area+0xcf/0x680
[  626.437819][T16578]  vfs_write+0x5ba/0x1180
[  626.437829][T16578]  ? __pfx_sock_write_iter+0x10/0x10
[  626.437844][T16578]  ? __pfx_vfs_write+0x10/0x10
[  626.437852][T16578]  ? find_held_lock+0x2b/0x80
[  626.437877][T16578]  ksys_write+0x205/0x240
[  626.437886][T16578]  ? __pfx_ksys_write+0x10/0x10
[  626.437897][T16578]  ? rcu_is_watching+0x12/0xc0
[  626.437909][T16578]  __do_fast_syscall_32+0x73/0x120
[  626.437924][T16578]  do_fast_syscall_32+0x32/0x80
[  626.437939][T16578]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  626.437952][T16578] RIP: 0023:0xf710e579
[  626.437961][T16578] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  626.437971][T16578] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  626.437981][T16578] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000040
[  626.437987][T16578] RDX: 0000000000000027 RSI: 0000000000000000 RDI: 0000000000000000
[  626.437993][T16578] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  626.437998][T16578] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  626.438004][T16578] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  626.438017][T16578]  </TASK>
[  626.605981][T16577] batadv_slave_0: left promiscuous mode
[  626.775182][T16587] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2637'.
[  626.827131][T16582] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  626.829945][T16582] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  626.833871][T16582] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  626.836385][T16582] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  627.059877][ T6049] libceph: connect (1)[c::]:6789 error -101
[  627.061922][ T6049] libceph: mon0 (1)[c::]:6789 connect error
[  627.064781][ T6049] libceph: connect (1)[c::]:6789 error -101
[  627.066816][ T6049] libceph: mon0 (1)[c::]:6789 connect error
[  627.160055][T16593] ceph: No mds server is up or the cluster is laggy
[  627.303114][T16601] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2642'.
[  627.428458][T16604] lo speed is unknown, defaulting to 1000
[  627.433154][T16604] vxcan1 speed is unknown, defaulting to 1000
[  627.558713][T16603] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2644'.
[  628.215821][T16618] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2647'.
[  628.251773][T16615] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  628.253984][T16615] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  628.256231][T16615] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  628.258425][T16615] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  628.341074][T16629] FAULT_INJECTION: forcing a failure.
[  628.341074][T16629] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  628.345625][T16629] CPU: 3 UID: 0 PID: 16629 Comm: syz.3.2652 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  628.345639][T16629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  628.345653][T16629] Call Trace:
[  628.345657][T16629]  <TASK>
[  628.345661][T16629]  dump_stack_lvl+0x16c/0x1f0
[  628.345679][T16629]  should_fail_ex+0x512/0x640
[  628.345695][T16629]  _copy_from_iter+0x2a4/0x15b0
[  628.345711][T16629]  ? __alloc_skb+0x200/0x380
[  628.345722][T16629]  ? __pfx__copy_from_iter+0x10/0x10
[  628.345742][T16629]  netlink_sendmsg+0x829/0xdd0
[  628.345756][T16629]  ? __pfx_netlink_sendmsg+0x10/0x10
[  628.345769][T16629]  ? __import_iovec+0x1c8/0x660
[  628.345786][T16629]  ____sys_sendmsg+0xa95/0xc70
[  628.345801][T16629]  ? __pfx_____sys_sendmsg+0x10/0x10
[  628.345814][T16629]  ? get_compat_msghdr+0x11a/0x170
[  628.345829][T16629]  ___sys_sendmsg+0x134/0x1d0
[  628.345841][T16629]  ? __pfx____sys_sendmsg+0x10/0x10
[  628.345867][T16629]  __sys_sendmsg+0x16d/0x220
[  628.345878][T16629]  ? __pfx___sys_sendmsg+0x10/0x10
[  628.345892][T16629]  ? rcu_is_watching+0x12/0xc0
[  628.345903][T16629]  ? rcu_is_watching+0x12/0xc0
[  628.345913][T16629]  __do_fast_syscall_32+0x73/0x120
[  628.345928][T16629]  do_fast_syscall_32+0x32/0x80
[  628.345941][T16629]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  628.345953][T16629] RIP: 0023:0xf710e579
[  628.345961][T16629] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  628.345971][T16629] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  628.345981][T16629] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000700
[  628.345987][T16629] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  628.345992][T16629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  628.345997][T16629] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  628.346002][T16629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  628.346014][T16629]  </TASK>
[  628.418234][    C3] vkms_vblank_simulate: vblank timer overrun
[  628.441314][T16635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2648'.
