last executing test programs:

29.280290732s ago: executing program 1 (id=3497):
socket(0x840000000002, 0x3, 0xff)
openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket(0x10, 0x803, 0x0)
gettid()
timerfd_create(0x0, 0x0)
r0 = syz_io_uring_setup(0x7934, &(0x7f0000000900)={0x0, 0x0, 0x10100}, &(0x7f00000000c0), &(0x7f0000000000)=<r1=>0x0)
syz_io_uring_setup(0x49c9, &(0x7f00000002c0)={0x0, 0x7592, 0x8, 0x1, 0x34a}, &(0x7f0000000780)=<r2=>0x0, &(0x7f0000000640)=<r3=>0x0)
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4007, @fd_index=0x1, 0x8, &(0x7f0000000800)=[{&(0x7f0000003a80)="6dcd62819fa2c0cdb7339cbb5701b5a576896234f58f8354dc3684b8be2c3823a868397ac6aa939cc765577e92dc517905c335d2f1ac1cbfb8f6d6c56b5a35222f3c55e13220a9651f7dc8377d06052480eca570c8cfc8ec61ffd9d50208b1b9606fae688306fa9ad35ab8f9f4ec013f6637c2868db75212e13574ee58b482031af0e6769b01dbdc570a3802ec255097cd43c2b0b0b2e56c81d7fe6e17125c049c3bbc0292c8117d154288ae2cae34c5e3415968e96b79f103cff6932b94030071616cd65b4fcf9f95d240bb9e49e3d107f003c18a406104cb61d4ab454b3d3b2af793af1ff86b78e811028d86362a4a3c70bd69e601baee74116de1611b082b987598cf9291e7aec44568650ae0f27fcd449192bd15840bf197e809237fe63ba01f62f65bd12f0c88fa8e23df40db49381b6c282a2378f161ae57f8e251b6d55024da1701d65048bc5dfc12b7f964a00905af78be46acd8351f03c9c427e14d0379e3e07f552377ab0607550f503c24c02eb7a970437799634b3e560bd1d59e9d44f8f6751ca56d43fa2a4312e73d21e2224cccac5a5de9b7f6f691124eb06fc4e8ec7748447267aea671fe3843662cfa2f3cbf254dc9310acb623d089daae1db28735a3e0001f5537e983b64556bd83813711d4cccfd6092da8c830a2bd55ec07b8863aed891828f72bbe62b8643954a2b56de963d93abe06173b9e13632f83f5844511c082e0b2482161ccba103af5863f4c7f8bafe1e34de38377362541e80b74f0c0b20768eb68905e470351e886a6d676eb2a62275958e9b8b6557418bb70bd7480b74a5f350dc4b5a374e3046393ca6cabf46a38e346a3cf6f43520d26d6b864f1b7f14640cd1db5aca7acc58d666aed96f03a9ffad2fbfc5814773e58dfaa97d5404e03efebbcad0335c4bda62d316eaa292db5e641ac0959e47096c5e37037eec55c07c667f2e73971873305c6959b5471131d467887b7407eafcc69ba997bfc51fe89c8bc3c5572a0adc11199dae01119013e32ac76df0f0e75986c81f8a0d1f27a8556acadd78a95ac3a3a2832b39169445125a8de0d2f9888ae0d1062ee9a6a7bba8ed690f9f6816fc153a99c02dbc95fa32db1b1641b1cfa17511c53a5016c75a93f07499d78156335b0e8378d94d6d2541f08a344b30ad704980fd1d86671d1e0a86971c21c18fa17efb7474be49c6631a04bebdad753f79c8bbd20b395ba7f468d49cd046d7e7b4ed17fefe4464a08a05fcf5dbffd9b1b56d77385c0aaa9f1032f93c539f065d91ac00f923d3a1ccf541ec56b3ac22ea319cfe3deb18c0f3db97bb602c788f03e812720db0c1c5992ef59c6948f29b796576aa3f4ad80b6a89dcda6ede8bc4430ebdf5535308033cb84be8c91ad028ffa97a551194241db7fe57de540b80d72d093ba815eb36687c11604c615befc659ca878b8ffb747d88fbf3b8cb8b19165fb4850f0ec553376fd8c57450a7173d12f8d73daef3ff2ebd8a4db173567b971da7da8882e3861c1427ec6e7df8a40357b4f3d696e727b2deefb4b4ab7160d17443bb74d6dbb3c4fac8ff6bfa51fe58f488e1d63fc690c678d1879c1ada894f78efd22cb09a04f459c528460cd443a92b0535a5660b0965da2e418f02da4b34f83920dbdfa70fb0cd14a5c195c8b8f648e948b7d8412e4847c0461e38b0eafa52306bd8a507aa5e64820f02f85721adafd5567ef85ccb40dafd3ac677c3136d68d13bdd5918badbb46a360c99345fd238299cb79ed0a70ce47bb706b29a4e2c74da0b4d6cfb37b6f81562719eeaa9c7e19a6773ab93d88b28f877df7ad5f3083a8a26f1e5444286ae5c627c343f920312254f2ea6cd8b731f0c648939a7d1221a231174ecaf059041a1b5151e644662f1a370fa129002aec56a92b74bf5a1ffc6fa577702d0febbf8f14941957e6ae85c5414c1a3bf825b7fa3b6697b9ab914540ac37a976d8226c0abada3b35c8c58f1ee00986600b1cb4eecb69ddfe45699dc8714b91e4059768b1c1fccc44d0af9a441b91ef8660e2ccfd79b3dddb78a4897c6e5bd2c968bf4ab61c404dbe6262a741bec3ee4df625252cc56abd33f2e08629dec557c3dc16bcbdffa30a2769cc423d548743964c359ebe763725f383abd63e42995da7272740225680eba5fbd385e10d8483885bc2b9190d1c39e167aadb0f30c75236d5971ba1d94e0286d716c6db034663cbd4fad0f8a37d05abf03d612cf1aa282aed1c82c6bf42ea30acfd1cb9479230910ccbc8e987f0a219e3b746c2d4b85e649f87ebf25b6f4133abcfbc94e86e672764d86b7eca915cdae94ca9de1632287f6f6f1344517071093d7cb0c2c48716e969b40b10e5c21f92ef3a9ffcc77837bed1cc5f33a5b339684e7ad4ed05daba145f338663fd1ca3e241e7e3d5fb68ffaac2a09f5cf43958edb0f7ed1789d2483bc5d03c632fededf64359f1a47479cd8e8d3bc177b12638017e85a0e9842536186a39c9a0d6ffc0aedaa95fd43b0281b4814906d90a8f93b182e83a7ac9c01d708bab9344843a1bea45a0f68cae87e50e3e320ada093c91abfc42982067205d2efae336ff5e40ca43bdbd93da98d8e7ef69904174697d004ba923bffae86b97329bbb544e371a6c8f13743abd6e2e61f40c7c5d2f10a1ef5ca661c0ed3a0f719bed52076370431c90642f685f03f6b2bb4fdfce31a68dd5460b2a6f0ed1009f0136a16fd98ce51aee2b5f1ef1ea034207326dde166247b854090e54c70c68a137d9be13085f2a6293783aea8a647607b9f01eb29b0816648a80d7ad35121594f7c08aaacac38bf2f47f0648894f3359205e21eae73d6b13a6cbd268d1adfad9d89b321a8cd19f248d6b0c4e122516193bbfc2eb9b9da334915e74fd7b761a98e2a75e46808cd85b0c561c6498c69c89763fd651bf84d1f87e5cfce2a5508cc5db33535ec044c660849c827c76f5cee42935a7a136925868241fffeae861dc7f2424f85ec7bb9f7093f78f6202844612be69ebddbadf12b05852a9654841f1b6bdc6b5955a4b4a8356f7817101b49c46572308f3e0b172c9f3a72b0a7ba567b297b620c871aebc39c5836c4760b8f92b8c2dc9681f2c7725c7eb480866941aa45ed30b5766171451ac1b5fc1298f5acd30bfb5b07e77905e1e5334cfc2f8cb9d7c826b8d8d3c54f15dc73aa5c3674a950466e3defc3b349520613fd90d00561cc2e46932c0b95d0e02e15bcf2049d5a9aba4fa65c0301af763083ff953fcdf3a686f3636e8a841858689424af8d475b56b9336ab3ac9e5c61c044323fe7b1ec84f467c3981ad72d84bc84e91671f1e1b5306f4db1fe67cc7df1a3d6bf0ac2bd74e62ff587826530742dd6fd415fae390f07d3bd169474f40f38c21fa2bc2a1c69e5a0d2061f4eb0d05f9593603c0270ff4efc18fae86ecf68f999fb1e83201bb314a69f842218bc687a14b0593549d572c28079521eebf07d2f943573fdc403bc73782079f2988f6393c25f57695060ea0cb202a7807f661081dec3d0b3900f6ba82c72930b19430b24dcb93d3b9bb86ed4c409d241b019afc78363976c4065bdba5c6cd5be15612c08f8031b310526d4f20b27fa50861a117014622db88fb1d8369c7f2c4eaa2ae6f9de2ca5dc9f4892a8721d13f0f0ccc165e26776d1e796d85e63df17ec6bcda45125cdc6321c43f2671215376ecc129941e31204f61f8f6a6851181acaf1b0a32eb585f9116b56787114e8ae62b6af455b7cadb4a3093d6384eb3cc6e31a25b970fe0cab0b84c27f664bbbcb533fd5959f2ec0e8690960233484e91d464f77183020606a7a7163af0e8eb909aaa89afd6778c23677fd3b18c2486cf50b15f42ff525b45eb75ef0ea5a3154cd6b1e9d158e2916e47784bb3c556608a65b29b4d68898efdf1978f5829b386a7eab38b97e7ed4847393b7c434d0e14b24bd044d72e58cf96e27fff9279950dd5e9c3071e0e0897e6d5cdb4a1304a881896c95a1dcc66d26fa236562bdd392a367a6538b101a46da5b32967711b9604bf0d93f06a934103f9eea7a38dc469b53a3ca35bed4b74fb69dcb93e87238fb3f21cc3eac41aefed517a251ba49ba0fae1c1c7967e0262d4ac4c70412dc6cd58273327a0e17da7f2c3bfbfe5ff796ef9fe865407be6fea33df45cf809b6e62ae3d6a381c4921a884532d94abe90938236e88513cc68bc07e06a2d38e649de03163c6fda1dc8d365ba22e5b00c42eb7f5e016aff252df214c77089d4c8d68a2d37741b1ceefdab218953e7e7830a396e60f0142b91ae6f83b672ff352b09283bbc8d9667a033922f2eb9bd692987b54a336a0fad817c061bfff7332bbb6da0bacad0f62c9404a23fe0e7bdbdc657c6074f0209d3a522ba8a3eda8a32d00be94625af80e95fafecd38316f6eb044bd5c3338ca1f3efce2c98a8abdf5038f338b27112b82c62c6cdbb6ae8a3f268db7e60f590a7e74f1d55112c8ea65329f1e5393cfcc6466060be52d327640f97ba4f8ae97363ff3b74f942f5fd2392d6be5b76068b5332e4cd0bcb697010a0ea70c9fc6152a3b61a06752d8c3b5169b527e2ab9d01d935b6fb1d4101f1d683b1585ec7b278f31e207844801a5d2c2314912e2746421b8fb9962cfec0d3f54b532f2146f88bb3f1b18e2b6b09f25c470bb88f238ba7408b43c2cfd0ed31e463e43a98e2456636306408ac5566a6b6f881ebcf213f3f7f04dd77a1ba7ab7552415169ef48736ee9442222eb924586c79fa1bbdceaeab2bbea92ebaa969575280b46c4354c4d0e73967de84704717cdbb1fd52c21e7f091ee65d45a2607cfabd877d14415110e42290c424f4c28c7c3ee066c8400e9612549c3158b7c0b4ff40810fd8388a1e25052567ba799ae06bddb20501b9b7bc2b26aa8708538e0e0785b6e1d5aaf1ad1c111079c1cc2683503f912236b091d2e904ff7c9054b442e8c0bb26f3790c8b97b4115dd296806c8f6e8601e2ee03ae5f20135faf871bc165c8b1bab81ce10ab829776b7396af21dccfe013959051c9c0c7783cc17709de33d1bd79f3ac50c11ba0df3ffcaaf3b1a69cbacc33dae1fb44053f9376e67784c56c33b6c6b2e23aa3fa432cf8b692b038b1dfa9f43d568a352dd91ed43b80c0b3ff083348a1ebfc3d6bc6c19b1711b698d7e8adda8ffe15a38886dfa0db32a0480f743d41f608bf79e136a6bf05a1d3afb6645188b0ee5083bd72eaf822f34e5858a46cc74d402f334cb6b7da0c9579681c413f943a93721cbaf02434e2bafa5f1c127f6134e271cb5a138d5082de4bf30b04ea7d0ccc1d2fe23d8d55787aa0c276bd590846199c515e06d4dda31d9ea82b6fd97a9738c8fffdca1d430fc8f6ad88da2afa817549ee42e762f3cee6edfa8334a7621885964de66658282a2da03bdb76ecb36ba57bf52277ef9f9a4acef4cf243ba4ad7c7e54671081140cba1119d1b230a8af02612d261cc3db888c4a46f6b556a94b2703e39f93a5ece4c3d204edf4c1ce53c611c95046bbd594dab69524ba8135716c5004f1a7e3be99fa200cc71b822bfed66178b9c911a507359e1fc01e313f65f9f0afc7b8a0c266b12735f107de40d1344d49c7ef95d69a688a05e7fa6049b227f2db1def926270921aa173631574e087a1f5b338e87b395427d6010965318fb3fb80b1a7693fc0ffd8f98a88192bde1db03fc0b6527217f4e6efa2dd859906dc3bf0ed8f6f8cae680cdf392b380204a56dde15657496ede024c46f9debd4a24d906098d9efb681dcee63b1650a5263b5a1b76e6038144ebd8ddfdd0", 0x1000}, {&(0x7f0000004a80)="53e8e80f4af083443dd338fbff617b4a139142265c4f317a469397f9fd3952ebc5d51914075bc4af759e21308b16d638a55df2d5b0b074c8c169091f5018a62202d86d9419d0832df630e8852aeae3d963277f0d431948eb24b90ccb7834f6d1dea2a76b84d4ff81c8bfb0a5386e4f411909dfaf2e4b1676526e9d9059b0c0ba76b696b12e6c3d1575b1c791e2b430225be656ea1df7ab974372ae28a113da562f63b2a8c82e9c3ade9ac374a4e5b6b4a3f2ddcc768667ed194af8f6dec10da1a2e917db2bbbe8575665d3f841fa4c2d9361f88a795596c2217c0192078cf72a586c218de499a5741d84f40e6deff20c72408ea84163a7294cddff9789be2071e70e583f4ebb5a09eef8ff48d2615e3c6d18fec87d97cbb41e2855eff8970aefd7a2901ec8317f2e0ab16c259cade2693f64ba488a3797b31d5446547a01385f92093b593a323317a3c426c08e1b4f6079c22a941212ca27dae57cdac8e435bba0496ef115545a148c355728ef83bfe7f8f0740837c28d88466c2f1bfaa20301b15843d8ea8c1962b373bd7cdd7696fc1b924c9b1debc58ac0de03133af50b47e75b35706959e04a3a433f1fe1c4d3c8bd47ef4f3ae27e0f94c097c558b7dc1553aeee595682add2ff8ca90973c2ce20e6778695d588248edff7c3539e45966fadc012d6849f7ca0e3cc9438c45eda00a577c7551b6b4d3bb79ae505a5c108ed4b2b4ba91fd45fb626dc75a8191c7b014ceb0b63a476ddda575df22d212bf2ccff2c27d6bf7562b134ec1ce8a379b75445b584e775129f5e3157f7650459f80643466d48e6869fb582048f5da41f2873b9ae7f225cbc761fef80c1f79b68f0a24962d27485955707fb12e17b3c432f494ce270ca4047cfa1a8242f5562416e84bc11057c64fb720227679cbb32d0dba85ea42ef3895e55dacbbc920d95839899d48827656ba019bcbba9632efe1dce6f6f6768788ab2440404470eb754d795b26a65b274233a6447cf4465cf34a7f9f61f335e1ca46cf9ff419d1d03ba347d44d77d28b401139d993fa788a507cf67f15503ab30cd2f37c01392f4354b9eb50a6358209084b7a52cd57a0f89ea5b75abe028f7c22f86c279011ed3546926be1eeb64c6361e8ccd333f2b5533286d59852df7b7a02c5638842e367f23749ba30fc0674268801b86bde225656554f6656b47d2eeaeab8eafec92819b191cc4910f8211edceddb6c56517efc99458faa55ebb482b4f0c504a76305002d913463307ebdd0139fcbf75d9521449cb0344abaee8775a90b3fbaf8f566ebb17bc6a2f6eb29afd6926bc76f89ff17d2029e4e4125bff1d397735c8f3a238832c1333d96eb9dd597ecde4c6d13a5b6ffe3b13bf8da3df6dea37b0c2abb3ff605f7237a9ab4e620b49a9beceac73fe1afb79513098d7231846a0c79d5e7843bbc29b13174f4d8a74148aae79710352b2d5fa1f66725153a75a7202c739ec6c3f6841c771c95ace824d44dd59c206aa2847163747a49571f99bbe421bad2a027ef479bedd064640ce3b40a9f61b50c26f44814f9b498788bd5dd3ce563d57c72a0a275de4b196937b0e830b44d5c80729b43597c6defa8d759144bb901dc20a1deabf4bc6a48be21eeac56e027f624c39a552ca9b78bc70c4764b9b1ea6304a794d25fb4beef455bf401653b13194e6cb6037e5dde91c31bc5a269cdc657961e9188919872e742e74a2cfcf3dc30683b4bf70427c265129a899c59c866ef569b1d13faa987b9fa85bd1e6a9b2e91250ba92304ee0074f7c5694a7ff989969060baf7e12ea0521ff8883e7ba835907dc72b9e0698386b7b602ffc6cfb37db9120a06ad90d1d0d704c7ca94d749977e513c73103abd90fcb9eb27ba3ddd9a6023ade27b937c1e21be26fbae5bdc5b55b3a885c4e1b0320af1719c6b77690aad44f8bae23759ffa1a818411579fa2cb7675115669d08c4da8e55ab95468445f49c5c92dbf3b5b242c1c3931e12efd048183e455819d0f49c42834a41fdf230b5e26fae40f6da5cdffed84591d15800cc96b0ce448b6692c1e3046bcfc63f43b230ffe825c8f460fa09ff9a11ec02f45542f542122e774276a07d80f21a456e14085cc706a34a68035263a4593b76d8833f34b416ea5880f3f9380fcd95390957ce6877fc60bc92a24de57c511df8378be6263494632546053e3800b9b0ad25918b0885edbad83c641034d0e48da0edd92810451a6c1d74b045eeff7b5782fd97deb0aeabb9e50bf3080295e588ea50987a1f2733ac2c54413a04c6c24cba549e10754499db30fdbc7f06fb4ae4e96c5c601af3da49a9ab5348028b44dcb3e699f7d092dcd76763935cdc9989ee098bf01ce473ca22984b243b5d81d63abf19d3c70cb703351f16356b7ec4f4371843f32526f1fddc3f62e49c5cac14e80fb0c8f7a1d72b283cfd253cf18877139c084bdce4357feca7efed6f9b4355a209c4ff722db48dd9d30225958a42eff499a8ba4eaeaf91a21c07d8c8c9ae3f78e1a623fc8c5ab061d94dd6b33a4e637ec6cdef232e9f5cda49d8c45ea70b192e83719874ffb04e1b92997479e108d0f774b4a9464b79c86ae02a660caaf96c6afc95568afa4fefb2e8bd1c0b17d4a82e40954e5271e0fd8bc13588499caa957d225356a42a9e3a1eb24d53cabeec8045a6c13011c956ad1c61e7b3bf7ecccafd62a27e6666c883ab1a81b01a1397628d743237d56be0cd9a67641c7f8396d7668869ae9eff5f064740ba094a360cddb29514cd7b4dd098b4672a08a607e93c5d42c688ecdf092857dce00afdde71260e14c718190c077434ed168b7ae887cefc5990a4a76fc029359ee9b0b103ba55447252dd3db885cd5dce6f45a9dfcb3fe2254f8a2afcefa66cfefc05b10e5a809878ae3dd3cbd1e517f49a31da1f0915a2c178fdef0b5368513a43e1c3f9b9f71b22d8b48db712dec65e0839f2fad322156588bd060d511d12d2e37dc9b10335e3437fd48b3f113a4832dcb7541be56ae1379863b6ca6d41b91e63836ec6eec88db5ad397dd8bf015f65b88c8ccb779c2e6b384c3996b7108658c6f7e790625a6beb3bcb8eac8035a11fcac79f198feee58b0b11e8841699b3a65b6c1f15691ec2b621e4cec5330c339b82f40e11f9599807342543bfe6acc9b124a90ea151ce25ca9e26a2dfba52d2032f290d88224edaf5aebee8ace9dfdb98817367147275d78749ad881a3ae2c180c3250e33d9f4155e4519e9f5bcbbed7404dac36dd40358251974b11cf9cce5cee398625e22438f4841a5deaaf6fa211519d72363961db1aa0d55e2248b400f4028b37c074f5b01e0214be24244ecb2c8839dc435eac8bbbd20d76bb59ff4391aabac4678f17b168a667b61e5f0731496098ff1a37e6330ae27bb925626488a91e2c22b7adf1c4bfe4e22392d27db93f8d9316d959b6f10e2147e97b35e21f0b1bfd3a1e1fccc560042c6c6de9c321e5e3bd6de74c2bd2f7ada5e82c881a25be82ea409c9aae641150cc50f6cff51bf80ee4db2fa923eff593745ef996d020db164e427db6c4f30c749058d6b62656d54b34a3ca4ebb0c30c2c8329c97983473fb500f6feecd8fe4136e7ade82181237b890d5c1a118b892a2bc166ba8e7022177daae2ada931451fad0554ba4551a8c6d9e177d484305856615bb2e61e2be738a094c0aa319277424fb4c4a24dc0def9f1d9b6375d94ce53be5f036810a1ba210e2d7d9075ccee0a484bd35b5b0bf335205dbaa1f889f4c5c7394733cb0767aec7e4aefbb82125a9ac16c7e6be7882ce73a5bbe472fb3e24b3dcd94b0ced399c32cc2c41b7b1d5999f1a8be9d071f4d42e8984a516df10d5d5ce05d719e565fa1590f1c4dea3f5c7de9028f00a3ac0be6c9c6af791379cee4f899ece6d5eb6770d7b182a96c1aa37a671dba6aaf45bd4a94c748a35d73a6c93d8b20da10384371c5264cb92d13bcf1d140840632d29a2ab", 0xb00}], 0x2, 0x0, 0x0, {0x3}})
io_uring_enter(r0, 0xec4, 0x0, 0x0, 0x0, 0x0)
r4 = openat$binder_debug(0xffffff9c, &(0x7f0000000380)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r4, &(0x7f00000006c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000840)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00c4c42322e9eb46623d2201fc9cca60b522a93af574a9eceac3008381509364c37e997e527b236730546f3497de9bfababe1f103efd86b130a1cfdc1da490302978929b7539cfdc83a97348af5fa4a4052668fc2cb53ff4578372126b59c71053ec0da10c5a166dbb96f4aa6dff4f6a910b57b5300a283406ae3f000000fb00"/141, @ANYRES32=r6, @ANYBLOB='\f\x00X\x00z\x00\x00\x00\x00\x00\x00\x00'], 0x28}, 0x1, 0x0, 0x0, 0x40040040}, 0x46050)
r7 = syz_open_procfs(0x0, &(0x7f00000007c0)='syscall\x00')
r8 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', <r9=>0x0})
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r10=>r8, {0x3, 0x9}}, './file0\x00'})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001980)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYRESDEC=0x0, @ANYBLOB="7e0b64f0874998ffe1b9bc4d66055f8d7a4dff5a54123bad3234393e192a24535f0d05262ffdaa53274bf5a7b643a4eeebd3ef428f411bc1db"], &(0x7f0000001780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r9, 0x25, r10, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r12 = socket$isdn_base(0x22, 0x3, 0x0)
accept4$bt_l2cap(r12, 0x0, 0x0, 0x0)
preadv2(r11, &(0x7f0000003680)=[{&(0x7f0000000440)=""/29, 0x1d}], 0x1, 0x2, 0x0, 0x1)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r7, r9, 0x25, 0x8, @void}, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r10, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYRES16=0x0, @ANYRES64=r3, @ANYBLOB="000125bd7000ffdbdf250100000044000180050002000000000008000300e0000002050002000800000014000400fe8000000000000000000000000000aa14000400200100"/82], 0x58}, 0x1, 0x0, 0x0, 0xc000008}, 0x4042080)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$KVM_CAP_X2APIC_API(r10, 0x4068aea3, &(0x7f00000002c0)={0x81, 0x0, 0x3})
ioctl$KVM_HAS_DEVICE_ATTR_vm(r4, 0x4018aee3, &(0x7f0000000740)=@attr_other={0x0, 0x80, 0xa, &(0x7f0000000700)=0x5})
r13 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), r10)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r10, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="12b1bfa2c87ae77b342722ab8c50935ef284e4d07d2eac4250e7820eb1ea5a0bfcb46970bd10007899235821d0935e5bea68fa6522c5e878", @ANYRES16=r13, @ANYBLOB="000229bd7000fcdbdf2504000000050005000a00"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40801)