[  628.455855][T16635] ip6tnl1: entered promiscuous mode
[  628.457662][T16635] ip6tnl1: entered allmulticast mode
[  629.068171][T16648] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  629.071140][T16648] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  629.074803][T16648] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  629.077620][T16648] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  629.133758][T16659] FAULT_INJECTION: forcing a failure.
[  629.133758][T16659] name failslab, interval 1, probability 0, space 0, times 0
[  629.138215][T16659] CPU: 0 UID: 0 PID: 16659 Comm: syz.2.2660 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  629.138230][T16659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  629.138236][T16659] Call Trace:
[  629.138240][T16659]  <TASK>
[  629.138245][T16659]  dump_stack_lvl+0x16c/0x1f0
[  629.138262][T16659]  should_fail_ex+0x512/0x640
[  629.138279][T16659]  should_failslab+0xc2/0x120
[  629.138291][T16659]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  629.138303][T16659]  ? skb_clone+0x190/0x3f0
[  629.138316][T16659]  skb_clone+0x190/0x3f0
[  629.138328][T16659]  netlink_deliver_tap+0xabd/0xd30
[  629.138342][T16659]  netlink_unicast+0x5df/0x7f0
[  629.138356][T16659]  ? __pfx_netlink_unicast+0x10/0x10
[  629.138372][T16659]  netlink_sendmsg+0x8d1/0xdd0
[  629.138386][T16659]  ? __pfx_netlink_sendmsg+0x10/0x10
[  629.138398][T16659]  ? __import_iovec+0x1c8/0x660
[  629.138417][T16659]  ____sys_sendmsg+0xa95/0xc70
[  629.138433][T16659]  ? __pfx_____sys_sendmsg+0x10/0x10
[  629.138445][T16659]  ? get_compat_msghdr+0x11a/0x170
[  629.138462][T16659]  ___sys_sendmsg+0x134/0x1d0
[  629.138474][T16659]  ? __pfx____sys_sendmsg+0x10/0x10
[  629.138501][T16659]  __sys_sendmsg+0x16d/0x220
[  629.138512][T16659]  ? __pfx___sys_sendmsg+0x10/0x10
[  629.138528][T16659]  ? rcu_is_watching+0x12/0xc0
[  629.138540][T16659]  __do_fast_syscall_32+0x73/0x120
[  629.138555][T16659]  do_fast_syscall_32+0x32/0x80
[  629.138568][T16659]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  629.138580][T16659] RIP: 0023:0xf712e579
[  629.138588][T16659] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  629.138597][T16659] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  629.138607][T16659] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  629.138613][T16659] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  629.138618][T16659] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  629.138623][T16659] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  629.138629][T16659] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  629.138641][T16659]  </TASK>
[  629.140720][T16659] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2660'.
[  629.336018][T16664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2662'.
[  629.527492][ T6049] libceph: connect (1)[c::]:6789 error -101
[  629.529818][ T6049] libceph: mon0 (1)[c::]:6789 connect error
[  629.572418][T16671] ceph: No mds server is up or the cluster is laggy
[  629.587061][T16670] 8021q: adding VLAN 0 to HW filter on device bond1
[  629.590388][T16670] bond0: (slave bond1): Enslaving as an active interface with an up link
[  629.846731][T16682] random: crng reseeded on system resumption
[  629.860997][T16682] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2666'.
[  630.150423][T16681] wireguard0: entered promiscuous mode
[  630.152480][T16681] wireguard0: entered allmulticast mode
[  630.262662][T16694] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2671'.
[  630.508935][T16705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2673'.
[  630.867456][T16713] overlayfs: failed to resolve './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa': -2
[  631.082175][T12176] Bluetooth: hci2: command 0x0c1a tx timeout
[  631.084519][T12176] Bluetooth: hci0: command 0x0c1a tx timeout
[  631.085367][T16300] Bluetooth: hci4: command 0x040f tx timeout
[  631.089261][T16300] Bluetooth: hci3: command 0x0c1a tx timeout
[  631.189436][T12317] libceph: connect (1)[c::]:6789 error -101
[  631.192034][T12317] libceph: mon0 (1)[c::]:6789 connect error
[  631.200352][T12317] libceph: connect (1)[c::]:6789 error -101
[  631.202948][T12317] libceph: mon0 (1)[c::]:6789 connect error
[  631.254862][T16716] ceph: No mds server is up or the cluster is laggy
[  631.347218][T13657] libceph: connect (1)[c::]:6789 error -101
[  631.350003][T13657] libceph: mon0 (1)[c::]:6789 connect error
[  631.713163][   T57] libceph: connect (1)[c::]:6789 error -101
[  631.715694][   T57] libceph: mon0 (1)[c::]:6789 connect error
[  632.259887][ T3226] libceph: connect (1)[c::]:6789 error -101
[  632.262262][ T3226] libceph: mon0 (1)[c::]:6789 connect error
[  632.327162][T16725] ceph: No mds server is up or the cluster is laggy
[  632.506196][T16755] No control pipe specified
[  632.566177][T16758] lo speed is unknown, defaulting to 1000
[  632.569069][T16758] vxcan1 speed is unknown, defaulting to 1000
[  632.880404][   T58] libceph: connect (1)[c::]:6789 error -101
[  632.883183][   T58] libceph: mon0 (1)[c::]:6789 connect error
[  632.928428][T16767] ceph: No mds server is up or the cluster is laggy
[  633.192338][T16774] lo speed is unknown, defaulting to 1000
[  633.197669][T16774] vxcan1 speed is unknown, defaulting to 1000
[  633.345756][T16777] __nla_validate_parse: 1 callbacks suppressed
[  633.345773][T16777] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2690'.
[  633.726530][T16788] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  633.734510][T16788] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  633.736588][T16788] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  633.742479][T16788] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  633.904184][T12317] libceph: connect (1)[c::]:6789 error -101
[  633.906272][T12317] libceph: mon0 (1)[c::]:6789 connect error
[  633.909714][   T58] libceph: connect (1)[c::]:6789 error -101
[  633.911763][   T58] libceph: mon0 (1)[c::]:6789 connect error
[  633.944807][T16808] ceph: No mds server is up or the cluster is laggy
[  633.961137][T16810] ceph: No mds server is up or the cluster is laggy
[  634.306771][T16818] No control pipe specified
[  635.682250][   T58] libceph: connect (1)[c::]:6789 error -101
[  635.684337][   T58] libceph: mon0 (1)[c::]:6789 connect error
[  635.751473][T16845] ceph: No mds server is up or the cluster is laggy
[  635.802399][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout
[  635.806655][T16300] Bluetooth: hci2: command 0x0c1a tx timeout
[  635.809412][T12176] Bluetooth: hci4: command 0x040f tx timeout
[  635.812206][ T5941] Bluetooth: hci0: command 0x0c1a tx timeout
[  635.863395][T16854] 8021q: adding VLAN 0 to HW filter on device bond1
[  635.868917][T16854] bond0: (slave bond1): Enslaving as an active interface with an up link
[  636.206642][T16867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2711'.