29.190681162s ago: executing program 1 (id=3499):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x0, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'tunl0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x3000000, {0x0, 0x6, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}}, 0x0)

28.300525873s ago: executing program 1 (id=3506):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5393, &(0x7f0000000000))
getpeername$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@int={0x8, 0x0, 0x0, 0x1, 0x0, 0x6b, 0x0, 0x14, 0xb}, @volatile={0x3, 0x0, 0x0, 0x9, 0x1}]}, {0x0, [0x0, 0x61, 0x0]}}, &(0x7f00000001c0)=""/53, 0x39, 0x35, 0x1, 0x9, 0x0, @void, @value}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000e00)={r3, 0x20, &(0x7f0000000400)={&(0x7f00000002c0)=""/129, 0xffffffffffffffab, <r4=>0x0, &(0x7f0000000380)=""/87, 0x57}}, 0x10)
r5 = syz_open_procfs(0x0, &(0x7f0000000480)='net/icmp6\x00')
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x1, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000020040000300"/28], 0x50)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000ac0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x7fff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r9 = fcntl$dupfd(r8, 0x0, r8)
write$sndseq(r9, &(0x7f00000003c0)=[{0x0, 0x0, 0x10, 0x0, @time={0x0, 0x6}, {0x0, 0xb8}, {}, @control={0x9, 0x2, 0xa}}, {0x0, 0x40, 0x0, 0x0, @time={0x0, 0x3ff}, {0x6, 0xc}, {}, @addr={0x8, 0x5a}}], 0x38)
read$FUSE(r9, 0x0, 0x0)
r10 = open_tree(0xffffffffffffff9c, &(0x7f0000000dc0)='./file0\x00', 0x8000)
fspick(r10, &(0x7f0000000000)='.\x00', 0x0)
r11 = openat$vnet(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$int_in(r11, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r11, 0x4008af03, &(0x7f0000001e40)={0x2, 0x0, [{0x4, 0x1000, &(0x7f0000001ec0)=""/4096}, {0xffff1000, 0x0, &(0x7f0000001e00)}]})
r12 = socket$packet(0x11, 0x3, 0x300)
r13 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r13, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100001e000100000000000000000001"], 0x114}], 0x1}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r11, 0x4028af11, &(0x7f00000000c0)={0x0, 0x1, 0x0, &(0x7f00000003c0)=""/78, 0x0})
r14 = dup(r12)
ioctl$VHOST_NET_SET_BACKEND(r11, 0x4008af30, &(0x7f0000000000)={0x0, r14})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000540)={{0x1, 0x1, 0x18, <r15=>0xffffffffffffffff, {0x5}}, './file0\x00'})
r16 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b40)={0x1b, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
r17 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000bc0)={0x1b, 0x0, 0x0, 0x28000, 0x0, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x0, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x8}, [@map_idx={0x18, 0x0, 0x5, 0x0, 0x2}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0x3, 0x5a, &(0x7f0000000080)=""/90, 0x41100, 0x48, '\x00', r2, @fallback=0x29, r3, 0x8, &(0x7f0000000240)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0xd, 0x2, 0x5}, 0x10, r4, r5, 0x5, &(0x7f0000000c40)=[r6, r7, r6, r15, r14, r15, r16, 0x1, r17], &(0x7f0000000c80)=[{0x0, 0x4, 0x5, 0x3}, {0x1, 0x1, 0x3, 0x7}, {0x4, 0x5, 0x3, 0x9}, {0x1, 0x3, 0x7, 0x5}, {0x0, 0x3, 0x2, 0xaa3ef141109a91d6}], 0x10, 0xd1, @void, @value}, 0x94)
r18 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r18, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x4dc, 0x340, 0x25, 0x148, 0x0, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x80ffffff, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x1f, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xa8, 0x108, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x538)

28.299813252s ago: executing program 1 (id=3508):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = dup(0xffffffffffffffff)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x4}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x48}}, 0x0)
syz_io_uring_setup(0x239, 0x0, &(0x7f00000002c0), 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f0000000140)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r6, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=@newsa={0x144, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@ipv4={'\x00', '\xff\xff', @local}}, {@in=@empty, 0x0, 0x32}, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, {}, {}, {}, 0x0, 0x800000, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @etimer_thresh={0x8}, @replay_thresh={0x8}]}, 0x144}}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000480)=@assoc_value, &(0x7f0000000040)=0x8)
r7 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r7, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r8 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r8, 0x0, 0x0)
r9 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})

28.025811383s ago: executing program 1 (id=3509):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="e331105e1bfd00183afffc000000000000000000000000000001fe8000000000000000000000000000aa8800907867e2ff0000000000000000000000000000000001"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000012c0)={0x2, {{0x2, 0x0, @multicast2}}}, 0x8c)
setsockopt$inet_group_source_req(r0, 0x0, 0x2b, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$swradio(0x0, 0x1, 0x2)
syz_io_uring_setup(0x117, 0x0, &(0x7f0000000280)=<r4=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7a000001a000000bca300000000000024030000c0feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000200000000002604fdffff02000014010000030000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
eventfd(0x0)
r6 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="1400000016000b43d27a80648c2594f90924fc60", 0x14}], 0x1, 0x0, 0x0, 0x600}, 0x0)
socket$unix(0x1, 0x1, 0x0)

27.129570301s ago: executing program 1 (id=3516):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x2000000, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}, {}, {0x0, 0xffffffff}, {0x3}, {0x40, 0xfffffffb}, {0x2000}], 0x0, 0x0, 0x0, 0x0, 0x4}})
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x10000008, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
clock_gettime(0x7, &(0x7f0000000000))
read$msr(r0, &(0x7f0000032680)=""/102400, 0xfffffffffffffee4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000100)=@ethtool_coalesce={0xe, 0x0, 0x9, 0x6, 0xe, 0x10, 0x0, 0xc0000000, 0x2, 0x33, 0x5, 0x9, 0x3, 0xa9, 0x7f, 0xfffffffc, 0x0, 0x2, 0x80000000, 0x5, 0x1ff, 0xfffffff9, 0xc}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r2 = socket$inet(0x2, 0x80000, 0x400083b)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@broadcast, @private=0xa010101}, 0xc)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(0xffffffffffffffff, 0x43)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='attr/sockcreate\x00')
write$tcp_mem(r5, 0x0, 0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x4000888}, 0x40)
syz_emit_ethernet(0x3e, &(0x7f0000000280)=ANY=[@ANYBLOB="0180c200020050a245d5cde088a83c0081004900080045000028000000000032907800000000ff010000800090780000008000"/62], 0x0)
sendto(r4, &(0x7f0000000040)='C', 0x1, 0x95, &(0x7f00000000c0)=@ieee802154={0x24, @short={0x2, 0x3, 0xaaa3}}, 0x80)
r6 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r6, 0x0)

12.09829458s ago: executing program 32 (id=3516):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x2000000, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}, {}, {0x0, 0xffffffff}, {0x3}, {0x40, 0xfffffffb}, {0x2000}], 0x0, 0x0, 0x0, 0x0, 0x4}})
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x10000008, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
clock_gettime(0x7, &(0x7f0000000000))
read$msr(r0, &(0x7f0000032680)=""/102400, 0xfffffffffffffee4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000100)=@ethtool_coalesce={0xe, 0x0, 0x9, 0x6, 0xe, 0x10, 0x0, 0xc0000000, 0x2, 0x33, 0x5, 0x9, 0x3, 0xa9, 0x7f, 0xfffffffc, 0x0, 0x2, 0x80000000, 0x5, 0x1ff, 0xfffffff9, 0xc}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r2 = socket$inet(0x2, 0x80000, 0x400083b)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@broadcast, @private=0xa010101}, 0xc)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(0xffffffffffffffff, 0x43)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='attr/sockcreate\x00')
write$tcp_mem(r5, 0x0, 0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x4000888}, 0x40)
syz_emit_ethernet(0x3e, &(0x7f0000000280)=ANY=[@ANYBLOB="0180c200020050a245d5cde088a83c0081004900080045000028000000000032907800000000ff010000800090780000008000"/62], 0x0)
sendto(r4, &(0x7f0000000040)='C', 0x1, 0x95, &(0x7f00000000c0)=@ieee802154={0x24, @short={0x2, 0x3, 0xaaa3}}, 0x80)
r6 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r6, 0x0)

3.470449488s ago: executing program 3 (id=3814):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}}, 0x0)

3.410518345s ago: executing program 3 (id=3815):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000020a01020000000000000000010000000900010073797a30000000000900030073797a32000000008c000000060a010400000000000000000100000008000b400000000064000480340001800b000300657874686472000024000280080001400000000c080003400000000008000440000000040500"], 0x100}}, 0x0)

3.410202981s ago: executing program 3 (id=3816):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x3c, r0, 0x431, 0xf0bd25, 0x420000, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4890}, 0x20000004)

3.35050714s ago: executing program 3 (id=3817):
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$uinput_user_dev(r1, 0x0, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
r2 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x62, 0xa1, 0xb, 0x40, 0xc45, 0x1010, 0xe6fc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x32, 0x0, 0x1, 0x97, 0x40, 0xa4, 0x0, [], [{{0x9, 0x5, 0x82, 0x3, 0x3ff, 0x0, 0x7e}}]}}]}}]}}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, 0x0, 0xa0042, 0x0)
write$tcp_mem(r4, &(0x7f0000000280)={0x7, 0x2d, 0xffffffffffffffff, 0x3a, 0x0, 0x2c}, 0x48)
r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0xfff, 0x0)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r5, 0xc040563e, &(0x7f0000000040)={0x1, 0x0, 0x102, 0x6, {0x9, 0x6, 0x0, 0x8}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001700)={r4, 0xe0, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001440), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f00000014c0)=[0x0, 0x0, 0x0, 0x0], <r6=>0x0, 0x53, &(0x7f0000001500), 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe, 0x8, 0x8, &(0x7f00000015c0)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xb, 0x0, 0x0, &(0x7f0000001340)='GPL\x00', 0x906b, 0x0, 0x0, 0x40f00, 0xc, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001400)={0x80, 0x1000000f, 0x8c8e, 0x8}, 0x10, r6, r2, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r7, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r3)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001240)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.357194157s ago: executing program 2 (id=3840):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

1.290259336s ago: executing program 2 (id=3841):
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
splice(r0, 0x0, r1, 0x0, 0x12, 0x4)

1.289988368s ago: executing program 2 (id=3842):
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000000)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x2, 0x400}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x41, 0x0, 0xffffffffffffffff, 0x23, 0x0})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

1.240293806s ago: executing program 2 (id=3843):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480), r0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000004c0)={0x24, r1, 0x1, 0x70bd25, 0x25dfdbff, {{}, {}, {0x8, 0x11, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0xc800}, 0x800)

900.049997ms ago: executing program 4 (id=3844):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$pppl2tp(0x18, 0x1, 0x1)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@remote, @in6=@dev, 0x40, 0x0, 0x3, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x2, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0)

659.860551ms ago: executing program 4 (id=3845):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)

654.305163ms ago: executing program 4 (id=3846):
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e0406242000"], 0x7)

590.216193ms ago: executing program 0 (id=3847):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x127b, 0xffffffffffffffff)

590.00702ms ago: executing program 4 (id=3848):
socket$nl_netfilter(0x10, 0x3, 0xc)
epoll_create1(0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000011c0)="b9ffddc1ddc8cdde75537d07007e", 0x0, 0x600, 0x60000009, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SHUTDOWN={0x22, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x1})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f00000001c0)={0x0, 0x1, &(0x7f0000000340)=[r2], &(0x7f0000000280)=[0x1], &(0x7f0000000200), &(0x7f0000000380)})

589.845791ms ago: executing program 0 (id=3849):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}}, 0x0)

509.963572ms ago: executing program 0 (id=3850):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000000060a0b04000100000000000002000000480004802800018007000100637400001c00028005000300010000000800014000000017080002400000000f1c0001800a00010072656469720000000c00028008000140000000170900010073797a30000000000900020073797a32"], 0x9c}}, 0x0)

509.647485ms ago: executing program 4 (id=3851):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000440)={@val={0xa}, @void, @eth={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, "75a3d0", 0x8, 0x11, 0x1, @empty, @mcast2, {[], {0x4e20, 0x4e20, 0xdd86}}}}}}}, 0x42)

509.359937ms ago: executing program 0 (id=3852):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x200003, 'none\x00', 0x1, 0x2, 0x72}, 0x2c)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x800, 0x0, 0x1}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, 0x0, 0x24008011)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x80141, 0x0)
mmap(&(0x7f0000851000/0x1000)=nil, 0x1000, 0xb635773f06ebbeef, 0x40010, 0xffffffffffffffff, 0x3497c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
shutdown(r5, 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r7=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x18, r7}, 0x10)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'ovf\x00', 0xb, 0x323b, 0x80000025}, {@rand_addr=0x64010102, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44)
landlock_create_ruleset(&(0x7f0000000180)={0x5015, 0x3, 0x1}, 0x18, 0x0)

370.315807ms ago: executing program 4 (id=3853):
r0 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in=@multicast2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in6=@loopback}, 0x0, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000e00)={0x8, 0x8f}, 0x0)
fchmod(0xffffffffffffffff, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000100)=0xfffffffd, 0x4)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
sendto(r4, &(0x7f0000000180)="9b", 0x1, 0x8000011, 0x0, 0x0)
ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000240)={0x0, @data})

310.498006ms ago: executing program 3 (id=3854):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x2)

250.240612ms ago: executing program 2 (id=3855):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000e"], 0x10b8}, 0xff00)

250.042489ms ago: executing program 3 (id=3856):
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x6, 0x0, 0x0, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r3 = io_uring_setup(0xdac, &(0x7f0000000180))
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r4, 0xffffdffc)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
setsockopt$sock_linger(r5, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x8}, 0x8)
close_range(r3, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000040)={0x803, 0x3, 0x0, 0x3}, 0x8)
ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x503000, 0x0)

170.143803ms ago: executing program 2 (id=3857):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x2}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1, @read_tx_power={{0xc2d, 0x3}}}, 0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000080)={{{@in=@loopback, @in6=@mcast1, 0x0, 0x0, 0xfffe, 0x0, 0x2, 0x0, 0x0, 0x33}, {0x2, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x40000000000004}, 0x2002, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20000000, 0x2b}, 0xa, @in=@rand_addr=0x64010101, 0x3507, 0x4, 0x2, 0xb7}}, 0xe4)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000500)={'wg2\x00'})
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0)
mmap(&(0x7f00000cd000/0x3000)=nil, 0x3000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x1c1482, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f0000000240)={0x0, 0x1000000})
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)

94.146525ms ago: executing program 0 (id=3858):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x2, 0x8}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000016c0)=@newtfilter={0x6c, 0x28, 0xd27, 0x0, 0x4, {0x0, 0x0, 0x0, r3, {0xa}, {}, {0xfff1, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x40, 0x2, [@TCA_BPF_ACT={0x30, 0x1, [@m_bpf={0x2c, 0x17, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}]}}]}, 0x6c}}, 0x0)

0s ago: executing program 0 (id=3859):
r0 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='\xd1S{O', &(0x7f0000000080)='\x1e\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000640)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0+\xb8~\xd9ymx\xa1\x06\xb4F\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000007c0)='{)+}@@!}\x00', &(0x7f0000000800)='dU|\xcbM\xe6\x91q\xe0', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001ec0)='\\$#[\\/\x00\xd5\xd4^\xa7\xe4\xd4\x1f.yh\x18\xb8s\xe6\f\xaf*4\xe1\xa1e\x04%f\x8f\xde\x91\x04\xbb\xc8\x17\x15\xa4\xf0\x00\x15w\x00\x00\xed\xdd}\x00\x18\xf3\xde\n\xbe\x91\xc4\xc5\xe6\xd3o\xaau\xf34\t\x9d\x80rg\xbc\xee\x96p\x18\x9e(h\xeb\xd9\xde\xa6\xfc\x8e\xe3,\xae\xa8\xf0\x82y\x91\x1c{\x85 \xc7P\xa3\x9c\x06\xc1\xd3\x92\xcd\xcc\x17\xb2}\x13:\xbbh\"%;\b\x7f\x91\x8a\xa5Z\x92~<\xfe3\x19\xdcVJ\f\xd1\x89d\xf9N\xbd\x92\x86\xa2\xa8\xc0:\x1f\n\xc9\x8eUO\x8e\xea\x99\xe1\xbe%Y\x9eH#\xa4\x9d5\xa88m6\x89kE\xce\xc3\aBW\xec_\xea_\x81\xbe\x86~\x84F\xa9\xcd\xba\xfb\xd8\x8f\x01\x81~\x9c#\r\x87\xcf\x19\xb9\xbd \xcb\xff\x88io\xb0\xb1\xa0B\x8cI\x82+\xc4\xcf\xf4!+\x16v\xb6\x8a\xb7k}\x1d\xf2\x1c\x00\x8f\xd7\x84R\x12\xed){SM[\xe6g6\xfeF\x1dJ\x83', &(0x7f0000000380)='\xbd\x10\xe2\n\xc4\xa8\xa8?\a\x9e@O<\xf4s\x85~X\x85\xdc\x11\x04a\xf8\xa6f\x96nB\x02\x10+C$\f\xb3\xcc\xed\"M\xb6 V\xc5\x9a\x11o^\xda\xc8', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000ec0)='\xcfD\xbc\xbf\x95@\xd6j\'$\x1d\x14\xb7!\x8b\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\x04[\x02\xa9[>\xf9\x9c\x83@\x1e\x99\xcah\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby\xe1\xdf\x1a\xae\xd6ez\xe5\xa8\xe1\'', 0x0, r0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000a00)='wsync', &(0x7f0000000b40)="b2", 0x1)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000840)='\x00\x9b~\xd7\xde\x91d\r\xa3e\xec=Z\xce\xb0\xdfr\xbfQ\x85n4\xf5T\xc2\x86;\x03K\x80pF\xeaK\xb4t\xef\'\n\x05\xc9\xcfc\x92\bE\xf9\xf9\xcf\x96\x99\xde\x1e3\xcdA\xf9\x1bj\xc3\x8b\xbe\xee\xb3e\xd8Mk\xf1+\xbf\xd5\x98\x8c\x13\xdc\x85\x17\xcd\xf8\xf5\a\xde9\xd1\x8b\xf0&P\x92\x99u8\xb6,#\x0f\x89\xd9ic\xb5\xba\xe7\x03\x8d-\v\xd3S\x98\x89@\x8aWLU\xb1\xc4i6\xa5\xb7\x1d\xf3s\xaf\x7f\xb16\xa2\xbe\xfa\xfa~2\x1d\xeb\xd0G\xdc\a\xa3\x93n\x82\xa7h\xd7\x83N\x8aW\xaa\xc1\xc7\xec\xea\x13\xbe\xf3fQ\xfa\x8cP\xa7\xc1O,\x83\xec\xa9\xeb\xb2 u\x15A\xde\f8T\x81\xccces\xfa\xef\xf4 =z\xfc\xef]~tY \xef8\r,x~\xa0,\xc7@\xc0\xef\xc1`\xec}\xa2\x8d\x95\xff0c\xcd\x02~\xb7\x1a\x93\xff\xcd\xadB7\x13\x84BPC\xa4\xa2O\xf0\xdd\xde\xc5H.y\xfc\xe9$\xf6\xa6t\xa3\xdbr\x00+\x01{\xfb-\x1f\x1b\xeb\xd9b\xf0\n\x99\x0f4\xfa_\x10\xd0%\xe7o\xc9\bO\xfe\xfb\xca\xf8\x9d]\xa1\x98(Nw\x87\xd15', &(0x7f0000000100)="8d", 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000a40)='\xcfD\xbc\xbf\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\xec\xe6\x04T\xcbn\xa5\xc3\x04[\x02\xa9[=\xf9\x8b\xf7\xc1\x9c\x83@\x1e\x99\xca\xc3\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby:\xd8\xc5\xccrun4\xe0\xca\xc1\x0f\xc3\x03D\xe1\f\xb3O\xa4\x1c\x04]8)}\x83:\x9e\xc0X\xdb\xd9\x89\x94\x9b(\x19\\\xf5!w\xbafo\xea\xe4\xb5Xe\x84\xbc\xcdw\x802\xb4\xb8\x1f\xc2\x97\xbfi\xe8\xf8\xbd\x1d,\xffUX\xbeA\x00{\"\xdbya#I\x03\xec\xed\x8b\x97\xff\x1eiq\xd1n\xf99\xc6\a\a\xed\x0f\x15x\x91\xdc\x05P\xf7\xf3\xad\xa3\xbc\xe4[\xa2\xc7\xfa\x9e\xad\xa2\xad\x86\xc4\aD\xc9\xdf\xf8\xf7\xc1\xc5\xc5.\x8a&:\x90\xb2\x8c\x86\xb2\\\xa8%!\x98TQ\x91\x00\x00\x00\x00$\x99\xbf', &(0x7f00000006c0)='\x01\x8dik\xc2\xed\xf9\x8a\xae\x86\xae)Dn<(\x02:cU\xa0d\xd4\x1f\xd4\x95\x93\xb7\xc1\xcc\x84\x8c\xdd\xbf^]~\xcf\xcb6w\xb3\xfa0b\x88\x04\x10\x9d_\x97\x9f\x89\xb7\xe35C\xf3\x1b\xafV\\wGU\xaf\xa4\f&\xe7m\xf0\xaa{\xb2\xe5\xe2\xeb\x9bN#\x99\xdc\x9f\"\xab&\x8f\x01\x17Y\xaf\xb7\xdc`r\x9c6\\\x0e\x94\xc0a\xf7\xd4u\xdf\xf0\x9b\xb0p\v\xa1\x8a\x145\x9b\xd95\xc8U\xe4V\x81-1\xb0K\x9a\xa3+\x03\xc1\xf0\xeb\xafYI&\x9e\xd0\xe1\x148\xfe\x10\x0f\xbd\xa2\xed}\xe6\x1asT\x1f\x92\xdb\xa1&\'\xc7\xe9\xa5\xd0\x89\x8d\xf1$\"\xdc\xe5\xfcT\xad\fj\xfe\'t', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000180)='$\x00', &(0x7f0000000340)='{)+}@@!}\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000200)='\x00', 0x0, r0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000140)='silent\x00', 0x0, 0x0)
read(r0, 0x0, 0x0)
close(r0)

kernel console output (not intermixed with test programs):