[  636.216777][T16867] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2711'.
[  636.439021][T16873] binder: BINDER_SET_CONTEXT_MGR already set
[  636.441895][T16873] binder: 16872:16873 ioctl 4018620d 80000040 returned -16
[  636.461978][T16873] binder: 16872:16873 ioctl c0306201 80001440 returned -11
[  636.533440][T16885] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  636.536529][T16885] IPv6: NLM_F_CREATE should be set when creating new route
[  636.579230][T16885] binder: Bad value for 'max'
[  637.451102][T12317] libceph: connect (1)[c::]:6789 error -101
[  637.453297][T12317] libceph: mon0 (1)[c::]:6789 connect error
[  637.455650][T12317] libceph: connect (1)[c::]:6789 error -101
[  637.457757][T16900] ceph: No mds server is up or the cluster is laggy
[  637.460204][T12317] libceph: mon0 (1)[c::]:6789 connect error
[  637.848300][T16915] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.922301][T16915] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.025090][T16915] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.124047][T16915] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.364410][T12176] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  638.368390][T12176] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  638.371839][T12176] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  638.379900][T12176] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  638.403453][T12176] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  638.435783][T16925] binder: 16924:16925 ioctl c0306201 80001440 returned -11
[  638.474110][T16915] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  638.488430][T16915] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  638.505000][T16915] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  638.512550][T16922] lo speed is unknown, defaulting to 1000
[  638.523581][T16915] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  638.527942][T16922] vxcan1 speed is unknown, defaulting to 1000
[  638.851959][T16922] chnl_net:caif_netlink_parms(): no params data found
[  638.882488][T16936] FAULT_INJECTION: forcing a failure.
[  638.882488][T16936] name failslab, interval 1, probability 0, space 0, times 0
[  638.887931][T16936] CPU: 2 UID: 0 PID: 16936 Comm: syz.2.2734 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  638.887952][T16936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  638.887962][T16936] Call Trace:
[  638.887968][T16936]  <TASK>
[  638.887974][T16936]  dump_stack_lvl+0x16c/0x1f0
[  638.887999][T16936]  should_fail_ex+0x512/0x640
[  638.888020][T16936]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  638.888040][T16936]  should_failslab+0xc2/0x120
[  638.888059][T16936]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  638.888075][T16936]  ? get_page_from_freelist+0x133c/0x3920
[  638.888091][T16936]  ? __alloc_skb+0x2b2/0x380
[  638.888110][T16936]  __alloc_skb+0x2b2/0x380
[  638.888125][T16936]  ? __pfx___alloc_skb+0x10/0x10
[  638.888148][T16936]  alloc_skb_with_frags+0xe0/0x860
[  638.888169][T16936]  ? __pfx_get_page_from_freelist+0x10/0x10
[  638.888184][T16936]  ? should_fail_alloc_page+0xee/0x130
[  638.888204][T16936]  sock_alloc_send_pskb+0x7fb/0x990
[  638.888220][T16936]  ? trace_mm_page_alloc+0x11f/0x1a0
[  638.888247][T16936]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  638.888273][T16936]  unix_dgram_sendmsg+0x463/0x1910
[  638.888298][T16936]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  638.888321][T16936]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  638.888342][T16936]  ? aa_sk_perm+0x2f4/0xb10
[  638.888362][T16936]  ? __pfx_aa_sk_perm+0x10/0x10
[  638.888384][T16936]  unix_seqpacket_sendmsg+0x12a/0x1c0
[  638.888408][T16936]  ____sys_sendmsg+0xa95/0xc70
[  638.888431][T16936]  ? __pfx_____sys_sendmsg+0x10/0x10
[  638.888451][T16936]  ? get_compat_msghdr+0x11a/0x170
[  638.888477][T16936]  ___sys_sendmsg+0x134/0x1d0
[  638.888500][T16936]  ? __pfx____sys_sendmsg+0x10/0x10
[  638.888545][T16936]  __sys_sendmsg+0x16d/0x220
[  638.888561][T16936]  ? __pfx___sys_sendmsg+0x10/0x10
[  638.888588][T16936]  ? rcu_is_watching+0x12/0xc0
[  638.888605][T16936]  __do_fast_syscall_32+0x73/0x120
[  638.888627][T16936]  do_fast_syscall_32+0x32/0x80
[  638.888648][T16936]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  638.888667][T16936] RIP: 0023:0xf712e579
[  638.888678][T16936] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  638.888693][T16936] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  638.888707][T16936] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800006c0
[  638.888716][T16936] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  638.888725][T16936] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  638.888733][T16936] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  638.888742][T16936] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  638.888761][T16936]  </TASK>
[  639.125081][T16922] bridge0: port 1(bridge_slave_0) entered blocking state
[  639.128287][T16922] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.131519][T16922] bridge_slave_0: entered allmulticast mode
[  639.143904][T16922] bridge_slave_0: entered promiscuous mode
[  639.147807][T16922] bridge0: port 2(bridge_slave_1) entered blocking state
[  639.150293][T16922] bridge0: port 2(bridge_slave_1) entered disabled state
[  639.154663][T16922] bridge_slave_1: entered allmulticast mode
[  639.157478][T16922] bridge_slave_1: entered promiscuous mode
[  639.218055][T16945] netlink: 'syz.3.2737': attribute type 1 has an invalid length.
[  639.220715][T16945] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.2737'.
[  639.241671][T16922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  639.248900][T16922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  639.757040][T16954] binder: 16952:16954 ioctl c0306201 80001440 returned -11
[  640.502419][T16922] team0: Port device team_slave_0 added
[  640.521894][T16922] team0: Port device team_slave_1 added
[  640.591070][T16922] batman_adv: batadv0: Adding interface: batadv_slave_0
[  640.594108][T16922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  640.604482][T16922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  640.608965][   T46] : left promiscuous mode
[  640.621353][T16922] batman_adv: batadv0: Adding interface: batadv_slave_1
[  640.626658][T16922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  640.636479][T16922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  640.687848][T16922] hsr_slave_0: entered promiscuous mode
[  640.690159][T16922] hsr_slave_1: entered promiscuous mode
[  640.695771][T16922] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  640.698264][T16922] Cannot create hsr debugfs directory
[  640.707509][   T46] IPVS: stopping backup sync thread 8497 ...
[  640.718087][T16961] 
[  640.719216][T16961] ======================================================
[  640.722335][T16961] WARNING: possible circular locking dependency detected
[  640.724991][T16961] 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 Not tainted
[  640.728870][T16961] ------------------------------------------------------
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  640.732061][T16961] syz.3.2741/16961 is trying to acquire lock:
[  640.734641][T16961] ffff88802275b888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  640.738476][T16961] 
[  640.738476][T16961] but task is already holding lock:
[  640.741501][T16961] ffff888022426468 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[  640.744962][T16961] 
[  640.744962][T16961] which lock already depends on the new lock.