1.786407][T15618] vivid-000: Show Square: false
[  361.788310][T15618] vivid-000: Sensor Flipped Horizontally: false
[  361.790852][T15618] vivid-000: Sensor Flipped Vertically: false
[  361.793172][T15618] vivid-000: Insert SAV Code in Image: false
[  361.795456][T15618] vivid-000: Insert EAV Code in Image: false
[  361.797749][T15618] vivid-000: Insert Video Guard Band: false
[  361.800475][T15618] vivid-000: Reduced Framerate: false
[  361.805343][T15618] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  361.808289][T15618] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  361.812002][T15618] vivid-000: Enable Capture Cropping: true
[  361.813811][T15618] vivid-000: Enable Capture Composing: true
[  361.815547][T15618] vivid-000: Enable Capture Scaler: true
[  361.817293][T15618] vivid-000: Timestamp Source: End of Frame
[  361.819684][T15618] vivid-000: Colorspace: Rec. 709
[  361.823288][T15618] vivid-000: Transfer Function: Default
[  361.825620][T15618] vivid-000: Y'CbCr Encoding: Default
[  361.827959][T15618] vivid-000: HSV Encoding: Hue 0-179
[  361.830281][T15618] vivid-000: Quantization: Default
[  361.832389][T15618] vivid-000: Apply Alpha To Red Only: false
[  361.834803][T15618] vivid-000: Standard Aspect Ratio: 4x3
[  361.837085][T15618] vivid-000: DV Timings Signal Mode: Current DV Timings
[  361.840097][T15618] vivid-000: DV Timings: 640x480p59 inactive
[  361.842593][T15618] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  361.845836][T15618] vivid-000: Maximum EDID Blocks: 2
[  361.847988][T15618] vivid-000: Limited RGB Range (16-235): true
[  361.851268][T15618] vivid-000: Rx RGB Quantization Range: Automatic
[  361.853902][T15618] vivid-000: Power Present: 0x00000001
[  361.856286][T15618] tpg source WxH: 1280x720 (R'G'B)
[  361.858314][T15618] tpg field: 1
[  361.859334][T15618] tpg crop: 64x64@0x0
[  361.860658][T15618] tpg compose: 16x16@0x0
[  361.862053][T15618] tpg colorspace: 3
[  361.863234][T15618] tpg transfer function: 0/0
[  361.864648][T15618] tpg quantization: 0/0
[  361.866163][T15618] tpg RGB range: 0/1
[  361.867631][T15618] vivid-000: ==================  END STATUS  ==================
[  362.081826][T15633] netlink: 'syz.2.2864': attribute type 4 has an invalid length.
[  362.111901][T15635] input: syz0 as /devices/virtual/input/input27
[  362.136714][T15638] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  362.206729][T15648] netlink: 'syz.0.2867': attribute type 10 has an invalid length.
[  362.209004][T15648] team0: Cannot enslave team device to itself
[  362.215247][T15640] XFS (sr0): Invalid superblock magic number
[  362.250248][T15652] netlink: 'syz.2.2868': attribute type 10 has an invalid length.
[  362.252567][T15652] team0: Cannot enslave team device to itself
[  362.272371][T15643] XFS (sr0): Invalid superblock magic number
[  362.854272][T15691] netlink: 'syz.2.2880': attribute type 4 has an invalid length.
[  362.857609][T15691] netlink: 'syz.2.2880': attribute type 4 has an invalid length.
[  362.894169][T15695] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2882'.
[  362.977298][T15697] FAULT_INJECTION: forcing a failure.
[  362.977298][T15697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  362.981772][T15697] CPU: 2 UID: 0 PID: 15697 Comm: syz.1.2883 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  362.981786][T15697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  362.981791][T15697] Call Trace:
[  362.981795][T15697]  <TASK>
[  362.981798][T15697]  dump_stack_lvl+0x16c/0x1f0
[  362.981816][T15697]  should_fail_ex+0x50a/0x650
[  362.981830][T15697]  _copy_from_user+0x2e/0xd0
[  362.981843][T15697]  compat_do_replace+0x2a0/0x500
[  362.981858][T15697]  ? __pfx_compat_do_replace+0x10/0x10
[  362.981871][T15697]  ? aa_get_newest_label+0x376/0x680
[  362.981885][T15697]  ? __pfx_aa_get_newest_label+0x10/0x10
[  362.981904][T15697]  ? bpf_lsm_capable+0x9/0x10
[  362.981918][T15697]  ? security_capable+0x7e/0x260
[  362.981933][T15697]  do_ipt_set_ctl+0x686/0xc10
[  362.981946][T15697]  ? __mutex_lock+0x1cc/0xb10
[  362.981961][T15697]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  362.981973][T15697]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  362.981988][T15697]  ? sockopt_release_sock+0x52/0x60
[  362.982000][T15697]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  362.982018][T15697]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  362.982046][T15697]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  362.982071][T15697]  nf_setsockopt+0x8a/0xf0
[  362.982093][T15697]  ip_setsockopt+0xcb/0xf0
[  362.982117][T15697]  udp_setsockopt+0x7d/0xd0
[  362.982138][T15697]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  362.982158][T15697]  do_sock_setsockopt+0x222/0x480
[  362.982177][T15697]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  362.982197][T15697]  ? lock_acquire+0x2f/0xb0
[  362.982225][T15697]  __sys_setsockopt+0x1a0/0x230
[  362.982236][T15697]  __ia32_sys_setsockopt+0xbc/0x160
[  362.982245][T15697]  ? lockdep_hardirqs_on+0x7c/0x110
[  362.982259][T15697]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  362.982274][T15697]  __do_fast_syscall_32+0x73/0x120
[  362.982284][T15697]  do_fast_syscall_32+0x32/0x80
[  362.982292][T15697]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  362.982308][T15697] RIP: 0023:0xf7f06579
[  362.982316][T15697] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  362.982325][T15697] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  362.982334][T15697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  362.982340][T15697] RDX: 0000000000000040 RSI: 0000000020000580 RDI: 0000000000000538
[  362.982353][T15697] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  362.982358][T15697] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  362.982363][T15697] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  362.982373][T15697]  </TASK>
[  363.160997][T15703] netlink: 'syz.1.2885': attribute type 4 has an invalid length.
[  363.182893][T15704] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  363.296186][T15713] xt_TPROXY: Can be used only with -p tcp or -p udp
[  363.326850][T15705] block nbd1: shutting down sockets
[  363.448305][T15725] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2892'.
[  363.694833][T15741] netlink: 'syz.1.2897': attribute type 4 has an invalid length.
[  363.698034][T15741] netlink: 'syz.1.2897': attribute type 4 has an invalid length.
[  364.147450][T15766] lo speed is unknown, defaulting to 1000
[  364.189629][T15766] virt_wifi0 speed is unknown, defaulting to 1000
[  364.749125][T15767] lo speed is unknown, defaulting to 1000
[  364.753890][T15767] lo speed is unknown, defaulting to 1000
[  364.755607][T15767] lo speed is unknown, defaulting to 1000
[  364.759390][T15767] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  364.769385][T15767] lo speed is unknown, defaulting to 1000
[  364.776954][T15767] lo speed is unknown, defaulting to 1000
[  364.778843][T15767] lo speed is unknown, defaulting to 1000
[  364.780793][T15767] lo speed is unknown, defaulting to 1000
[  364.782618][T15767] lo speed is unknown, defaulting to 1000
[  364.784463][T15767] lo speed is unknown, defaulting to 1000
[  364.787679][T15767] lo speed is unknown, defaulting to 1000
[  364.789601][T15767] lo speed is unknown, defaulting to 1000
[  364.792042][T15767] lo speed is unknown, defaulting to 1000
[  364.973179][T15785] Cannot find map_set index 0 as target
[  365.003965][T15787] netlink: 'syz.2.2911': attribute type 4 has an invalid length.
[  365.126934][T15790] XFS (sr0): Invalid superblock magic number
[  365.159979][T15790] team0: Cannot enslave team device to itself
[  365.279655][T15808] FAULT_INJECTION: forcing a failure.
[  365.279655][T15808] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  365.288163][T15808] CPU: 2 UID: 0 PID: 15808 Comm: syz.2.2916 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  365.288178][T15808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  365.288184][T15808] Call Trace:
[  365.288187][T15808]  <TASK>
[  365.288191][T15808]  dump_stack_lvl+0x16c/0x1f0
[  365.288210][T15808]  should_fail_ex+0x50a/0x650
[  365.288224][T15808]  _copy_to_user+0x32/0xd0
[  365.288239][T15808]  snd_pcm_oss_read2+0x292/0x3e0
[  365.288254][T15808]  ? __pfx_snd_pcm_oss_read2+0x10/0x10
[  365.288268][T15808]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  365.288282][T15808]  snd_pcm_oss_read+0x5a3/0x750
[  365.288297][T15808]  ? rw_verify_area+0xcf/0x680
[  365.288311][T15808]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  365.288325][T15808]  vfs_read+0x1df/0xbf0
[  365.288334][T15808]  ? __fget_files+0x1fc/0x3a0
[  365.288344][T15808]  ? __pfx_lock_release+0x10/0x10
[  365.288356][T15808]  ? __pfx_vfs_read+0x10/0x10
[  365.288366][T15808]  ? lock_acquire+0x2f/0xb0
[  365.288376][T15808]  ? __fget_files+0x40/0x3a0
[  365.288387][T15808]  ? __fget_files+0x206/0x3a0
[  365.288400][T15808]  ksys_read+0x12b/0x250
[  365.288410][T15808]  ? __pfx_ksys_read+0x10/0x10
[  365.288424][T15808]  __do_fast_syscall_32+0x73/0x120
[  365.288434][T15808]  do_fast_syscall_32+0x32/0x80
[  365.288443][T15808]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  365.288458][T15808] RIP: 0023:0xf742e579
[  365.288466][T15808] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  365.288475][T15808] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  365.288484][T15808] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200011c0
[  365.288489][T15808] RDX: 00000000200021d5 RSI: 0000000000000000 RDI: 0000000000000000
[  365.288495][T15808] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  365.288500][T15808] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  365.288505][T15808] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  365.288516][T15808]  </TASK>
[  366.523898][T15844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2929'.
[  366.564396][T15844] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.751537][T15844] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.780664][T15855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2933'.
[  366.854935][T15844] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.981314][T15844] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.066675][T15844] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  367.082156][T15844] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  367.084578][T15844] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  367.086888][T15844] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  367.239952][   T30] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  367.301316][T15877] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2941'.
[  367.327263][T15880] netlink: 260 bytes leftover after parsing attributes in process `syz.3.2942'.
[  367.331931][T15880] netlink: 260 bytes leftover after parsing attributes in process `syz.3.2942'.
[  367.384005][T15885] loop2: detected capacity change from 0 to 7
[  367.387422][T15885] Dev loop2: unable to read RDB block 7
[  367.389054][T15885]  loop2: unable to read partition table
[  367.390441][   T30] usb 5-1: Using ep0 maxpacket: 8
[  367.391120][T15885] loop2: partition table beyond EOD, truncated
[  367.393351][   T30] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  367.394011][T15885] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  367.399629][T15885] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2944'.
[  367.399674][   T30] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  367.399694][   T30] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  367.407949][   T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.418752][   T30] usb 5-1: config 0 descriptor??
[  367.504787][   T65] Bluetooth: hci4: unexpected event for opcode 0x2024
[  367.560554][T15891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2947'.
[  367.563259][T15891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2947'.
[  367.605143][T15894] Bluetooth: MGMT ver 1.23
[  367.626636][   T30] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  367.675022][T15896] validate_nla: 2 callbacks suppressed
[  367.675033][T15896] netlink: 'syz.2.2949': attribute type 1 has an invalid length.
[  367.685386][T15896] Dead loop on virtual device ip6_vti0, fix it urgently!
[  368.223815][T15866] input: syz1 as /devices/virtual/input/input29
[  368.288121][T15866] iowarrior 5-1:0.0: Error -90 while submitting URB
[  368.297954][   T30] usb 5-1: USB disconnect, device number 18
[  368.499368][T15914] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  368.564485][T15924] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2956'.
[  368.597105][T15926] netlink: 'syz.3.2957': attribute type 4 has an invalid length.
[  368.599782][T15926] netlink: 'syz.3.2957': attribute type 4 has an invalid length.
[  368.876636][T15932] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2959'.
[  369.934058][T15957] netlink: 'syz.2.2966': attribute type 4 has an invalid length.
[  369.942089][T15957] netlink: 'syz.2.2966': attribute type 4 has an invalid length.
[  370.874243][T15981] input: syz0 as /devices/virtual/input/input30
[  371.772944][T16029] netlink: 'syz.2.2981': attribute type 4 has an invalid length.
[  371.778272][T16029] netlink: 'syz.2.2981': attribute type 4 has an invalid length.
[  371.792447][T16032] netlink: 'syz.3.2982': attribute type 4 has an invalid length.
[  371.814701][T16032] netlink: 'syz.3.2982': attribute type 4 has an invalid length.
[  371.856315][T16036] __nla_validate_parse: 3 callbacks suppressed
[  371.856331][T16036] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2983'.
[  371.874339][T16037] loop7: detected capacity change from 0 to 16384
[  372.109339][T16042] Malformed UNC in devname
[  372.109339][T16042] 
[  372.111946][T16042] CIFS: VFS: Malformed UNC in devname
[  372.153919][   T39] kauditd_printk_skb: 15 callbacks suppressed
[  372.153928][   T39] audit: type=1326 audit(1738661734.972:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.164844][   T39] audit: type=1326 audit(1738661734.972:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.175409][   T39] audit: type=1326 audit(1738661734.982:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=27 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.184553][   T39] audit: type=1326 audit(1738661734.982:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.191544][   T39] audit: type=1326 audit(1738661734.982:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.261527][   T39] audit: type=1326 audit(1738661734.992:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.267624][   T39] audit: type=1326 audit(1738661734.992:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.274075][   T39] audit: type=1326 audit(1738661734.992:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.280161][   T39] audit: type=1326 audit(1738661734.992:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.301632][   T39] audit: type=1326 audit(1738661734.992:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16044 comm="syz.2.2986" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  372.417562][T16050] tipc: Invalid UDP bearer configuration
[  372.417582][T16050] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  372.755055][T16060] XFS (sr0): Invalid superblock magic number
[  372.768770][T16060] netlink: 'syz.3.2991': attribute type 10 has an invalid length.
[  372.771506][T16060] team0: Cannot enslave team device to itself
[  372.807552][T16070] netlink: 'syz.0.2993': attribute type 4 has an invalid length.
[  372.810369][T16070] netlink: 'syz.0.2993': attribute type 4 has an invalid length.
[  372.818108][T16071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2987'.
[  373.336196][T16096] netlink: 'syz.0.2999': attribute type 3 has an invalid length.
[  373.357804][T16098] FAULT_INJECTION: forcing a failure.
[  373.357804][T16098] name failslab, interval 1, probability 0, space 0, times 0
[  373.362040][T16098] CPU: 0 UID: 0 PID: 16098 Comm: syz.1.3000 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  373.362058][T16098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  373.362065][T16098] Call Trace:
[  373.362068][T16098]  <TASK>
[  373.362071][T16098]  dump_stack_lvl+0x16c/0x1f0
[  373.362090][T16098]  should_fail_ex+0x50a/0x650
[  373.362102][T16098]  ? fs_reclaim_acquire+0xae/0x150
[  373.362118][T16098]  ? kernfs_get_tree+0xcc/0xb90
[  373.362132][T16098]  should_failslab+0xc2/0x120
[  373.362145][T16098]  __kmalloc_cache_noprof+0x68/0x420
[  373.362158][T16098]  kernfs_get_tree+0xcc/0xb90
[  373.362172][T16098]  ? rcu_is_watching+0x12/0xc0
[  373.362186][T16098]  ? trace_cap_capable+0x1a2/0x210
[  373.362202][T16098]  ? __pfx_kernfs_get_tree+0x10/0x10
[  373.362216][T16098]  ? apparmor_capable+0x114/0x1d0
[  373.362233][T16098]  sysfs_get_tree+0x41/0x140
[  373.362247][T16098]  vfs_get_tree+0x8b/0x340
[  373.362261][T16098]  path_mount+0x6e1/0x1f00
[  373.362273][T16098]  ? kmem_cache_free+0x2e2/0x4d0
[  373.362283][T16098]  ? __pfx_path_mount+0x10/0x10
[  373.362296][T16098]  ? putname+0x13c/0x180
[  373.362310][T16098]  __ia32_sys_mount+0x28d/0x310
[  373.362322][T16098]  ? __pfx___ia32_sys_mount+0x10/0x10
[  373.362336][T16098]  __do_fast_syscall_32+0x73/0x120
[  373.362347][T16098]  do_fast_syscall_32+0x32/0x80
[  373.362356][T16098]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  373.362371][T16098] RIP: 0023:0xf7f06579
[  373.362378][T16098] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  373.362388][T16098] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  373.362396][T16098] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000180
[  373.362402][T16098] RDX: 0000000020000080 RSI: 0000000001214040 RDI: 0000000000000000
[  373.362407][T16098] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  373.362412][T16098] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  373.362418][T16098] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  373.362429][T16098]  </TASK>
[  373.409965][   T65] Bluetooth: hci3: command 0x0c1a tx timeout
[  373.410176][  T833] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  373.410267][  T833] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  373.751637][T16112] program syz.1.3005 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  373.755932][T16112] vivid-007: disconnect
[  373.767052][T16111] vivid-007: reconnect
[  374.006376][T16122] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3009'.
[  374.009470][T16122] IPVS: set_ctl: invalid protocol: 47 255.255.255.255:20002
[  374.090500][T16118] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3008'.
[  374.093088][T16118] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3008'.
[  374.174578][T16140] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3013'.
[  374.205630][T16144] Cannot find add_set index 1 as target
[  374.431159][T16151] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3012'.
[  374.434616][T16151] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3012'.
[  375.379418][T16163] FAULT_INJECTION: forcing a failure.
[  375.379418][T16163] name failslab, interval 1, probability 0, space 0, times 0
[  375.384887][T16163] CPU: 3 UID: 0 PID: 16163 Comm: syz.2.3019 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  375.384911][T16163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  375.384921][T16163] Call Trace:
[  375.384925][T16163]  <TASK>
[  375.384932][T16163]  dump_stack_lvl+0x16c/0x1f0
[  375.384962][T16163]  should_fail_ex+0x50a/0x650
[  375.384988][T16163]  ? fs_reclaim_acquire+0xae/0x150
[  375.385014][T16163]  ? snd_pcm_oss_change_params_locked+0x20c/0x3a50
[  375.385036][T16163]  should_failslab+0xc2/0x120
[  375.385055][T16163]  __kmalloc_cache_noprof+0x68/0x420
[  375.385075][T16163]  ? kasan_save_track+0x14/0x30
[  375.385094][T16163]  snd_pcm_oss_change_params_locked+0x20c/0x3a50
[  375.385118][T16163]  ? rcu_is_watching+0x12/0xc0
[  375.385144][T16163]  ? __mutex_lock+0x1cc/0xb10
[  375.385170][T16163]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  375.385190][T16163]  ? __mutex_lock+0x1cc/0xb10
[  375.385214][T16163]  ? __pfx___mutex_lock+0x10/0x10
[  375.385243][T16163]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  375.385274][T16163]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  375.385300][T16163]  snd_pcm_oss_ioctl+0x21d5/0x3780
[  375.385327][T16163]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  375.385373][T16163]  ? __fget_files+0x206/0x3a0
[  375.385394][T16163]  ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10
[  375.385418][T16163]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  375.385442][T16163]  __do_fast_syscall_32+0x73/0x120
[  375.385459][T16163]  do_fast_syscall_32+0x32/0x80
[  375.385474][T16163]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  375.385499][T16163] RIP: 0023:0xf742e579
[  375.385512][T16163] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  375.385526][T16163] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  375.385542][T16163] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0045002
[  375.385552][T16163] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000
[  375.385560][T16163] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  375.385569][T16163] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  375.385577][T16163] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  375.385598][T16163]  </TASK>
[  375.492422][T16165] Cannot find add_set index 1 as target
[  375.553959][T16169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3022'.
[  375.650084][   T65] Bluetooth: hci4: command 0x041b tx timeout
[  375.651988][  T833] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  375.654627][  T833] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  375.737544][T16177] netlink: 'syz.3.3025': attribute type 4 has an invalid length.
[  375.747651][T16177] netlink: 'syz.3.3025': attribute type 4 has an invalid length.
[  375.814761][T16173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3024'.
[  376.555869][T16192] FAULT_INJECTION: forcing a failure.
[  376.555869][T16192] name failslab, interval 1, probability 0, space 0, times 0
[  376.568420][T16192] CPU: 1 UID: 0 PID: 16192 Comm: syz.2.3029 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  376.568435][T16192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  376.568441][T16192] Call Trace:
[  376.568444][T16192]  <TASK>
[  376.568448][T16192]  dump_stack_lvl+0x16c/0x1f0
[  376.568466][T16192]  should_fail_ex+0x50a/0x650
[  376.568478][T16192]  ? fs_reclaim_acquire+0xae/0x150
[  376.568495][T16192]  should_failslab+0xc2/0x120
[  376.568508][T16192]  __kmalloc_cache_node_noprof+0x6f/0x3f0
[  376.568520][T16192]  ? __get_vm_area_node+0x101/0x2f0
[  376.568531][T16192]  __get_vm_area_node+0x101/0x2f0
[  376.568554][T16192]  __vmalloc_node_range_noprof+0x26a/0x1530
[  376.568565][T16192]  ? xt_compat_init_offsets+0xe1/0x1f0
[  376.568581][T16192]  ? rcu_is_watching+0x12/0xc0
[  376.568597][T16192]  ? xt_compat_init_offsets+0xe1/0x1f0
[  376.568611][T16192]  ? __kasan_kmalloc+0xaa/0xb0
[  376.568622][T16192]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  376.568636][T16192]  ? xt_compat_init_offsets+0xe1/0x1f0
[  376.568648][T16192]  vmalloc_noprof+0x6b/0x90
[  376.568658][T16192]  ? xt_compat_init_offsets+0xe1/0x1f0
[  376.568670][T16192]  xt_compat_init_offsets+0xe1/0x1f0
[  376.568683][T16192]  translate_compat_table+0x1f0/0x18c0
[  376.568702][T16192]  ? __pfx_translate_compat_table+0x10/0x10
[  376.568715][T16192]  ? __might_fault+0x13b/0x190
[  376.568729][T16192]  ? trace_lock_acquire+0x14e/0x1f0
[  376.568745][T16192]  compat_do_replace+0x35d/0x500
[  376.568759][T16192]  ? __pfx_compat_do_replace+0x10/0x10
[  376.568771][T16192]  ? aa_get_newest_label+0x376/0x680
[  376.568786][T16192]  ? __pfx_aa_get_newest_label+0x10/0x10
[  376.568805][T16192]  ? bpf_lsm_capable+0x9/0x10
[  376.568819][T16192]  ? security_capable+0x7e/0x260
[  376.568834][T16192]  do_ipt_set_ctl+0x686/0xc10
[  376.568847][T16192]  ? __mutex_lock+0x1cc/0xb10
[  376.568863][T16192]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  376.568875][T16192]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  376.568890][T16192]  ? sockopt_release_sock+0x52/0x60
[  376.568902][T16192]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  376.568918][T16192]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  376.568936][T16192]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  376.568951][T16192]  nf_setsockopt+0x8a/0xf0
[  376.568964][T16192]  ip_setsockopt+0xcb/0xf0
[  376.568979][T16192]  udp_setsockopt+0x7d/0xd0
[  376.568996][T16192]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  376.569009][T16192]  do_sock_setsockopt+0x222/0x480
[  376.569021][T16192]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  376.569033][T16192]  ? lock_acquire+0x2f/0xb0
[  376.569050][T16192]  __sys_setsockopt+0x1a0/0x230
[  376.569062][T16192]  __ia32_sys_setsockopt+0xbc/0x160
[  376.569071][T16192]  ? lockdep_hardirqs_on+0x7c/0x110
[  376.569085][T16192]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  376.569099][T16192]  __do_fast_syscall_32+0x73/0x120
[  376.569109][T16192]  do_fast_syscall_32+0x32/0x80
[  376.569118][T16192]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  376.569134][T16192] RIP: 0023:0xf742e579
[  376.569141][T16192] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  376.569150][T16192] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  376.569159][T16192] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  376.569165][T16192] RDX: 0000000000000040 RSI: 0000000020000580 RDI: 0000000000000538
[  376.569170][T16192] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  376.569175][T16192] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  376.569180][T16192] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  376.569192][T16192]  </TASK>
[  376.569222][T16192] syz.2.3029: vmalloc error: size 24, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[  376.678298][T16192] CPU: 0 UID: 0 PID: 16192 Comm: syz.2.3029 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  376.678312][T16192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  376.678318][T16192] Call Trace:
[  376.678321][T16192]  <TASK>
[  376.678325][T16192]  dump_stack_lvl+0x16c/0x1f0
[  376.678345][T16192]  warn_alloc+0x24d/0x3a0
[  376.678358][T16192]  ? __pfx_warn_alloc+0x10/0x10
[  376.678369][T16192]  ? rcu_is_watching+0x12/0xc0
[  376.678384][T16192]  ? __kmalloc_cache_node_noprof+0x245/0x3f0
[  376.678397][T16192]  ? __kasan_kmalloc+0x8a/0xb0
[  376.678409][T16192]  ? __get_vm_area_node+0x1dc/0x2f0
[  376.678421][T16192]  __vmalloc_node_range_noprof+0xd24/0x1530
[  376.678433][T16192]  ? rcu_is_watching+0x12/0xc0
[  376.678448][T16192]  ? xt_compat_init_offsets+0xe1/0x1f0
[  376.678463][T16192]  ? __kasan_kmalloc+0xaa/0xb0
[  376.678473][T16192]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  376.678487][T16192]  ? xt_compat_init_offsets+0xe1/0x1f0
[  376.678500][T16192]  vmalloc_noprof+0x6b/0x90
[  376.678509][T16192]  ? xt_compat_init_offsets+0xe1/0x1f0
[  376.678521][T16192]  xt_compat_init_offsets+0xe1/0x1f0
[  376.678533][T16192]  translate_compat_table+0x1f0/0x18c0
[  376.678552][T16192]  ? __pfx_translate_compat_table+0x10/0x10
[  376.678565][T16192]  ? __might_fault+0x13b/0x190
[  376.678578][T16192]  ? trace_lock_acquire+0x14e/0x1f0
[  376.678595][T16192]  compat_do_replace+0x35d/0x500
[  376.678608][T16192]  ? __pfx_compat_do_replace+0x10/0x10
[  376.678620][T16192]  ? aa_get_newest_label+0x376/0x680
[  376.678635][T16192]  ? __pfx_aa_get_newest_label+0x10/0x10
[  376.678654][T16192]  ? bpf_lsm_capable+0x9/0x10
[  376.678667][T16192]  ? security_capable+0x7e/0x260
[  376.678682][T16192]  do_ipt_set_ctl+0x686/0xc10
[  376.678695][T16192]  ? __mutex_lock+0x1cc/0xb10
[  376.678711][T16192]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  376.678723][T16192]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  376.678738][T16192]  ? sockopt_release_sock+0x52/0x60
[  376.678750][T16192]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  376.678766][T16192]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  376.678784][T16192]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  376.678799][T16192]  nf_setsockopt+0x8a/0xf0
[  376.678813][T16192]  ip_setsockopt+0xcb/0xf0
[  376.678827][T16192]  udp_setsockopt+0x7d/0xd0
[  376.678839][T16192]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  376.678852][T16192]  do_sock_setsockopt+0x222/0x480
[  376.678863][T16192]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  376.678875][T16192]  ? lock_acquire+0x2f/0xb0
[  376.678892][T16192]  __sys_setsockopt+0x1a0/0x230
[  376.678904][T16192]  __ia32_sys_setsockopt+0xbc/0x160
[  376.678912][T16192]  ? lockdep_hardirqs_on+0x7c/0x110
[  376.678926][T16192]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  376.678940][T16192]  __do_fast_syscall_32+0x73/0x120
[  376.678952][T16192]  do_fast_syscall_32+0x32/0x80
[  376.678961][T16192]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  376.678976][T16192] RIP: 0023:0xf742e579
[  376.678984][T16192] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  376.678993][T16192] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  376.679002][T16192] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  376.679007][T16192] RDX: 0000000000000040 RSI: 0000000020000580 RDI: 0000000000000538
[  376.679013][T16192] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  376.679018][T16192] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  376.679023][T16192] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  376.679034][T16192]  </TASK>
[  376.679037][T16192] Mem-Info:
[  376.802766][T16192] active_anon:2188 inactive_anon:4156 isolated_anon:0
[  376.802766][T16192]  active_file:1917 inactive_file:16326 isolated_file:0
[  376.802766][T16192]  unevictable:1784 dirty:128 writeback:0
[  376.802766][T16192]  slab_reclaimable:6677 slab_unreclaimable:77063
[  376.802766][T16192]  mapped:23615 shmem:5874 pagetables:779
[  376.802766][T16192]  sec_pagetables:320 bounce:0
[  376.802766][T16192]  kernel_misc_reclaimable:0
[  376.802766][T16192]  free:37265 free_pcp:1548 free_cma:0
[  376.815501][T16192] Node 0 active_anon:84kB inactive_anon:24kB active_file:0kB inactive_file:4kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:3852kB dirty:4kB writeback:0kB shmem:3960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9408kB pagetables:568kB sec_pagetables:1136kB all_unreclaimable? yes