[  640.744962][T16961] 
[  640.749100][T16961] 
[  640.749100][T16961] the existing dependency chain (in reverse order) is:
[  640.752720][T16961] 
[  640.752720][T16961] -> #2 (&pipe->mutex){+.+.}-{4:4}:
[  640.755699][T16961]        __mutex_lock+0x199/0xb90
[  640.757714][T16961]        anon_pipe_write+0x15d/0x1a70
[  640.759937][T16961]        __kernel_write_iter+0x71d/0xa90
[  640.762261][T16961]        __kernel_write+0xf5/0x140
[  640.764406][T16961]        autofs_notify_daemon+0x4db/0xd60
[  640.766733][T16961]        autofs_wait+0x10ca/0x1a70
[  640.768878][T16961]        autofs_do_expire_multi+0x14e/0x500
[  640.771342][T16961]        autofs_expire_multi+0x68/0x90
[  640.773528][T16961]        autofs_root_ioctl_unlocked+0x520/0x8d0
[  640.776003][T16961]        autofs_root_compat_ioctl+0x69/0xa0
[  640.778424][T16961]        __ia32_compat_sys_ioctl+0x24c/0x360
[  640.780957][T16961]        __do_fast_syscall_32+0x73/0x120
[  640.783250][T16961]        do_fast_syscall_32+0x32/0x80
[  640.785462][T16961]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  640.788231][T16961] 
[  640.788231][T16961] -> #1 (&sbi->pipe_mutex){+.+.}-{4:4}:
[  640.791365][T16961]        __mutex_lock+0x199/0xb90
[  640.793411][T16961]        autofs_notify_daemon+0x4a6/0xd60
[  640.795693][T16961]        autofs_wait+0x10ca/0x1a70
[  640.797355][T16961]        autofs_mount_wait+0x132/0x380
[  640.799040][T16961]        autofs_d_automount+0x390/0x7f0
[  640.800759][T16961]        __traverse_mounts+0x192/0x790
[  640.802538][T16961]        step_into+0x5aa/0x2270
[  640.804158][T16961]        walk_component+0xfc/0x5b0
[  640.805854][T16961]        path_lookupat+0x17e/0x780
[  640.807545][T16961]        filename_lookup+0x224/0x5f0
[  640.809293][T16961]        kern_path+0x35/0x50
[  640.810819][T16961]        lookup_bdev+0xd8/0x280
[  640.812432][T16961]        resume_store+0x1d6/0x460
[  640.814084][T16961]        kobj_attr_store+0x55/0x80
[  640.815785][T16961]        sysfs_kf_write+0xef/0x150
[  640.817462][T16961]        kernfs_fop_write_iter+0x351/0x510
[  640.819382][T16961]        vfs_write+0x5ba/0x1180
[  640.820978][T16961]        ksys_write+0x12a/0x240
[  640.822576][T16961]        __do_fast_syscall_32+0x73/0x120
[  640.824441][T16961]        do_fast_syscall_32+0x32/0x80
[  640.826209][T16961]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  640.828433][T16961] 
[  640.828433][T16961] -> #0 (&of->mutex){+.+.}-{4:4}:
[  640.830781][T16961]        __lock_acquire+0x1173/0x1ba0
[  640.832545][T16961]        lock_acquire+0x179/0x350
[  640.834192][T16961]        __mutex_lock+0x199/0xb90
[  640.835863][T16961]        kernfs_fop_write_iter+0x28f/0x510
[  640.837770][T16961]        iter_file_splice_write+0x91c/0x1150
[  640.839758][T16961]        do_splice+0x1475/0x1fc0
[  640.841391][T16961]        __do_splice+0x32a/0x360
[  640.843027][T16961]        __ia32_sys_splice+0x189/0x250
[  640.844900][T16961]        __do_fast_syscall_32+0x73/0x120
[  640.846705][T16961]        do_fast_syscall_32+0x32/0x80
[  640.848495][T16961]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  640.850705][T16961] 
[  640.850705][T16961] other info that might help us debug this:
[  640.850705][T16961] 
[  640.854018][T16961] Chain exists of:
[  640.854018][T16961]   &of->mutex --> &sbi->pipe_mutex --> &pipe->mutex
[  640.854018][T16961] 
[  640.857997][T16961]  Possible unsafe locking scenario:
[  640.857997][T16961] 
[  640.860420][T16961]        CPU0                    CPU1
[  640.862196][T16961]        ----                    ----
[  640.863912][T16961]   lock(&pipe->mutex);
[  640.865293][T16961]                                lock(&sbi->pipe_mutex);
[  640.867562][T16961]                                lock(&pipe->mutex);
[  640.869749][T16961]   lock(&of->mutex);
[  640.871065][T16961] 
[  640.871065][T16961]  *** DEADLOCK ***
[  640.871065][T16961] 