[  376.824319][T16192] Node 1 active_anon:8568kB inactive_anon:16600kB active_file:7668kB inactive_file:65300kB unevictable:3600kB isolated(anon):0kB isolated(file):0kB mapped:90608kB dirty:508kB writeback:0kB shmem:19536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3628kB pagetables:2548kB sec_pagetables:144kB all_unreclaimable? no
[  376.833488][T16192] Node 0 DMA free:1768kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:76kB local_pcp:0kB free_cma:0kB
[  376.841266][T16192] lowmem_reserve[]: 0 297 0 0 0
[  376.842735][T16192] Node 0 DMA32 free:21448kB boost:4096kB min:17768kB low:21184kB high:24600kB reserved_highatomic:4096KB active_anon:84kB inactive_anon:24kB active_file:0kB inactive_file:4kB unevictable:3536kB writepending:4kB present:1032196kB managed:305052kB mlocked:0kB bounce:0kB free_pcp:2516kB local_pcp:20kB free_cma:0kB
[  376.850988][T16192] lowmem_reserve[]: 0 0 0 0 0
[  376.852381][T16192] Node 1 DMA32 free:125844kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB active_anon:8568kB inactive_anon:16600kB active_file:7668kB inactive_file:65300kB unevictable:3600kB writepending:508kB present:1048432kB managed:948252kB mlocked:64kB bounce:0kB free_pcp:3696kB local_pcp:572kB free_cma:0kB
[  376.860880][T16192] lowmem_reserve[]: 0 0 0 0 0
[  376.862504][T16192] Node 0 DMA: 92*4kB (U) 63*8kB (U) 22*16kB (U) 17*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 1768kB
[  376.866375][T16192] Node 0 DMA32: 626*4kB (UMEH) 248*8kB (UMEH) 90*16kB (UMEH) 187*32kB (UMEH) 77*64kB (UMEH) 26*128kB (UME) 5*256kB (UMEH) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21448kB
[  376.871241][T16192] Node 1 DMA32: 865*4kB (UME) 865*8kB (UMEH) 867*16kB (UMEH) 561*32kB (UMEH) 208*64kB (UMEH) 66*128kB (UMEH) 66*256kB (UMEH) 19*512kB (ME) 15*1024kB (UME) 6*2048kB (UM) 2*4096kB (M) = 126428kB
[  376.876726][T16192] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  376.879471][T16192] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  376.882252][T16192] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  376.885006][T16192] Node 1 hugepages_total=5 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB
[  376.887713][T16192] 24362 total pagecache pages
[  376.889115][T16192] 243 pages in swap cache
[  376.890479][T16192] Free swap  = 113944kB
[  376.891717][T16192] Total swap = 124996kB
[  376.892952][T16192] 524155 pages RAM
[  376.894085][T16192] 0 pages HighMem/MovableOnly
[  376.895472][T16192] 206989 pages reserved
[  376.896708][T16192] 0 pages cma reserved
[  376.932406][T16198] netlink: 'syz.1.3031': attribute type 1 has an invalid length.
[  377.177564][T16209] __nla_validate_parse: 1 callbacks suppressed
[  377.177577][T16209] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3037'.
[  377.260319][   T39] kauditd_printk_skb: 92 callbacks suppressed
[  377.260461][   T39] audit: type=1804 audit(1738661740.072:1327): pid=16214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3038" name="file0" dev="ramfs" ino=53602 res=1 errno=0
[  377.533343][T16219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3041'.
[  377.533883][T16220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3041'.
[  377.545588][T16219] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3041'.
[  377.623033][T16224] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3042'.
[  377.729998][  T833] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  377.730131][   T65] Bluetooth: hci1: command 0x0406 tx timeout
[  377.731824][  T833] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  377.876988][T16234] 8021q: adding VLAN 0 to HW filter on device bond2
[  377.879569][T16234] bond2: entered promiscuous mode
[  377.881375][T16234] bond0: (slave bond2): Enslaving as an active interface with an up link
[  377.921603][T16237] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3047'.
[  377.971423][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  378.056105][T16245] ata1.00: invalid multi_count 128 ignored
[  379.809984][  T833] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  379.810107][   T65] Bluetooth: hci0: command 0x0405 tx timeout
[  379.811824][  T833] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  379.875461][T16267] FAULT_INJECTION: forcing a failure.
[  379.875461][T16267] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  379.879437][T16267] CPU: 1 UID: 0 PID: 16267 Comm: syz.2.3056 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  379.879451][T16267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  379.879456][T16267] Call Trace:
[  379.879460][T16267]  <TASK>
[  379.879464][T16267]  dump_stack_lvl+0x16c/0x1f0
[  379.879484][T16267]  should_fail_ex+0x50a/0x650
[  379.879497][T16267]  _copy_to_user+0x32/0xd0
[  379.879511][T16267]  snd_pcm_oss_read2+0x292/0x3e0
[  379.879527][T16267]  ? __pfx_snd_pcm_oss_read2+0x10/0x10
[  379.879540][T16267]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  379.879554][T16267]  snd_pcm_oss_read+0x5a3/0x750
[  379.879569][T16267]  ? rw_verify_area+0xcf/0x680
[  379.879583][T16267]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  379.879597][T16267]  vfs_read+0x1df/0xbf0
[  379.879607][T16267]  ? __fget_files+0x1fc/0x3a0
[  379.879617][T16267]  ? __pfx_lock_release+0x10/0x10
[  379.879629][T16267]  ? __pfx_vfs_read+0x10/0x10
[  379.879639][T16267]  ? lock_acquire+0x2f/0xb0
[  379.879649][T16267]  ? __fget_files+0x40/0x3a0
[  379.879660][T16267]  ? __fget_files+0x206/0x3a0
[  379.879674][T16267]  ksys_read+0x12b/0x250
[  379.879683][T16267]  ? __pfx_ksys_read+0x10/0x10
[  379.879695][T16267]  __do_fast_syscall_32+0x73/0x120
[  379.879705][T16267]  do_fast_syscall_32+0x32/0x80
[  379.879714][T16267]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  379.879729][T16267] RIP: 0023:0xf742e579
[  379.879737][T16267] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  379.879747][T16267] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  379.879755][T16267] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200011c0
[  379.879761][T16267] RDX: 00000000200021d5 RSI: 0000000000000000 RDI: 0000000000000000
[  379.879766][T16267] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  379.879771][T16267] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  379.879776][T16267] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  379.879788][T16267]  </TASK>
[  379.940054][    C1] vkms_vblank_simulate: vblank timer overrun
[  380.027563][   T39] audit: type=1326 audit(1738661742.842:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16283 comm="syz.0.3062" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd5579 code=0x0
[  380.161460][T16274] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3058'.
[  380.164812][T16274] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3058'.
[  380.169080][T16294] md: md2 stopped.
[  380.298682][T16301] openvswitch: netlink: Missing key (keys=40, expected=100)
[  380.490505][   T25] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  380.651313][   T25] usb 7-1: not running at top speed; connect to a high speed hub
[  380.655371][   T25] usb 7-1: config 4 has an invalid interface number: 138 but max is 2
[  380.658629][   T25] usb 7-1: config 4 has an invalid interface number: 210 but max is 2
[  380.661467][   T25] usb 7-1: config 4 has an invalid interface number: 136 but max is 2
[  380.663789][   T25] usb 7-1: config 4 has no interface number 0
[  380.665554][   T25] usb 7-1: config 4 has no interface number 1
[  380.667286][   T25] usb 7-1: config 4 has no interface number 2
[  380.669028][   T25] usb 7-1: config 4 interface 138 altsetting 6 has a duplicate endpoint with address 0x1, skipping
[  380.672271][   T25] usb 7-1: config 4 interface 138 altsetting 6 has a duplicate endpoint with address 0x1, skipping
[  380.675361][   T25] usb 7-1: config 4 interface 138 altsetting 6 endpoint 0xD has invalid maxpacket 2031, setting to 64
[  380.678494][   T25] usb 7-1: config 4 interface 138 altsetting 6 endpoint 0xE has invalid maxpacket 1024, setting to 64
[  380.681718][   T25] usb 7-1: config 4 interface 138 altsetting 6 has a duplicate endpoint with address 0x5, skipping
[  380.685543][   T25] usb 7-1: config 4 interface 138 altsetting 6 has an invalid descriptor for endpoint zero, skipping
[  380.689664][   T25] usb 7-1: config 4 interface 138 altsetting 6 has an invalid descriptor for endpoint zero, skipping
[  380.693605][   T25] usb 7-1: config 4 interface 138 altsetting 6 has an invalid descriptor for endpoint zero, skipping
[  380.696755][   T25] usb 7-1: config 4 interface 138 altsetting 6 endpoint 0x8 has invalid wMaxPacketSize 0
[  380.699567][   T25] usb 7-1: config 4 interface 210 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  380.702735][   T25] usb 7-1: config 4 interface 210 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  380.705799][   T25] usb 7-1: config 4 interface 210 altsetting 5 has a duplicate endpoint with address 0x7, skipping
[  380.708799][   T25] usb 7-1: config 4 interface 210 altsetting 5 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  380.712166][   T25] usb 7-1: config 4 interface 210 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  380.715242][   T25] usb 7-1: config 4 interface 136 altsetting 1 has a duplicate endpoint with address 0xE, skipping
[  380.719005][   T25] usb 7-1: config 4 interface 136 altsetting 1 has a duplicate endpoint with address 0x1, skipping
[  380.722355][   T25] usb 7-1: config 4 interface 138 has no altsetting 0
[  380.724286][   T25] usb 7-1: config 4 interface 210 has no altsetting 0
[  380.726236][   T25] usb 7-1: config 4 interface 136 has no altsetting 0
[  380.729774][   T25] usb 7-1: New USB device found, idVendor=0572, idProduct=d811, bcdDevice=42.16
[  380.732496][   T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.734792][   T25] usb 7-1: Product: ж
[  380.735997][   T25] usb 7-1: Manufacturer: �ጅ嫦�ᕫ倩谮첺꺃�宫ጟ풸윃
[  380.738413][   T25] usb 7-1: SerialNumber: à°„
[  380.742760][T16299] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  380.952058][T16315] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3074'.
[  380.966663][T16317] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3072'.
[  380.974054][T16317] bridge0: port 1(bridge_slave_0) entered disabled state
[  381.029046][T16317] bridge_slave_0 (unregistering): left allmulticast mode
[  381.031320][T16317] bridge_slave_0 (unregistering): left promiscuous mode
[  381.033496][T16317] bridge0: port 1(bridge_slave_0) entered disabled state
[  381.234449][   T39] audit: type=1326 audit(1738661744.052:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16324 comm="syz.3.3077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ce579 code=0x7ffc0000
[  381.240888][   T39] audit: type=1326 audit(1738661744.052:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16324 comm="syz.3.3077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ce579 code=0x7ffc0000
[  381.247187][   T39] audit: type=1326 audit(1738661744.062:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16324 comm="syz.3.3077" exe="/syz-executor" sig=0 arch=40000003 syscall=27 compat=1 ip=0xf73ce579 code=0x7ffc0000
[  381.253047][   T39] audit: type=1326 audit(1738661744.062:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16324 comm="syz.3.3077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ce579 code=0x7ffc0000
[  381.258936][   T39] audit: type=1326 audit(1738661744.062:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16324 comm="syz.3.3077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ce579 code=0x7ffc0000
[  381.267569][   T39] audit: type=1326 audit(1738661744.062:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16324 comm="syz.3.3077" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf73ce579 code=0x7ffc0000
[  381.275484][   T39] audit: type=1326 audit(1738661744.062:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16324 comm="syz.3.3077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ce579 code=0x7ffc0000
[  381.281703][   T39] audit: type=1326 audit(1738661744.062:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16324 comm="syz.3.3077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ce579 code=0x7ffc0000
[  382.038006][T16346] Dead loop on virtual device ip6_vti0, fix it urgently!
[  382.902941][T16362] tipc: Started in network mode
[  382.904456][T16362] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  382.906672][T16362] tipc: Enabled bearer <eth:team0>, priority 0
[  382.947214][T16364] overlayfs: failed to resolve './file0': -2
[  383.262714][   T25] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state.
[  383.264781][   T25] usb 7-1: setting power ON
[  383.267469][   T25] dvb-usb: bulk message failed: -71 (2/0)
[  383.289934][T16372] XFS (sr0): Invalid superblock magic number
[  383.318938][T16380] netlink: 'syz.0.3091': attribute type 10 has an invalid length.
[  383.328408][T16380] team0: Cannot enslave team device to itself
[  383.415347][   T25] dvb-usb: bulk message failed: -71 (1/0)
[  383.531750][   T25] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  383.546914][   T25] dvb-usb: Mygica D689 DMB-TH error while loading driver (-19)
[  383.549326][   T25] dvb_usb_cxusb 7-1:4.138: probe with driver dvb_usb_cxusb failed with error -22
[  383.554001][T16387] __nla_validate_parse: 4 callbacks suppressed
[  383.554010][T16387] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3093'.
[  383.558598][   T25] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state.
[  383.562686][   T25] usb 7-1: setting power ON
[  383.570586][   T25] dvb-usb: bulk message failed: -71 (2/0)
[  383.710791][   T25] dvb-usb: bulk message failed: -71 (1/0)
[  383.770433][T16389] netfs: Couldn't get user pages (rc=-14)
[  383.775933][T16389] netlink: 'syz.0.3094': attribute type 1 has an invalid length.
[  383.778206][T16389] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.3094'.
[  383.825115][   T25] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  383.831201][   T25] dvb-usb: Mygica D689 DMB-TH error while loading driver (-19)
[  383.833434][   T25] dvb_usb_cxusb 7-1:4.210: probe with driver dvb_usb_cxusb failed with error -22
[  383.839222][   T25] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state.
[  383.845896][   T25] usb 7-1: setting power ON
[  383.849459][   T25] dvb-usb: bulk message failed: -71 (2/0)
[  383.990440][   T25] dvb-usb: bulk message failed: -71 (1/0)
[  384.031965][ T5993] tipc: Node number set to 11578026
[  384.104834][   T25] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  384.107268][T16394] XFS (sr0): Invalid superblock magic number
[  384.135279][T16394] netlink: 'syz.3.3096': attribute type 10 has an invalid length.
[  384.137588][T16394] team0: Cannot enslave team device to itself
[  384.383046][   T25] dvb-usb: Mygica D689 DMB-TH error while loading driver (-19)
[  384.385306][   T25] dvb_usb_cxusb 7-1:4.136: probe with driver dvb_usb_cxusb failed with error -22
[  384.389680][   T25] usb 7-1: USB disconnect, device number 10
[  384.732523][   T39] kauditd_printk_skb: 24 callbacks suppressed
[  384.732660][   T39] audit: type=1326 audit(1738661747.552:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16421 comm="syz.2.3104" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x0
[  384.848851][T16426] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3105'.
[  384.851539][T16426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3105'.
[  385.333053][   T39] audit: type=1326 audit(1738661748.152:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16450 comm="syz.1.3113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  385.341706][   T39] audit: type=1326 audit(1738661748.152:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16450 comm="syz.1.3113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  385.347997][   T39] audit: type=1326 audit(1738661748.152:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16450 comm="syz.1.3113" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  385.354673][   T39] audit: type=1326 audit(1738661748.152:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16450 comm="syz.1.3113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  385.361008][   T39] audit: type=1326 audit(1738661748.152:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16450 comm="syz.1.3113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  385.361170][T16451] overlay: Unknown parameter 'smackfsdef'
[  385.367472][   T39] audit: type=1326 audit(1738661748.152:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16450 comm="syz.1.3113" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  385.376279][   T39] audit: type=1326 audit(1738661748.162:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16450 comm="syz.1.3113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  385.476624][   T39] audit: type=1326 audit(1738661748.162:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16450 comm="syz.1.3113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  385.482954][   T39] audit: type=1326 audit(1738661748.162:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16450 comm="syz.1.3113" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  385.557953][T16468] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3121'.
[  385.665124][T16474] Cannot find set identified by id 0 to match
[  386.481758][T16486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3126'.
[  386.508477][T16490] Cannot find del_set index 2 as target
[  386.617730][T16504] FAULT_INJECTION: forcing a failure.
[  386.617730][T16504] name failslab, interval 1, probability 0, space 0, times 0
[  386.622747][T16504] CPU: 2 UID: 0 PID: 16504 Comm: syz.1.3135 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  386.622763][T16504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  386.622770][T16504] Call Trace:
[  386.622773][T16504]  <TASK>
[  386.622777][T16504]  dump_stack_lvl+0x16c/0x1f0
[  386.622797][T16504]  should_fail_ex+0x50a/0x650
[  386.622809][T16504]  ? fs_reclaim_acquire+0xae/0x150
[  386.622837][T16504]  ? snd_pcm_oss_change_params_locked+0x242/0x3a50
[  386.622855][T16504]  should_failslab+0xc2/0x120
[  386.622868][T16504]  __kmalloc_cache_noprof+0x68/0x420
[  386.622880][T16504]  ? kasan_save_track+0x14/0x30
[  386.622892][T16504]  snd_pcm_oss_change_params_locked+0x242/0x3a50
[  386.622908][T16504]  ? rcu_is_watching+0x12/0xc0
[  386.622925][T16504]  ? __mutex_lock+0x1cc/0xb10
[  386.622941][T16504]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  386.622955][T16504]  ? __mutex_lock+0x1cc/0xb10
[  386.622970][T16504]  ? __pfx___mutex_lock+0x10/0x10
[  386.622989][T16504]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  386.623009][T16504]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  386.623026][T16504]  snd_pcm_oss_ioctl+0x21d5/0x3780
[  386.623042][T16504]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  386.623059][T16504]  ? __fget_files+0x206/0x3a0
[  386.623072][T16504]  ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10
[  386.623087][T16504]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  386.623104][T16504]  __do_fast_syscall_32+0x73/0x120
[  386.623114][T16504]  do_fast_syscall_32+0x32/0x80
[  386.623124][T16504]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  386.623145][T16504] RIP: 0023:0xf7f06579
[  386.623154][T16504] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  386.623164][T16504] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  386.623174][T16504] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0045002
[  386.623179][T16504] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000
[  386.623184][T16504] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  386.623189][T16504] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  386.623194][T16504] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  386.623215][T16504]  </TASK>
[  386.669785][T16500] XFS (sr0): Invalid superblock magic number
[  386.690603][T16510] netlink: 'syz.3.3133': attribute type 10 has an invalid length.
[  386.704175][T16510] team0: Cannot enslave team device to itself
[  386.800162][T16516] 9pnet_fd: Insufficient options for proto=fd
[  386.971106][T16528] lo speed is unknown, defaulting to 1000
[  387.049206][T16528] virt_wifi0 speed is unknown, defaulting to 1000
[  387.057688][T16528] lo speed is unknown, defaulting to 1000
[  387.479598][T16551] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3148'.
[  387.502957][T16549] XFS (sr0): Invalid superblock magic number
[  387.526350][T16549] netlink: 'syz.0.3147': attribute type 10 has an invalid length.
[  387.528693][T16549] team0: Cannot enslave team device to itself
[  387.699541][T16577] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3155'.
[  388.237097][T16589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3161'.
[  388.482344][T16598] XFS (sr0): Invalid superblock magic number
[  388.494861][T16607] netlink: 'syz.2.3164': attribute type 10 has an invalid length.
[  388.497458][T16607] team0: Cannot enslave team device to itself
[  389.395005][T16623] lo speed is unknown, defaulting to 1000
[  389.581916][T16623] virt_wifi0 speed is unknown, defaulting to 1000
[  389.584689][T16623] lo speed is unknown, defaulting to 1000
[  389.704154][T16635] bridge_slave_0: left allmulticast mode
[  389.706497][T16635] bridge_slave_0: left promiscuous mode
[  389.708768][T16635] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.715934][T16635] bridge_slave_1: left allmulticast mode
[  389.718635][T16635] bridge_slave_1: left promiscuous mode
[  389.721938][T16635] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.736074][T16635] bond0: (slave bond_slave_0): Releasing backup interface
[  389.742405][T16635] bond0: (slave bond_slave_1): Releasing backup interface
[  389.764575][T16635] team0: Port device team_slave_0 removed
[  389.771454][T16635] team0: Port device team_slave_1 removed
[  389.773454][T16635] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  389.775685][T16635] batman_adv: batadv0: Removing interface: batadv_slave_0
[  389.778700][T16635] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  389.781718][T16635] batman_adv: batadv0: Removing interface: batadv_slave_1
[  389.792786][ T5993] lo speed is unknown, defaulting to 1000
[  389.900004][T16635] vlan0: entered promiscuous mode
[  389.916958][T16635] team0: Port device vlan0 added
[  389.957973][T16645] overlayfs: conflicting options: metacopy=off,verity=on
[  389.987451][T16645] loop7: detected capacity change from 0 to 16384
[  390.050087][T16645] loop7: detected capacity change from 16384 to 16383
[  390.515680][T16651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3177'.
[  390.519064][T16651] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3177'.
[  390.522938][T16651] FAULT_INJECTION: forcing a failure.
[  390.522938][T16651] name failslab, interval 1, probability 0, space 0, times 0
[  390.526958][T16651] CPU: 0 UID: 0 PID: 16651 Comm: syz.1.3177 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  390.526980][T16651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  390.526990][T16651] Call Trace:
[  390.526995][T16651]  <TASK>
[  390.527002][T16651]  dump_stack_lvl+0x16c/0x1f0
[  390.527032][T16651]  should_fail_ex+0x50a/0x650
[  390.527053][T16651]  ? fs_reclaim_acquire+0xae/0x150
[  390.527082][T16651]  should_failslab+0xc2/0x120
[  390.527101][T16651]  __kmalloc_noprof+0xce/0x4f0
[  390.527119][T16651]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  390.527138][T16651]  ? tomoyo_realpath_from_path+0xbf/0x710
[  390.527163][T16651]  tomoyo_realpath_from_path+0xbf/0x710
[  390.527186][T16651]  ? tomoyo_path_number_perm+0x235/0x5b0
[  390.527206][T16651]  tomoyo_path_number_perm+0x248/0x5b0
[  390.527223][T16651]  ? tomoyo_path_number_perm+0x235/0x5b0
[  390.527242][T16651]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  390.527284][T16651]  ? __pfx_lock_release+0x10/0x10
[  390.527303][T16651]  ? trace_lock_acquire+0x14e/0x1f0
[  390.527322][T16651]  ? lock_acquire+0x2f/0xb0
[  390.527340][T16651]  ? __fget_files+0x40/0x3a0
[  390.527362][T16651]  ? __fget_files+0x206/0x3a0
[  390.527384][T16651]  security_file_ioctl_compat+0x9b/0x240
[  390.527405][T16651]  __do_compat_sys_ioctl+0x4e/0x2c0
[  390.527433][T16651]  __do_fast_syscall_32+0x73/0x120
[  390.527451][T16651]  do_fast_syscall_32+0x32/0x80
[  390.527468][T16651]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  390.527495][T16651] RIP: 0023:0xf7f06579
[  390.527509][T16651] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  390.527525][T16651] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  390.527541][T16651] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000550c
[  390.527551][T16651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  390.527560][T16651] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  390.527569][T16651] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  390.527578][T16651] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  390.527599][T16651]  </TASK>
[  390.527605][T16651] ERROR: Out of memory at tomoyo_realpath_from_path.
[  391.501092][ T5953] Bluetooth: hci2: unexpected event 0x02 length: 0 < 1
[  392.031540][T16671] overlayfs: missing 'lowerdir'
[  392.469016][T16686] XFS (sr0): Invalid superblock magic number
[  392.491326][T16692] netlink: 'syz.1.3190': attribute type 10 has an invalid length.
[  392.499994][T16692] team0: Cannot enslave team device to itself
[  392.756121][T16701] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3193'.
[  392.759353][T16701] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3193'.
[  392.762246][T16701] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3193'.
[  392.764832][T16701] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3193'.
[  392.767502][T16701] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3193'.
[  392.770357][T16701] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3193'.
[  392.773006][T16701] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3193'.
[  392.775698][T16701] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3193'.
[  393.050026][   T25] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  393.200090][   T25] usb 6-1: Using ep0 maxpacket: 32
[  393.207054][   T25] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  393.210234][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.215884][   T25] usb 6-1: config 0 descriptor??
[  393.221460][   T25] as10x_usb: device has been detected
[  393.224464][   T25] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  393.234032][   T25] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  393.241712][   T25] as10x_usb: error during firmware upload part1
[  393.245520][   T25] Registered device nBox DVB-T Dongle
[  393.530240][ T5987] usb 6-1: USB disconnect, device number 7
[  393.543078][ T5987] Unregistered device nBox DVB-T Dongle
[  393.543702][ T5987] as10x_usb: device has been disconnected
[  393.570345][   T65] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  393.966827][T16718] lo speed is unknown, defaulting to 1000
[  394.202193][T16718] virt_wifi0 speed is unknown, defaulting to 1000
[  394.247425][T16718] lo speed is unknown, defaulting to 1000
[  394.449525][T16737] FAULT_INJECTION: forcing a failure.
[  394.449525][T16737] name failslab, interval 1, probability 0, space 0, times 0
[  394.454832][T16737] CPU: 0 UID: 0 PID: 16737 Comm: syz.1.3207 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  394.454848][T16737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  394.454854][T16737] Call Trace:
[  394.454857][T16737]  <TASK>
[  394.454861][T16737]  dump_stack_lvl+0x16c/0x1f0
[  394.454880][T16737]  should_fail_ex+0x50a/0x650
[  394.454891][T16737]  ? fs_reclaim_acquire+0xae/0x150
[  394.454908][T16737]  should_failslab+0xc2/0x120
[  394.454921][T16737]  __kmalloc_noprof+0xce/0x4f0
[  394.454932][T16737]  ? lsm_blob_alloc+0x68/0x90
[  394.454947][T16737]  lsm_blob_alloc+0x68/0x90
[  394.454960][T16737]  security_sb_alloc+0x28/0x230
[  394.454976][T16737]  alloc_super+0x245/0xbd0
[  394.454985][T16737]  ? lock_acquire+0x2f/0xb0
[  394.454998][T16737]  ? __pfx_kernfs_test_super+0x10/0x10
[  394.455012][T16737]  sget_fc+0x116/0xb90
[  394.455021][T16737]  ? __pfx_kernfs_set_super+0x10/0x10
[  394.455036][T16737]  kernfs_get_tree+0x1ec/0xb90
[  394.455055][T16737]  ? rcu_is_watching+0x12/0xc0
[  394.455069][T16737]  ? trace_cap_capable+0x1a2/0x210
[  394.455083][T16737]  ? __pfx_kernfs_get_tree+0x10/0x10
[  394.455097][T16737]  ? apparmor_capable+0x114/0x1d0
[  394.455114][T16737]  sysfs_get_tree+0x41/0x140
[  394.455129][T16737]  vfs_get_tree+0x8b/0x340
[  394.455143][T16737]  path_mount+0x6e1/0x1f00
[  394.455156][T16737]  ? kmem_cache_free+0x2e2/0x4d0
[  394.455166][T16737]  ? __pfx_path_mount+0x10/0x10
[  394.455179][T16737]  ? putname+0x13c/0x180
[  394.455192][T16737]  __ia32_sys_mount+0x28d/0x310
[  394.455204][T16737]  ? __pfx___ia32_sys_mount+0x10/0x10
[  394.455219][T16737]  __do_fast_syscall_32+0x73/0x120
[  394.455230][T16737]  do_fast_syscall_32+0x32/0x80
[  394.455239][T16737]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  394.455254][T16737] RIP: 0023:0xf7f06579
[  394.455261][T16737] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  394.455270][T16737] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  394.455280][T16737] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000180
[  394.455286][T16737] RDX: 0000000020000080 RSI: 0000000001214040 RDI: 0000000000000000
[  394.455291][T16737] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  394.455296][T16737] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  394.455301][T16737] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  394.455313][T16737]  </TASK>
[  394.705979][T16741] netlink: 'syz.1.3208': attribute type 4 has an invalid length.
[  394.776097][T16742] netlink: 'syz.1.3208': attribute type 4 has an invalid length.
[  394.779762][    T9] lo speed is unknown, defaulting to 1000
[  394.793589][    T9] lo speed is unknown, defaulting to 1000
[  394.974384][T16744] netlink: 'syz.2.3209': attribute type 4 has an invalid length.
[  394.989936][T16744] netlink: 'syz.2.3209': attribute type 4 has an invalid length.
[  395.133700][T16746] program syz.3.3210 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  395.138354][T16746] vivid-007: disconnect
[  395.161516][T16745] vivid-007: reconnect
[  395.244975][T16755] netlink: 'syz.1.3214': attribute type 10 has an invalid length.
[  395.248451][T16755] team0: Cannot enslave team device to itself
[  395.416663][T16773] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  395.545767][T16789] bridge4: entered promiscuous mode
[  395.552896][T16790] bridge5: entered promiscuous mode
[  395.736957][T16794] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.110649][T16798] netlink: 'syz.3.3228': attribute type 10 has an invalid length.
[  396.113051][T16798] team0: Cannot enslave team device to itself
[  397.267744][T16830] netlink: 'syz.0.3239': attribute type 10 has an invalid length.
[  397.270238][T16830] team0: Cannot enslave team device to itself
[  397.782135][T16842] __nla_validate_parse: 27 callbacks suppressed
[  397.782150][T16842] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3243'.
[  398.010235][T16847] nbd2: detected capacity change from 0 to 12
[  398.013125][T15912] block nbd2: Send control failed (result -89)
[  398.015054][T15912] block nbd2: Request send failed, requeueing
[  398.017054][ T1196] block nbd2: Dead connection, failed to find a fallback
[  398.017057][   T65] block nbd2: Receive control failed (result -32)
[  398.019129][ T1196] block nbd2: shutting down sockets
[  398.019142][ T1196] blk_print_req_error: 125 callbacks suppressed
[  398.019148][ T1196] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.030006][ T1196] buffer_io_error: 125 callbacks suppressed
[  398.030016][ T1196] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.034029][T15912] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.036735][T15912] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.039016][T15912] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.044450][T15912] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.046748][T15912] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.049384][T15912] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.051923][T15912] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.054488][T15912] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.056739][T15912] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.059317][T15912] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.062629][T15912] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.065220][T15912] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.067505][T15912] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.070321][T15912] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.072486][T15912] ldm_validate_partition_table(): Disk read failed.
[  398.074295][T15912] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.076710][T15912] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.078808][T15912] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.082159][T15912] Buffer I/O error on dev nbd2, logical block 0, async page read
[  398.084375][T15912] Dev nbd2: unable to read RDB block 0
[  398.086052][T15912]  nbd2: unable to read partition table
[  398.087635][T15912] nbd2: partition table beyond EOD, truncated
[  398.118884][T15912] ldm_validate_partition_table(): Disk read failed.
[  398.121772][T15912] Dev nbd2: unable to read RDB block 0
[  398.123515][T15912]  nbd2: unable to read partition table
[  398.125214][T15912] nbd2: partition table beyond EOD, truncated
[  398.338084][T16850] netlink: 'syz.3.3245': attribute type 4 has an invalid length.
[  398.362692][T16850] netlink: 'syz.3.3245': attribute type 4 has an invalid length.
[  398.799688][T16868] macsec1: entered promiscuous mode
[  398.801608][T16868] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  398.804219][T16868] macsec1: entered allmulticast mode
[  398.806195][T16868] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  398.843379][T16876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3257'.
[  398.846301][T16876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3257'.
[  398.873889][T16878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3251'.
[  398.878883][T16878] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  399.100516][   T25] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  399.964609][T16898] geneve2: entered promiscuous mode
[  400.041748][T16899] wireguard0: entered promiscuous mode
[  400.044708][T16899] wireguard0: entered allmulticast mode
[  400.467088][T16908] netlink: 260 bytes leftover after parsing attributes in process `syz.2.3265'.
[  400.470662][T16908] netlink: 260 bytes leftover after parsing attributes in process `syz.2.3265'.
[  400.523965][T16912] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3267'.
[  400.782709][T16927] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3273'.
[  401.199928][T16930] nbd2: detected capacity change from 0 to 12
[  401.202603][T15912] block nbd2: Send control failed (result -89)
[  401.204489][T15912] block nbd2: Request send failed, requeueing
[  401.206663][   T65] block nbd2: Receive control failed (result -32)
[  401.206768][   T51] block nbd2: Dead connection, failed to find a fallback
[  401.212103][   T51] block nbd2: shutting down sockets
[  401.214912][T15912] ldm_validate_partition_table(): Disk read failed.
[  401.217980][T15912] Dev nbd2: unable to read RDB block 0
[  401.221715][T15912]  nbd2: unable to read partition table
[  401.226306][T15912] nbd2: partition table beyond EOD, truncated
[  401.232797][T15912] ldm_validate_partition_table(): Disk read failed.
[  401.236020][T15912] Dev nbd2: unable to read RDB block 0
[  401.238082][T15912]  nbd2: unable to read partition table
[  401.239832][T15912] nbd2: partition table beyond EOD, truncated
[  401.390546][T16932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3268'.
[  401.548062][T16934] netfs: Couldn't get user pages (rc=-14)
[  401.555651][T16934] netlink: 'syz.3.3274': attribute type 1 has an invalid length.
[  401.557929][T16934] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.3274'.
[  401.603401][T16943] veth1_macvtap: left promiscuous mode
[  401.726970][T16969] openvswitch: netlink: Missing key (keys=40, expected=100)
[  401.735634][T16968] dlm: plock device version mismatch: kernel (1.2.0), user (538976288.538976288.540745760)
[  402.709070][T17004] fuse: Unknown parameter 'dÝi|‹à®@‘Z«Z™ôЯ¯nvØc‡Ž§§ëÜÖ0»#M+6;
[  402.709070][T17004] J©ÉÙPJ¼Æ—ûæ"ÅzË0x0000000000000006'
[  402.802442][T17010] FAULT_INJECTION: forcing a failure.
[  402.802442][T17010] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  402.806219][T17010] CPU: 3 UID: 0 PID: 17010 Comm: syz.0.3303 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  402.806233][T17010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  402.806239][T17010] Call Trace:
[  402.806241][T17010]  <TASK>
[  402.806245][T17010]  dump_stack_lvl+0x16c/0x1f0
[  402.806263][T17010]  should_fail_ex+0x50a/0x650
[  402.806275][T17010]  ? __pfx___might_resched+0x10/0x10
[  402.806289][T17010]  should_fail_alloc_page+0xe7/0x130
[  402.806303][T17010]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  402.806321][T17010]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  402.806334][T17010]  ? stack_trace_save+0x95/0xd0
[  402.806344][T17010]  ? __pfx_stack_trace_save+0x10/0x10
[  402.806353][T17010]  ? stack_depot_save_flags+0x28/0x9e0
[  402.806367][T17010]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  402.806378][T17010]  ? kasan_save_stack+0x33/0x60
[  402.806388][T17010]  ? __kasan_kmalloc+0xaa/0xb0
[  402.806397][T17010]  ? ipv6_flowlabel_opt+0x643/0x2fb0
[  402.806410][T17010]  ? do_ipv6_setsockopt+0x1140/0x4660
[  402.806419][T17010]  ? ipv6_setsockopt+0xcb/0x170
[  402.806427][T17010]  ? tcp_setsockopt+0xa4/0x100
[  402.806437][T17010]  ? do_sock_setsockopt+0x222/0x480
[  402.806448][T17010]  ? __sys_setsockopt+0x1a0/0x230
[  402.806456][T17010]  ? __ia32_sys_setsockopt+0xbc/0x160
[  402.806474][T17010]  __alloc_pages_noprof+0xb/0x1b0
[  402.806485][T17010]  ___kmalloc_large_node+0x84/0x1b0
[  402.806500][T17010]  __kmalloc_large_node_noprof+0x1c/0x70
[  402.806516][T17010]  __kmalloc_noprof.cold+0xc/0x63
[  402.806526][T17010]  ? fl_create+0x1a8/0xcf0
[  402.806538][T17010]  ? kasan_save_track+0x14/0x30
[  402.806549][T17010]  fl_create+0x1a8/0xcf0
[  402.806563][T17010]  ? __pfx_fl_create+0x10/0x10
[  402.806574][T17010]  ? __pfx___lock_acquire+0x10/0x10
[  402.806593][T17010]  ? __pfx_lock_release+0x10/0x10
[  402.806603][T17010]  ? trace_lock_acquire+0x14e/0x1f0
[  402.806615][T17010]  ? __might_fault+0xe3/0x190
[  402.806630][T17010]  ipv6_flowlabel_opt+0x643/0x2fb0
[  402.806646][T17010]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[  402.806658][T17010]  ? sockopt_lock_sock+0x54/0x70
[  402.806670][T17010]  ? mark_held_locks+0x9f/0xe0
[  402.806681][T17010]  ? __local_bh_enable_ip+0xa4/0x120
[  402.806696][T17010]  ? do_ipv6_setsockopt+0x1140/0x4660
[  402.806710][T17010]  do_ipv6_setsockopt+0x1140/0x4660
[  402.806722][T17010]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  402.806734][T17010]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  402.806746][T17010]  ? find_held_lock+0x2d/0x110
[  402.806767][T17010]  ? __pfx___might_resched+0x10/0x10
[  402.806782][T17010]  ? aa_sk_perm+0x2f5/0xb20
[  402.806793][T17010]  ? ipv6_setsockopt+0xcb/0x170
[  402.806801][T17010]  ipv6_setsockopt+0xcb/0x170
[  402.806812][T17010]  tcp_setsockopt+0xa4/0x100
[  402.806821][T17010]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  402.806833][T17010]  do_sock_setsockopt+0x222/0x480
[  402.806844][T17010]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  402.806856][T17010]  ? lock_acquire+0x2f/0xb0
[  402.806873][T17010]  __sys_setsockopt+0x1a0/0x230
[  402.806885][T17010]  __ia32_sys_setsockopt+0xbc/0x160
[  402.806893][T17010]  ? lockdep_hardirqs_on+0x7c/0x110
[  402.806907][T17010]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  402.806921][T17010]  __do_fast_syscall_32+0x73/0x120
[  402.806931][T17010]  do_fast_syscall_32+0x32/0x80
[  402.806940][T17010]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  402.806954][T17010] RIP: 0023:0xf7fd5579
[  402.806962][T17010] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  402.806970][T17010] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  402.806980][T17010] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029
[  402.806985][T17010] RDX: 0000000000000020 RSI: 00000000200000c0 RDI: 000000000000fe60
[  402.806990][T17010] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  402.806995][T17010] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  402.807000][T17010] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  402.807011][T17010]  </TASK>
[  402.926902][    C3] vkms_vblank_simulate: vblank timer overrun
[  403.122054][T17020] netlink: 'syz.0.3308': attribute type 4 has an invalid length.
[  403.132429][T17020] netlink: 'syz.0.3308': attribute type 4 has an invalid length.
[  404.547024][T17036] FAULT_INJECTION: forcing a failure.
[  404.547024][T17036] name failslab, interval 1, probability 0, space 0, times 0
[  404.551754][T17036] CPU: 2 UID: 0 PID: 17036 Comm: syz.0.3312 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  404.551777][T17036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  404.551786][T17036] Call Trace:
[  404.551792][T17036]  <TASK>
[  404.551798][T17036]  dump_stack_lvl+0x16c/0x1f0
[  404.551827][T17036]  should_fail_ex+0x50a/0x650
[  404.551846][T17036]  ? fs_reclaim_acquire+0xae/0x150
[  404.551873][T17036]  ? shrinker_alloc+0xf8/0xb00
[  404.551895][T17036]  should_failslab+0xc2/0x120
[  404.551914][T17036]  __kmalloc_cache_noprof+0x68/0x420
[  404.551936][T17036]  shrinker_alloc+0xf8/0xb00
[  404.551967][T17036]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  404.551991][T17036]  ? rcu_is_watching+0x12/0xc0
[  404.552016][T17036]  ? __pfx_shrinker_alloc+0x10/0x10
[  404.552040][T17036]  ? lockdep_init_map_type+0x16d/0x7d0
[  404.552059][T17036]  ? lockdep_init_map_type+0x16d/0x7d0
[  404.552081][T17036]  ? __raw_spin_lock_init+0x3a/0x110
[  404.552102][T17036]  ? __init_rwsem+0x12d/0x1b0
[  404.552125][T17036]  alloc_super+0x7cc/0xbd0
[  404.552143][T17036]  ? __pfx_kernfs_test_super+0x10/0x10
[  404.552165][T17036]  sget_fc+0x116/0xb90
[  404.552180][T17036]  ? __pfx_kernfs_set_super+0x10/0x10
[  404.552205][T17036]  kernfs_get_tree+0x1ec/0xb90
[  404.552226][T17036]  ? rcu_is_watching+0x12/0xc0
[  404.552247][T17036]  ? trace_cap_capable+0x1a2/0x210
[  404.552270][T17036]  ? __pfx_kernfs_get_tree+0x10/0x10
[  404.552293][T17036]  ? apparmor_capable+0x114/0x1d0
[  404.552320][T17036]  sysfs_get_tree+0x41/0x140
[  404.552343][T17036]  vfs_get_tree+0x8b/0x340
[  404.552366][T17036]  path_mount+0x6e1/0x1f00
[  404.552384][T17036]  ? kmem_cache_free+0x2e2/0x4d0
[  404.552400][T17036]  ? __pfx_path_mount+0x10/0x10
[  404.552423][T17036]  ? putname+0x13c/0x180
[  404.552446][T17036]  __ia32_sys_mount+0x28d/0x310
[  404.552465][T17036]  ? __pfx___ia32_sys_mount+0x10/0x10
[  404.552490][T17036]  __do_fast_syscall_32+0x73/0x120
[  404.552503][T17036]  do_fast_syscall_32+0x32/0x80
[  404.552512][T17036]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  404.552527][T17036] RIP: 0023:0xf7fd5579
[  404.552536][T17036] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  404.552545][T17036] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  404.552554][T17036] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000180
[  404.552560][T17036] RDX: 0000000020000080 RSI: 0000000001214040 RDI: 0000000000000000
[  404.552566][T17036] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  404.552571][T17036] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  404.552576][T17036] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  404.552587][T17036]  </TASK>
[  405.401792][T17055] netlink: 'syz.2.3318': attribute type 4 has an invalid length.
[  405.412458][T17055] netlink: 'syz.2.3318': attribute type 4 has an invalid length.
[  405.701333][T17073] netlink: 'syz.3.3326': attribute type 4 has an invalid length.
[  405.721576][T17073] netlink: 'syz.3.3326': attribute type 4 has an invalid length.
[  407.026980][T17124] netlink: 'syz.2.3342': attribute type 4 has an invalid length.
[  407.036346][T17124] netlink: 'syz.2.3342': attribute type 4 has an invalid length.
[  407.180243][T17128] FAULT_INJECTION: forcing a failure.
[  407.180243][T17128] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  407.184051][T17128] CPU: 2 UID: 0 PID: 17128 Comm: syz.3.3343 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  407.184064][T17128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  407.184070][T17128] Call Trace:
[  407.184073][T17128]  <TASK>
[  407.184077][T17128]  dump_stack_lvl+0x16c/0x1f0
[  407.184095][T17128]  should_fail_ex+0x50a/0x650
[  407.184109][T17128]  _copy_to_user+0x32/0xd0
[  407.184123][T17128]  snd_pcm_oss_read2+0x292/0x3e0
[  407.184142][T17128]  ? __pfx_snd_pcm_oss_read2+0x10/0x10
[  407.184161][T17128]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  407.184182][T17128]  snd_pcm_oss_read+0x5a3/0x750
[  407.184206][T17128]  ? rw_verify_area+0xcf/0x680
[  407.184220][T17128]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  407.184235][T17128]  vfs_read+0x1df/0xbf0
[  407.184244][T17128]  ? __fget_files+0x1fc/0x3a0
[  407.184254][T17128]  ? __pfx_lock_release+0x10/0x10
[  407.184267][T17128]  ? __pfx_vfs_read+0x10/0x10
[  407.184276][T17128]  ? lock_acquire+0x2f/0xb0
[  407.184286][T17128]  ? __fget_files+0x40/0x3a0
[  407.184298][T17128]  ? __fget_files+0x206/0x3a0
[  407.184311][T17128]  ksys_read+0x12b/0x250
[  407.184320][T17128]  ? __pfx_ksys_read+0x10/0x10
[  407.184333][T17128]  __do_fast_syscall_32+0x73/0x120
[  407.184343][T17128]  do_fast_syscall_32+0x32/0x80
[  407.184351][T17128]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  407.184366][T17128] RIP: 0023:0xf73ce579
[  407.184374][T17128] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  407.184383][T17128] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  407.184393][T17128] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200011c0
[  407.184398][T17128] RDX: 00000000200021d5 RSI: 0000000000000000 RDI: 0000000000000000
[  407.184404][T17128] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  407.184409][T17128] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  407.184414][T17128] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  407.184425][T17128]  </TASK>
[  407.837834][T17143] bond0: Error: Cannot enslave bond to itself.
[  407.987698][T17146] tipc: Started in network mode
[  407.989972][T17146] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  407.992663][T17146] tipc: Enabled bearer <eth:team0>, priority 0
[  408.027726][T17148] bridge0: entered allmulticast mode
[  408.071844][T17150] __nla_validate_parse: 4 callbacks suppressed
[  408.071862][T17150] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3349'.
[  408.084352][T17150] bridge0: port 2(bridge_slave_1) entered disabled state
[  408.440140][T11205] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  408.580104][T11205] usb 5-1: device descriptor read/64, error -71
[  408.829951][T11205] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  408.970311][T11205] usb 5-1: device descriptor read/64, error -71
[  409.080158][T11205] usb usb5-port1: attempt power cycle
[  409.120175][ T5987] tipc: Node number set to 11578026
[  409.304135][T17186] tmpfs: Group quota block hardlimit too large.
[  409.312728][T17186] ax25_connect(): syz.3.3361 uses autobind, please contact jreuter@yaina.de
[  409.549096][T17183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3360'.
[  409.583687][T17183] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3360'.
[  409.680076][T11205] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  409.703600][T11205] usb 5-1: device descriptor read/8, error -71
[  409.961589][T11205] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  409.980392][T11205] usb 5-1: device descriptor read/8, error -71
[  410.103350][T11205] usb usb5-port1: unable to enumerate USB device
[  411.213594][T17214] lo speed is unknown, defaulting to 1000
[  411.246772][T17216] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3370'.
[  411.275002][T17214] virt_wifi0 speed is unknown, defaulting to 1000
[  411.277399][T17214] lo speed is unknown, defaulting to 1000
[  411.314302][T17219] mkiss: ax0: crc mode is auto.
[  411.575894][T17223] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  411.620004][ T5987] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  411.780027][ T5987] usb 5-1: Using ep0 maxpacket: 32
[  411.789747][ T5987] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  411.793439][ T5987] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  411.796761][ T5987] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  411.800297][ T5987] usb 5-1: config 1 has no interface number 0
[  411.802713][ T5987] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 36, changing to 9
[  411.806884][ T5987] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 40964, setting to 1024
[  411.811802][ T5987] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  411.816710][ T5987] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  411.820476][ T5987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.827629][ T5987] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  411.924138][T17227] FAULT_INJECTION: forcing a failure.
[  411.924138][T17227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  411.929292][T17227] CPU: 1 UID: 0 PID: 17227 Comm: syz.3.3374 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  411.929314][T17227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  411.929324][T17227] Call Trace:
[  411.929330][T17227]  <TASK>
[  411.929337][T17227]  dump_stack_lvl+0x16c/0x1f0
[  411.929366][T17227]  should_fail_ex+0x50a/0x650
[  411.929390][T17227]  _copy_from_user+0x2e/0xd0
[  411.929413][T17227]  fl_create+0x2ca/0xcf0
[  411.929440][T17227]  ? __pfx_fl_create+0x10/0x10
[  411.929460][T17227]  ? __pfx___lock_acquire+0x10/0x10
[  411.929498][T17227]  ? __pfx_lock_release+0x10/0x10
[  411.929518][T17227]  ? trace_lock_acquire+0x14e/0x1f0
[  411.929540][T17227]  ? __might_fault+0xe3/0x190
[  411.929570][T17227]  ipv6_flowlabel_opt+0x643/0x2fb0
[  411.929600][T17227]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[  411.929622][T17227]  ? sockopt_lock_sock+0x54/0x70
[  411.929645][T17227]  ? mark_held_locks+0x9f/0xe0
[  411.929666][T17227]  ? __local_bh_enable_ip+0xa4/0x120
[  411.929694][T17227]  ? do_ipv6_setsockopt+0x1140/0x4660
[  411.929712][T17227]  do_ipv6_setsockopt+0x1140/0x4660
[  411.929737][T17227]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  411.929759][T17227]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  411.929783][T17227]  ? find_held_lock+0x2d/0x110
[  411.929824][T17227]  ? __pfx___might_resched+0x10/0x10
[  411.929852][T17227]  ? aa_sk_perm+0x2f5/0xb20
[  411.929892][T17227]  ? ipv6_setsockopt+0xcb/0x170
[  411.929909][T17227]  ipv6_setsockopt+0xcb/0x170
[  411.929930][T17227]  tcp_setsockopt+0xa4/0x100
[  411.929950][T17227]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  411.929972][T17227]  do_sock_setsockopt+0x222/0x480
[  411.929993][T17227]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  411.930015][T17227]  ? lock_acquire+0x2f/0xb0
[  411.930047][T17227]  __sys_setsockopt+0x1a0/0x230
[  411.930069][T17227]  __ia32_sys_setsockopt+0xbc/0x160
[  411.930085][T17227]  ? lockdep_hardirqs_on+0x7c/0x110
[  411.930112][T17227]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  411.930138][T17227]  __do_fast_syscall_32+0x73/0x120
[  411.930156][T17227]  do_fast_syscall_32+0x32/0x80
[  411.930172][T17227]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  411.930199][T17227] RIP: 0023:0xf73ce579
[  411.930213][T17227] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  411.930228][T17227] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  411.930245][T17227] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029
[  411.930256][T17227] RDX: 0000000000000020 RSI: 00000000200000c0 RDI: 000000000000fe60
[  411.930267][T17227] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  411.930276][T17227] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  411.930287][T17227] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  411.930310][T17227]  </TASK>
[  412.218446][T17237] tmpfs: Bad value for 'mpol'
[  412.392375][ T5987] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  412.599474][T17238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.604980][T17238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.692226][ T5993] usb 5-1: USB disconnect, device number 23
[  412.694421][ T5993] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  412.702435][T17246] openvswitch: netlink: Missing key (keys=40, expected=100)
[  413.012019][T17254] input: syz0 as /devices/virtual/input/input34
[  413.068102][T17255] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3383'.
[  413.268208][T17264] tipc: New replicast peer: 255.255.255.255
[  413.270651][T17264] tipc: Enabled bearer <udp:syz2>, priority 10
[  413.427372][T17277] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3392'.
[  414.672050][T17291] XFS (sr0): Invalid superblock magic number
[  414.776609][T17300] dccp_xmit_packet: Payload too large (65475) for featneg.
[  414.823730][T17304] 8021q: adding VLAN 0 to HW filter on device bond1
[  414.826827][T17304] bond0: (slave bond1): Enslaving as an active interface with an up link
[  414.887162][T17314] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3401'.
[  414.900497][T17316] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  415.081256][T17335] netlink: 'syz.2.3408': attribute type 2 has an invalid length.
[  415.083569][T17335] netlink: 'syz.2.3408': attribute type 1 has an invalid length.
[  415.086839][T17335] loop7: detected capacity change from 0 to 16384
[  415.197916][T17337] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3408'.
[  415.201146][T17337] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3408'.
[  415.223738][T17337] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3408'.
[  415.227241][T17337] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3408'.
[  415.273283][T17337] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3408'.
[  415.275909][T17337] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3408'.
[  415.319970][T17336] loop7: detected capacity change from 16384 to 16383
[  415.751406][T17344] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  417.182658][T17378] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3422'.
[  417.190943][T17371] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3419'.
[  417.750293][T11205] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  417.912985][T11205] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  417.916308][T11205] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.918704][T11205] usb 5-1: Product: syz
[  417.920128][T11205] usb 5-1: Manufacturer: syz
[  417.921796][T11205] usb 5-1: SerialNumber: syz
[  417.924790][T11205] usb 5-1: config 0 descriptor??
[  418.128717][T11205] usb 5-1: USB disconnect, device number 24
[  418.238727][T17410] netfs: Couldn't get user pages (rc=-14)
[  418.245761][T17410] netlink: 'syz.2.3435': attribute type 1 has an invalid length.
[  418.375259][T17414] netlink: 'syz.3.3433': attribute type 10 has an invalid length.
[  419.164146][T17449] __nla_validate_parse: 7 callbacks suppressed
[  419.164161][T17449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3449'.
[  419.292062][T17463] netlink: 'syz.0.3451': attribute type 4 has an invalid length.
[  419.893982][T17471] kvm: kvm [17470]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x11e) = 0x3
[  419.913138][T17471] kvm: kvm [17470]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x186) = 0x3
[  419.915911][T17471] kvm: kvm [17470]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x187) = 0x3
[  419.932557][T17471] kvm_intel: kvm [17470]: vcpu0, guest rIP: 0x28e Unhandled WRMSR(0x1d9) = 0x3
[  420.540175][T17488] xt_TPROXY: Can be used only with -p tcp or -p udp
[  420.913094][T17498] nbd3: detected capacity change from 0 to 12
[  420.926464][T15912] block nbd3: Send control failed (result -89)
[  420.929047][T15912] block nbd3: Request send failed, requeueing
[  420.933256][   T65] block nbd3: Receive control failed (result -32)
[  420.933309][   T51] block nbd3: Dead connection, failed to find a fallback
[  420.937654][   T51] block nbd3: shutting down sockets
[  420.939691][   T51] blk_print_req_error: 60 callbacks suppressed
[  420.939701][   T51] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  420.945052][   T51] buffer_io_error: 60 callbacks suppressed
[  420.945060][   T51] Buffer I/O error on dev nbd3, logical block 0, async page read
[  420.954311][T15912] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  420.957530][T15912] Buffer I/O error on dev nbd3, logical block 0, async page read
[  420.960778][T15912] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  420.963944][T15912] Buffer I/O error on dev nbd3, logical block 0, async page read
[  420.966508][T15912] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  420.969192][T15912] Buffer I/O error on dev nbd3, logical block 0, async page read
[  420.974577][T15912] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  420.977298][T15912] Buffer I/O error on dev nbd3, logical block 0, async page read
[  420.979496][T15912] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  420.982223][T15912] Buffer I/O error on dev nbd3, logical block 0, async page read
[  420.984575][T15912] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  420.987261][T15912] Buffer I/O error on dev nbd3, logical block 0, async page read
[  420.989649][T15912] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  420.995653][T15912] Buffer I/O error on dev nbd3, logical block 0, async page read
[  420.998013][T15912] ldm_validate_partition_table(): Disk read failed.
[  421.000640][T15912] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  421.003342][T15912] Buffer I/O error on dev nbd3, logical block 0, async page read
[  421.005700][T15912] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  421.008374][T15912] Buffer I/O error on dev nbd3, logical block 0, async page read
[  421.012218][T15912] Dev nbd3: unable to read RDB block 0
[  421.016197][T15912]  nbd3: unable to read partition table
[  421.018742][T15912] nbd3: partition table beyond EOD, truncated
[  421.176471][T17502] XFS (sr0): Invalid superblock magic number
[  421.210540][T15912] ldm_validate_partition_table(): Disk read failed.
[  421.212728][T15912] Dev nbd3: unable to read RDB block 0
[  421.214516][T15912]  nbd3: unable to read partition table
[  421.221046][T15912] nbd3: partition table beyond EOD, truncated
[  421.231353][T17500] ldm_validate_partition_table(): Disk read failed.
[  421.233990][T17500] Dev nbd3: unable to read RDB block 0
[  421.236093][T17500]  nbd3: unable to read partition table
[  421.238025][T17500] nbd3: partition table beyond EOD, truncated
[  421.487591][T17520] Cannot find del_set index 2 as target
[  421.517806][T17526] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3472'.
[  421.731157][T17528] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3474'.
[  421.734732][T17528] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3474'.
[  421.771096][T17544] nbd2: detected capacity change from 0 to 12
[  421.787779][T17550] block nbd2: Send control failed (result -89)
[  421.790920][T17550] block nbd2: Request send failed, requeueing
[  421.794750][   T65] block nbd2: Receive control failed (result -32)
[  421.796881][ T7141] block nbd2: Dead connection, failed to find a fallback
[  421.798983][ T7141] block nbd2: shutting down sockets
[  421.803920][T17550] ldm_validate_partition_table(): Disk read failed.
[  421.807001][T17550] Dev nbd2: unable to read RDB block 0
[  421.810621][T17550]  nbd2: unable to read partition table
[  421.812746][T17550] nbd2: partition table beyond EOD, truncated
[  421.820266][T15912] ldm_validate_partition_table(): Disk read failed.
[  421.823798][T15912] Dev nbd2: unable to read RDB block 0
[  421.825566][T15912]  nbd2: unable to read partition table
[  421.827248][T15912] nbd2: partition table beyond EOD, truncated
[  421.833861][T15912] ldm_validate_partition_table(): Disk read failed.
[  421.836049][T15912] Dev nbd2: unable to read RDB block 0
[  421.838178][T15912]  nbd2: unable to read partition table
[  421.840734][T15912] nbd2: partition table beyond EOD, truncated
[  422.034176][T17558] FAULT_INJECTION: forcing a failure.
[  422.034176][T17558] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  422.037927][T17558] CPU: 3 UID: 0 PID: 17558 Comm: syz.0.3485 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  422.037941][T17558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  422.037947][T17558] Call Trace:
[  422.037950][T17558]  <TASK>
[  422.037955][T17558]  dump_stack_lvl+0x16c/0x1f0
[  422.037973][T17558]  should_fail_ex+0x50a/0x650
[  422.037989][T17558]  _copy_to_user+0x32/0xd0
[  422.038003][T17558]  snd_pcm_oss_read2+0x292/0x3e0
[  422.038019][T17558]  ? __pfx_snd_pcm_oss_read2+0x10/0x10