[  640.873679][T16961] 2 locks held by syz.3.2741/16961:
[  640.875394][T16961]  #0: ffff88804a9a6420 (sb_writers#7){.+.+}-{0:0}, at: __do_splice+0x32a/0x360
[  640.878334][T16961]  #1: ffff888022426468 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[  640.881165][T16961] 
[  640.881165][T16961] stack backtrace:
[  640.883082][T16961] CPU: 3 UID: 0 PID: 16961 Comm: syz.3.2741 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) 
[  640.883095][T16961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  640.883102][T16961] Call Trace:
[  640.883107][T16961]  <TASK>
[  640.883112][T16961]  dump_stack_lvl+0x116/0x1f0
[  640.883128][T16961]  print_circular_bug+0x275/0x350
[  640.883143][T16961]  check_noncircular+0x14c/0x170
[  640.883156][T16961]  __lock_acquire+0x1173/0x1ba0
[  640.883172][T16961]  lock_acquire+0x179/0x350
[  640.883183][T16961]  ? kernfs_fop_write_iter+0x28f/0x510
[  640.883197][T16961]  ? __pfx___might_resched+0x10/0x10
[  640.883208][T16961]  __mutex_lock+0x199/0xb90
[  640.883222][T16961]  ? kernfs_fop_write_iter+0x28f/0x510
[  640.883235][T16961]  ? kernfs_fop_write_iter+0x28f/0x510
[  640.883246][T16961]  ? __pfx___mutex_lock+0x10/0x10
[  640.883259][T16961]  ? __pfx__copy_from_iter+0x10/0x10
[  640.883273][T16961]  ? rcu_is_watching+0x12/0xc0
[  640.883281][T16961]  ? trace_kmalloc+0x2b/0xd0
[  640.883319][T16961]  ? __kmalloc_noprof+0x242/0x510
[  640.883331][T16961]  ? kernfs_fop_write_iter+0x28f/0x510
[  640.883344][T16961]  kernfs_fop_write_iter+0x28f/0x510
[  640.883357][T16961]  iter_file_splice_write+0x91c/0x1150
[  640.883375][T16961]  ? __pfx_iter_file_splice_write+0x10/0x10
[  640.883394][T16961]  ? __pfx_iter_file_splice_write+0x10/0x10
[  640.883408][T16961]  do_splice+0x1475/0x1fc0
[  640.883421][T16961]  ? __lock_acquire+0x5ca/0x1ba0
[  640.883434][T16961]  ? __pfx_do_splice+0x10/0x10
[  640.883447][T16961]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  640.883460][T16961]  ? find_held_lock+0x2b/0x80
[  640.883468][T16961]  __do_splice+0x32a/0x360
[  640.883483][T16961]  ? __pfx___do_splice+0x10/0x10
[  640.883498][T16961]  __ia32_sys_splice+0x189/0x250
[  640.883512][T16961]  __do_fast_syscall_32+0x73/0x120
[  640.883526][T16961]  do_fast_syscall_32+0x32/0x80
[  640.883539][T16961]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  640.883551][T16961] RIP: 0023:0xf710e579
[  640.883561][T16961] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  640.883570][T16961] RSP: 002b:00000000f50dd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
[  640.883579][T16961] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  640.883585][T16961] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 000000000000bfd1
[  640.883590][T16961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  640.883596][T16961] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  640.883601][T16961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  640.883609][T16961]  </TASK>
[  641.012332][ T5936] Bluetooth: hci0: command tx timeout
[  641.358938][   T46] veth1_macvtap: left promiscuous mode
[  641.361115][   T46] veth0_macvtap: left promiscuous mode
[  641.363897][   T46] veth1_vlan: left promiscuous mode
[  641.365683][   T46] veth0_vlan: left promiscuous mode
[  641.568172][   T46] team0 (unregistering): Port device team_slave_1 removed
[  641.608346][   T46] team0 (unregistering): Port device team_slave_0 removed
[  641.770375][T14871] smc: removing ib device syz1
[  641.796339][   T34] vxcan1 speed is unknown, defaulting to 1000
[  641.798987][   T34] syz1: Port: 1 Link DOWN
[  642.293840][   T46] bridge_slave_1: left allmulticast mode
[  642.296392][   T46] bridge_slave_1: left promiscuous mode
[  642.298942][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.303121][   T46] bridge_slave_0: left allmulticast mode
[  642.305560][   T46] bridge_slave_0: left promiscuous mode