[  422.038032][T17558]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  422.038046][T17558]  snd_pcm_oss_read+0x5a3/0x750
[  422.038062][T17558]  ? rw_verify_area+0xcf/0x680
[  422.038076][T17558]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  422.038090][T17558]  vfs_read+0x1df/0xbf0
[  422.038100][T17558]  ? __fget_files+0x1fc/0x3a0
[  422.038110][T17558]  ? __pfx_lock_release+0x10/0x10
[  422.038123][T17558]  ? __pfx_vfs_read+0x10/0x10
[  422.038133][T17558]  ? lock_acquire+0x2f/0xb0
[  422.038142][T17558]  ? __fget_files+0x40/0x3a0
[  422.038154][T17558]  ? __fget_files+0x206/0x3a0
[  422.038167][T17558]  ksys_read+0x12b/0x250
[  422.038176][T17558]  ? __pfx_ksys_read+0x10/0x10
[  422.038189][T17558]  __do_fast_syscall_32+0x73/0x120
[  422.038200][T17558]  do_fast_syscall_32+0x32/0x80
[  422.038209][T17558]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  422.038224][T17558] RIP: 0023:0xf7fd5579
[  422.038233][T17558] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  422.038242][T17558] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  422.038251][T17558] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200011c0
[  422.038257][T17558] RDX: 00000000200021d5 RSI: 0000000000000000 RDI: 0000000000000000
[  422.038262][T17558] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  422.038268][T17558] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  422.038273][T17558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  422.038284][T17558]  </TASK>
[  422.390410][T17565] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3488'.
[  422.392976][T17565] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3488'.
[  422.398309][T17567] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3489'.
[  422.454262][T17569] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3490'.
[  422.458695][T17569] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.544863][T17578] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3492'.
[  423.368085][T17600] wireguard0: entered promiscuous mode
[  423.380744][T17600] wireguard0: entered allmulticast mode
[  423.732234][T17613] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3503'.
[  423.766256][ T5986] libceph: connect (1)[c::]:6789 error -101
[  423.769742][ T5986] libceph: mon0 (1)[c::]:6789 connect error
[  423.805437][T17613] ceph: No mds server is up or the cluster is laggy
[  424.087089][T17629] netlink: 'syz.1.3508': attribute type 4 has an invalid length.
[  424.095297][T16640] lo speed is unknown, defaulting to 1000
[  424.099026][T17629] netlink: 'syz.1.3508': attribute type 4 has an invalid length.
[  424.109494][T16640] lo speed is unknown, defaulting to 1000
[  424.584825][T17643] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  424.953317][T17651] __nla_validate_parse: 1 callbacks suppressed
[  424.953355][T17651] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3514'.
[  425.565475][T17660] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3517'.
[  425.807874][T17666] nbd: must specify at least one socket
[  425.821763][T17662] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3518'.
[  425.825079][T17662] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3518'.
[  425.993016][T17671] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3521'.
[  426.002283][T17671] bridge0: port 1(bridge_slave_0) entered disabled state
[  426.069755][T17671] bridge_slave_0 (unregistering): left allmulticast mode
[  426.071989][T17671] bridge_slave_0 (unregistering): left promiscuous mode
[  426.074060][T17671] bridge0: port 1(bridge_slave_0) entered disabled state
[  426.394091][T17673] macvlan0: entered allmulticast mode
[  426.396349][T17673] veth1_vlan: entered allmulticast mode
[  426.429368][T17673] veth1_vlan: left allmulticast mode
[  426.442762][T17673] macvlan0 (unregistering): left allmulticast mode
[  426.634769][T17681] netlink: 'syz.2.3525': attribute type 2 has an invalid length.
[  426.720760][T17689] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3529'.
[  428.255525][T17725] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3540'.
[  428.681981][   T39] kauditd_printk_skb: 15 callbacks suppressed
[  428.681991][   T39] audit: type=1326 audit(1738662021.505:1386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17733 comm="syz.3.3542" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ce579 code=0x0
[  428.753312][T17742] netlink: 'syz.2.3545': attribute type 4 has an invalid length.
[  428.762603][T17742] netlink: 'syz.2.3545': attribute type 4 has an invalid length.
[  428.890559][T17747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3547'.
[  428.922883][T17749] Cannot find add_set index 1 as target
[  430.241832][T17768] netlink: 'syz.0.3555': attribute type 4 has an invalid length.
[  430.248743][T17770] overlayfs: cannot append lower layer
[  430.249339][T17768] netlink: 'syz.0.3555': attribute type 4 has an invalid length.
[  430.487667][T17776] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  430.746593][T17788] netfs: Couldn't get user pages (rc=-14)
[  430.752065][T17788] netlink: 'syz.2.3562': attribute type 1 has an invalid length.
[  430.754411][T17788] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.3562'.
[  430.801197][T17792] lo speed is unknown, defaulting to 1000
[  430.856519][T17792] virt_wifi0 speed is unknown, defaulting to 1000
[  430.865487][T17798] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0
[  430.865788][T17792] lo speed is unknown, defaulting to 1000
[  431.012520][T17805] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3569'.
[  432.013024][T17835] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3577'.
[  432.143437][T17844] XFS (sr0): Invalid superblock magic number
[  432.302201][T17860] trusted_key: encrypted_key: insufficient parameters specified
[  432.394059][T17866] program syz.0.3585 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  432.398188][T17866] vivid-007: disconnect
[  432.402208][T17865] vivid-007: reconnect
[  432.519320][T17864] XFS (sr0): Invalid superblock magic number
[  432.686873][   T39] audit: type=1326 audit(1738662025.505:1387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17874 comm="syz.0.3587" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x0
[  432.893312][T17884] lo speed is unknown, defaulting to 1000
[  432.986673][T17884] virt_wifi0 speed is unknown, defaulting to 1000
[  432.989013][T17884] lo speed is unknown, defaulting to 1000
[  433.270722][T17893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3592'.
[  433.274057][T17893] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  433.384787][T17895] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3593'.
[  433.447076][T17898] Invalid ELF header magic: != ELF
[  433.560641][T17902] overlayfs: failed to get index nlink (file1/bus, err=-61)
[  434.942496][T17930] XFS (sr0): Invalid superblock magic number
[  435.007096][T17939] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3605'.
[  435.799993][T11205] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  435.949984][T11205] usb 7-1: Using ep0 maxpacket: 16
[  435.957761][T11205] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  435.964108][T11205] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  435.966688][T11205] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.972098][T11205] usb 7-1: config 0 descriptor??
[  435.976230][T11205] input: bcm5974 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input36
[  436.094602][T17987] netlink: 'syz.3.3625': attribute type 10 has an invalid length.
[  436.097109][T17987] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3625'.
[  436.103389][T17987] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.105973][T17987] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.108511][T17987] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.113674][T17987] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  436.120685][T17987] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  436.124053][T17987] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  436.126522][T17987] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  436.128979][T17987] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  436.142896][T17987] team0: Port device geneve0 added
[  436.187638][ T5346] bcm5974 7-1:0.0: could not read from device
[  436.193164][ T5346] bcm5974 7-1:0.0: could not read from device
[  436.205955][T11205] usb 7-1: USB disconnect, device number 11
[  436.292574][T18000] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  437.751445][T18046] lo speed is unknown, defaulting to 1000
[  438.368996][T18071] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3660'.
[  439.424917][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  439.450316][ T5953] Bluetooth: hci2: sending frame failed (-49)
[  439.453267][   T65] Bluetooth: hci2: Opcode 0x1003 failed: -49
[  439.624594][T18108] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3673'.
[  439.751460][T18116] random: crng reseeded on system resumption
[  439.958380][T18132] ieee802154 phy1 wpan1: encryption failed: -22
[  440.430903][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  440.435865][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  440.438685][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  440.443592][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  440.445999][ T5953] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  440.448163][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  440.458873][   T65] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  440.462220][   T65] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  440.465514][   T65] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  440.476605][   T65] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  440.480409][   T65] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  440.482790][   T65] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  440.499595][T18147] lo speed is unknown, defaulting to 1000
[  440.543120][T18147] virt_wifi0 speed is unknown, defaulting to 1000
[  440.545468][T18147] lo speed is unknown, defaulting to 1000
[  440.750317][T18147] chnl_net:caif_netlink_parms(): no params data found
[  440.905778][T18147] bridge0: port 1(bridge_slave_0) entered blocking state
[  440.907993][T18147] bridge0: port 1(bridge_slave_0) entered disabled state
[  440.911439][T18147] bridge_slave_0: entered allmulticast mode
[  440.915481][T18147] bridge_slave_0: entered promiscuous mode
[  440.919098][T18147] bridge0: port 2(bridge_slave_1) entered blocking state
[  440.924652][T18147] bridge0: port 2(bridge_slave_1) entered disabled state
[  440.926888][T18147] bridge_slave_1: entered allmulticast mode
[  440.929032][T18147] bridge_slave_1: entered promiscuous mode
[  440.964963][T18147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  440.975439][T18147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  441.003614][T18147] team0: Port device team_slave_0 added
[  441.006808][T18147] team0: Port device team_slave_1 added
[  441.036113][T18147] batman_adv: batadv0: Adding interface: batadv_slave_0
[  441.038113][T18147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  441.045870][T18147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  441.053359][T18147] batman_adv: batadv0: Adding interface: batadv_slave_1
[  441.055429][T18147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  441.062778][T18147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  441.090181][T18147] hsr_slave_0: entered promiscuous mode
[  441.093108][T18147] hsr_slave_1: entered promiscuous mode
[  441.095538][T18147] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  441.098884][T18147] Cannot create hsr debugfs directory
[  441.210405][T18147] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  441.217142][T18147] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  441.221108][T18147] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  441.225704][T18147] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  441.238830][T18147] bridge0: port 2(bridge_slave_1) entered blocking state
[  441.241862][T18147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  441.244753][T18147] bridge0: port 1(bridge_slave_0) entered blocking state
[  441.247393][T18147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  441.249991][  T833] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  441.285371][T18147] 8021q: adding VLAN 0 to HW filter on device bond0
[  441.294158][ T6268] bridge0: port 1(bridge_slave_0) entered disabled state
[  441.303140][ T6268] bridge0: port 2(bridge_slave_1) entered disabled state
[  441.344239][T18147] 8021q: adding VLAN 0 to HW filter on device team0
[  441.355716][ T6284] bridge0: port 1(bridge_slave_0) entered blocking state
[  441.358602][ T6284] bridge0: port 1(bridge_slave_0) entered forwarding state
[  441.372703][ T6284] bridge0: port 2(bridge_slave_1) entered blocking state
[  441.375556][ T6284] bridge0: port 2(bridge_slave_1) entered forwarding state
[  441.409972][  T833] usb 7-1: Using ep0 maxpacket: 32
[  441.415046][  T833] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[  441.417441][  T833] usb 7-1: config 0 has no interface number 0
[  441.420941][  T833] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  441.423570][  T833] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.426075][  T833] usb 7-1: Product: syz
[  441.427360][  T833] usb 7-1: Manufacturer: syz
[  441.428804][  T833] usb 7-1: SerialNumber: syz
[  441.434157][  T833] usb 7-1: config 0 descriptor??
[  441.437085][  T833] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  441.528838][T18147] 8021q: adding VLAN 0 to HW filter on device batadv0
[  441.655366][  T833] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  441.658216][T18147] veth0_vlan: entered promiscuous mode
[  441.665377][  T833] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  441.669297][T18147] veth1_vlan: entered promiscuous mode
[  441.687716][T18147] veth0_macvtap: entered promiscuous mode
[  441.706919][T18147] veth1_macvtap: entered promiscuous mode
[  441.750961][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  441.754175][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.757033][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  441.760289][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.763250][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  441.766217][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.769051][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  441.772521][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.775395][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  441.778384][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.781884][T18147] batman_adv: batadv0: Interface activated: batadv_slave_0
[  441.790540][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  441.793575][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.796364][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  441.799384][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.802401][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  441.805391][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.808216][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  441.811837][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.814697][T18147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  441.817796][T18147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  441.823200][T18147] batman_adv: batadv0: Interface activated: batadv_slave_1
[  441.827892][T18147] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  441.830948][T18147] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  441.833539][T18147] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  441.836216][T18147] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  441.844835][    C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[  441.847440][  T833] usb 7-1: USB disconnect, device number 12
[  441.855512][  T833] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  441.867883][  T833] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  441.878367][  T833] quatech2 7-1:0.51: device disconnected
[  441.911932][ T6268] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  441.914171][ T6268] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  441.933349][ T6268] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  441.935662][ T6268] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  442.331295][T18243] kernel read not supported for file /! (pid: 18243 comm: syz.4.3720)
[  442.333982][   T39] audit: type=1800 audit(1738662035.155:1388): pid=18243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3720" name=217F dev="mqueue" ino=63386 res=0 errno=0
[  442.528745][T18255] lo speed is unknown, defaulting to 1000
[  442.541485][   T65] Bluetooth: hci2: command tx timeout
[  442.593371][T18252] ebtables: wrong size: *len 120, entries_size 48, replsz 48
[  442.599111][T18255] virt_wifi0 speed is unknown, defaulting to 1000
[  442.603515][T18255] lo speed is unknown, defaulting to 1000
[  442.621655][T18258] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3725'.
[  443.776859][T18296] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3740'.
[  444.297423][T11205] IPVS: starting estimator thread 0...
[  444.380348][T18315] IPVS: using max 40 ests per chain, 96000 per kthread
[  444.620472][   T65] Bluetooth: hci2: command tx timeout
[  445.463723][ T6265] Bluetooth: Error in BCSP hdr checksum
[  445.962129][T18381] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  445.965171][T18381] IPv6: NLM_F_CREATE should be set when creating new route
[  445.968267][T18381] lo: entered allmulticast mode
[  445.983350][T18381] tunl0: entered allmulticast mode
[  445.988951][T18381] gre0: entered allmulticast mode
[  446.000521][T18381] gretap0: entered allmulticast mode
[  446.003472][T18381] erspan0: entered allmulticast mode
[  446.011077][T18381] ip_vti0: entered allmulticast mode
[  446.013856][T18381] ip6_vti0: entered allmulticast mode
[  446.016356][T18381] sit0: entered allmulticast mode
[  446.033087][T18381] ip6tnl0: entered allmulticast mode
[  446.042507][T18381] ip6gre0: entered allmulticast mode
[  446.048829][T18381] syz_tun: entered allmulticast mode
[  446.063925][T18381] ip6gretap0: entered allmulticast mode
[  446.071095][T18381] bridge0: entered allmulticast mode
[  446.076640][T18381] vcan0: entered allmulticast mode
[  446.080770][T18381] bond0: left promiscuous mode
[  446.082191][T18381] bond_slave_0: left promiscuous mode
[  446.083852][T18381] bond_slave_1: left promiscuous mode
[  446.085756][T18381] bond2: left promiscuous mode
[  446.087420][T18381] bond0: entered allmulticast mode
[  446.088959][T18381] bond_slave_0: entered allmulticast mode
[  446.090847][T18381] bond_slave_1: entered allmulticast mode
[  446.092533][T18381] bond2: entered allmulticast mode
[  446.094300][T18381] team0: entered allmulticast mode
[  446.095725][T18381] team_slave_0: entered allmulticast mode
[  446.097300][T18381] team_slave_1: entered allmulticast mode
[  446.098842][T18381] geneve0: entered allmulticast mode
[  446.101558][T18381] dummy0: entered allmulticast mode
[  446.108056][T18381] nlmon0: entered allmulticast mode
[  446.113098][T18381] caif0: entered allmulticast mode
[  446.114906][T18381] batadv0: entered allmulticast mode
[  446.119834][T18381] vxcan0: entered allmulticast mode
[  446.125097][T18381] vxcan1: entered allmulticast mode
[  446.129635][T18381] veth0: entered allmulticast mode
[  446.137809][T18381] veth1: entered allmulticast mode
[  446.145480][T18381] wg0: entered allmulticast mode
[  446.154744][T18381] wg1: entered allmulticast mode
[  446.173439][T18381] wg2: entered allmulticast mode
[  446.177497][T18381] veth1_to_bridge: entered allmulticast mode
[  446.191198][T18381] veth0_to_bond: entered allmulticast mode
[  446.203733][T18381] veth1_to_bond: entered allmulticast mode
[  446.216863][T18381] veth0_to_team: entered allmulticast mode
[  446.232876][T18381] veth1_to_team: entered allmulticast mode
[  446.244008][T18381] veth0_to_batadv: entered allmulticast mode
[  446.246581][T18381] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  446.249822][T18381] batadv_slave_0: entered allmulticast mode
[  446.262972][T18381] veth1_to_batadv: entered allmulticast mode
[  446.271580][T18381] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  446.274906][T18381] batadv_slave_1: entered allmulticast mode
[  446.277757][T18381] xfrm0: entered allmulticast mode
[  446.281757][T18381] veth0_to_hsr: entered allmulticast mode
[  446.289020][T18381] hsr_slave_0: entered allmulticast mode
[  446.296999][T18381] veth1_to_hsr: entered allmulticast mode
[  446.301352][T18381] hsr_slave_1: entered allmulticast mode
[  446.306494][T18381] hsr0: entered allmulticast mode
[  446.316629][T18381] veth1_virt_wifi: entered allmulticast mode
[  446.322476][T18381] veth0_virt_wifi: entered allmulticast mode
[  446.327346][T18381] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  446.331402][T18381] veth1_vlan: entered allmulticast mode
[  446.338245][T18381] veth0_vlan: entered allmulticast mode
[  446.344720][T18381] vlan0: entered allmulticast mode
[  446.346224][T18381] vlan1: entered allmulticast mode
[  446.347725][T18381] macvlan0: entered allmulticast mode
[  446.355646][T18381] macvlan1: entered allmulticast mode
[  446.357856][T18381] ipvlan0: entered allmulticast mode
[  446.359374][T18381] ipvlan1: entered allmulticast mode
[  446.364246][T18381] veth1_macvtap: entered allmulticast mode
[  446.370605][T18381] veth0_macvtap: entered allmulticast mode
[  446.374999][T18381] macvtap0: entered allmulticast mode
[  446.381163][T18381] macsec0: entered allmulticast mode
[  446.385653][T18381] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  446.388174][T18381] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  446.391177][T18381] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  446.393730][T18381] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  446.401020][T18381] geneve1: entered allmulticast mode
[  446.402577][T18381] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  446.405218][T18381] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[  446.409421][T18381] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  446.414909][T18381] netdevsim netdevsim3 netdevsim3: entered allmulticast mode
[  446.418398][T18381] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  446.421762][T18381] mac80211_hwsim hwsim17 wlan1: entered allmulticast mode
[  446.423815][T18381] bond1: entered allmulticast mode
[  446.425953][T18381] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  446.428421][T18381] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  446.431171][T18381] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  446.433663][T18381] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  446.436282][T18381] geneve2: left promiscuous mode
[  446.439515][T18381] vxlan0: entered allmulticast mode
[  446.443121][T18381] ip6tnl1: entered allmulticast mode
[  446.444757][T18381] geneve0.0000: entered allmulticast mode
[  446.446906][T18381] bridge1: entered allmulticast mode
[  446.690110][ T5953] Bluetooth: hci2: command tx timeout
[  446.810891][T18416] netlink: 120 bytes leftover after parsing attributes in process `syz.2.3789'.
[  447.180043][   T65] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  447.401917][T18439] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3798'.
[  447.503517][T18445] netlink: 120 bytes leftover after parsing attributes in process `syz.0.3801'.
[  448.790292][   T65] Bluetooth: hci2: command tx timeout
[  448.939572][T18482] mac80211_hwsim hwsim15 wlan1: entered allmulticast mode
[  448.941615][T18484] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3815'.
[  448.975491][T18482] netlink: 'syz.2.3812': attribute type 10 has an invalid length.
[  448.978507][T18482] mac80211_hwsim hwsim15 wlan1: left allmulticast mode
[  448.996433][T18482] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  449.994475][T18509] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3825'.
[  450.067849][T18513] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  450.227165][T18527] rdma_rxe: rxe_newlink: failed to add ipvlan0
[  450.248079][T18526] rdma_rxe: rxe_newlink: failed to add ipvlan0
[  450.251576][T18529] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3834'.
[  450.253907][T18526] xfrm0: entered allmulticast mode
[  451.686224][    C0] vxcan1: j1939_tp_rxtimer: 0xffff88805db41800: rx timeout, send abort
[  451.692462][    C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff88805db41800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  451.874275][T16640] IPVS: starting estimator thread 0...
[  451.970422][T18570] IPVS: using max 40 ests per chain, 96000 per kthread
[  452.084714][T18576] random: crng reseeded on system resumption
[  452.398900][T18590] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  452.402647][T18590] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
[  452.405220][T18590] CPU: 2 UID: 0 PID: 18590 Comm: syz.3.3856 Not tainted 6.14.0-rc1-syzkaller-00020-g0de63bb7d919 #0
[  452.409872][T18590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  452.412952][T18590] RIP: 0010:__lock_acquire+0xe4/0x3c40
[  452.414542][T18590] Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 2a 2c ca 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 27 79 93 0f 84
[  452.420168][T18590] RSP: 0018:ffffc9000da7f978 EFLAGS: 00010006
[  452.421940][T18590] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000
[  452.424263][T18590] RDX: 0000000000000003 RSI: 1ffff92001b4ff41 RDI: 0000000000000018
[  452.426559][T18590] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
[  452.429001][T18590] R10: ffffffff905fd817 R11: 0000000000000006 R12: 0000000000000018
[  452.431786][T18590] R13: ffff88802214a440 R14: 0000000000000000 R15: 0000000000000000
[  452.434224][T18590] FS:  0000000000000000(0000) GS:ffff88802b600000(0063) knlGS:00000000f4bf1b40
[  452.436816][T18590] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  452.438768][T18590] CR2: 00000000f72fdc44 CR3: 000000004dca8000 CR4: 0000000000352ef0
[  452.441125][T18590] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  452.443411][T18590] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  452.445675][T18590] Call Trace:
[  452.446657][T18590]  <TASK>
[  452.447525][T18590]  ? die_addr+0x3b/0xa0
[  452.448818][T18590]  ? exc_general_protection+0x155/0x230
[  452.450453][T18590]  ? asm_exc_general_protection+0x26/0x30
[  452.452095][T18590]  ? __lock_acquire+0xe4/0x3c40
[  452.453527][T18590]  ? find_held_lock+0x2d/0x110
[  452.454921][T18590]  ? __pfx_mark_lock+0x10/0x10
[  452.456338][T18590]  ? __queue_work+0x431/0x1080
[  452.457733][T18590]  ? __pfx_lock_release+0x10/0x10
[  452.459278][T18590]  ? __pfx___lock_acquire+0x10/0x10
[  452.460802][T18590]  lock_acquire.part.0+0x11b/0x380
[  452.462286][T18590]  ? add_wait_queue+0x45/0x230
[  452.463691][T18590]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  452.465301][T18590]  ? rcu_is_watching+0x12/0xc0
[  452.466687][T18590]  ? trace_lock_acquire+0x14e/0x1f0
[  452.468267][T18590]  ? add_wait_queue+0x45/0x230
[  452.469865][T18590]  ? lock_acquire+0x2f/0xb0
[  452.471277][T18590]  ? add_wait_queue+0x45/0x230
[  452.472737][T18590]  _raw_spin_lock_irqsave+0x3a/0x60
[  452.474291][T18590]  ? add_wait_queue+0x45/0x230
[  452.476223][T18590]  add_wait_queue+0x45/0x230
[  452.478151][T18590]  virtio_transport_release+0x644/0xa40
[  452.480182][T18590]  ? find_held_lock+0x2d/0x110
[  452.481630][T18590]  ? __pfx_virtio_transport_release+0x10/0x10
[  452.483480][T18590]  ? __pfx_lock_release+0x10/0x10
[  452.485250][T18590]  ? __pfx_woken_wake_function+0x10/0x10
[  452.487025][T18590]  ? mark_held_locks+0x9f/0xe0
[  452.488512][T18590]  ? __local_bh_enable_ip+0xa4/0x120
[  452.490117][T18590]  __vsock_release+0x109/0x580
[  452.491812][T18590]  ? __pfx_down_write+0x10/0x10
[  452.493266][T18590]  vsock_release+0x99/0x130
[  452.494596][T18590]  __sock_release+0xb0/0x270
[  452.495963][T18590]  ? __pfx_sock_close+0x10/0x10
[  452.497402][T18590]  sock_close+0x1c/0x30
[  452.498623][T18590]  __fput+0x3ff/0xb70
[  452.499816][T18590]  ? _raw_spin_unlock_irq+0x23/0x50
[  452.501364][T18590]  task_work_run+0x14e/0x250
[  452.502722][T18590]  ? __pfx_task_work_run+0x10/0x10
[  452.504214][T18590]  ? __pfx___do_sys_close_range+0x10/0x10
[  452.505903][T18590]  syscall_exit_to_user_mode+0x27b/0x2a0
[  452.507535][T18590]  __do_fast_syscall_32+0x80/0x120
[  452.509072][T18590]  do_fast_syscall_32+0x32/0x80
[  452.510490][T18590]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  452.512324][T18590] RIP: 0023:0xf73ce579
[  452.513540][T18590] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  452.519086][T18590] RSP: 002b:00000000f4bf155c EFLAGS: 00000296 ORIG_RAX: 00000000000001b4
[  452.521492][T18590] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00000000ffffffff
[  452.523761][T18590] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  452.526062][T18590] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  452.528340][T18590] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  452.530658][T18590] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  452.532956][T18590]  </TASK>
[  452.533875][T18590] Modules linked in:
[  452.535030][T18590] ---[ end trace 0000000000000000 ]---
[  452.536639][T18590] RIP: 0010:__lock_acquire+0xe4/0x3c40
[  452.538243][T18590] Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d 2a 2c ca 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 27 79 93 0f 84
[  452.543754][T18590] RSP: 0018:ffffc9000da7f978 EFLAGS: 00010006
[  452.545536][T18590] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000
[  452.547802][T18590] RDX: 0000000000000003 RSI: 1ffff92001b4ff41 RDI: 0000000000000018
[  452.550056][T18590] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
[  452.552321][T18590] R10: ffffffff905fd817 R11: 0000000000000006 R12: 0000000000000018
[  452.554624][T18590] R13: ffff88802214a440 R14: 0000000000000000 R15: 0000000000000000
[  452.556928][T18590] FS:  0000000000000000(0000) GS:ffff88802b600000(0063) knlGS:00000000f4bf1b40
[  452.559484][T18590] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  452.561412][T18590] CR2: 00000000f72fdc44 CR3: 000000004dca8000 CR4: 0000000000352ef0
[  452.563703][T18590] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  452.566009][T18590] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  452.568274][T18590] Kernel panic - not syncing: Fatal exception
[  452.570656][T18590] Kernel Offset: disabled
[  452.571921][T18590] Rebooting in 86400 seconds..

VM DIAGNOSIS:
09:21:38  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000080000 RBX=ffff88805f472a40 RCX=ffffc900272a9000 RDX=0000000000080000
RSI=ffffffff8922a640 RDI=ffffffff8b490b02 RBP=0000000000000246 RSP=ffffc900079c76f0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=ffff88805f472a28 R13=0000000000000000 R14=ffff88805f472a28 R15=ffffc900079c7898
RIP=ffffffff81c09b78 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7203410 CR3=00000000687ea000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000003000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000011323bc RBX=0000000000000001 RCX=ffffffff8b468e39 RDX=ffffed10056a6f86
RSI=ffffffff8bd2d1a0 RDI=ffffffff818ffd39 RBP=ffffed1003ad2910 RSP=ffffc9000047fe08
R8 =0000000000000000 R9 =ffffed10056a6f85 R10=ffff88802b537c2b R11=0000000000000000
R12=0000000000000001 R13=ffff88801d694880 R14=ffffffff905fd810 R15=0000000000000000
RIP=ffffffff8b46a21f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000f7496188 CR3=000000005dd92000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000032 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85386df5 RDI=ffffffff9aad2e20 RBP=ffffffff9aad2de0 RSP=ffffc9000da7f2f0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=7973203a6d6d6f43
R12=0000000000000000 R13=0000000000000032 R14=ffffffff9aad2de0 R15=0000000000000000
RIP=ffffffff85386e1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f72fdc44 CR3=000000004dca8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000000 RBX=ffff8880217e4880 RCX=0000000000000001 RDX=0000000000000000
RSI=0000000000000000 RDI=ffff8880218dd1e0 RBP=ffffffff8201be43 RSP=ffffc9000d94fa10
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=ffffc9000d94fa90 R14=ffffc9000d94fb50 R15=000000002013bb60
RIP=ffffffff81963250 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7fc55c0 CR3=000000004dca8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000