[  642.308121][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  642.404909][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  642.408581][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  642.412298][   T46] bond0 (unregistering): Released all slaves
[  642.573497][   T46] hsr_slave_0: left promiscuous mode
[  642.575629][   T46] hsr_slave_1: left promiscuous mode
[  642.577748][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  642.580571][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  642.597545][   T46] team0 (unregistering): Port device team_slave_1 removed
[  642.643185][   T46] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
01:04:04  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000000 RBX=ffffea000142e300 RCX=ffffffff81f5702f RDX=1ffffd4000285c60
RSI=0000000000000008 RDI=ffffea000142e300 RBP=ffffea000142e300 RSP=ffffc900034af3c0
R8 =0000000000000000 R9 =fffff94000285c60 R10=ffffea000142e307 R11=0000000000000000
R12=ffff8880404b0048 R13=0000000000020901 R14=0000000000000001 R15=ffff88807ffd6400
RIP=ffffffff81f5704a RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977ec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f56e40 CR3=000000004a683000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73f2ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88802b541480 RCX=ffffffff81ae9e69 RDX=ffff88801f3ea440
RSI=ffffffff81ae9e43 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc9000107f938
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=ffffffff9ad268c8
R12=ffffed10056a8291 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b33b180
RIP=ffffffff81ae9e45 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880978ec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000056de64c0 CR3=000000000e180000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000083d0bc RBX=0000000000000002 RCX=ffffffff8b6953e9 RDX=ffffed10056865be
RSI=ffffffff8bf46be0 RDI=ffffffff81913241 RBP=ffffed1003b55910 RSP=ffffc9000047fdf8
R8 =0000000000000000 R9 =ffffed10056865bd R10=ffff88802b432deb R11=0000000000000000
R12=0000000000000002 R13=ffff88801daac880 R14=ffffffff90852310 R15=0000000000000000
RIP=ffffffff8b693c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979ec000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000056db74c0 CR3=000000005c2a2000 CR4=00352ef0
DR0=0000040000000000 DR1=000000000000000a DR2=0000000000000003 DR3=0000000000000106 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5fe312f4064ea27a f8e0e298d0f5b946
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff77c02212303191 505a83fb91d18681
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 052a6c310626e343 e3423114eca91c85
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e4417d1ccb13552b 9edfa5490d08b126
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000440
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1282669e01851353 3023000033900000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 be340cba00000038 00000185f4667142
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0185132501820000 97ee67fd00000185
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b0b20000137dc9be 0185135e00000185
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 dc81df29b6fdb176 b2a82f5086a3f16c
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b23cfa7f9ba77e17 5d65dfcc194beaf1
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff854c2230 RDI=ffffffff9addfbc0 RBP=ffffffff9addfb80 RSP=ffffc90003acf1d0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff35bbfca R15=dffffc0000000000
RIP=ffffffff854c2257 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097aec000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f50ddda4 CR3=000000002632f000 CR4=00352ef0
DR0=0000040000000000 DR1=000000000000000a DR2=0000000000000003 DR3=0000000000000106 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000