last executing test programs:

14.169411394s ago: executing program 0 (id=3710):
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newtaction={0x208, 0x30, 0x1, 0x0, 0x0, {}, [{0x1f4, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xa, 0x11e41a7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_nat={0x1ac, 0xb, 0x0, 0x0, {{0x8}, {0xcc, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x3ff, 0x1, 0x3, 0x9}, @empty, @dev={0xac, 0x14, 0x14, 0x36}, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xe68, 0xfffffff7, 0x7, 0x3, 0x4}, @multicast2, @broadcast, 0xffffff00}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0x6, 0x8, 0x6, 0x9}, @dev={0xac, 0x14, 0x14, 0x1f}, @multicast2, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xa026, 0x5, 0x8, 0x6, 0x6}, @private=0xa010100, @private=0xa010102}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0x2, 0x20000001, 0xa, 0x1}, @multicast2, @loopback}}]}, {0xbb, 0x6, "721e459d89b0688b18d1ae62acf6224f25a0dda7f1f7509a45cb1afd9187eefe1624bdd0692a02a66a548527df7df067d605e3c66bcacaf2773d42733a39f4f6b6cb07e9ba253ba9a0e078643afe69234b5645fdafadba5b4ab4fab0a239d1cff44ca9415af4dc4c6a1aa8bded9fddbe6d352a77fcfc93f763789211635c720baaf2b1ca890850ec7981c75c21812dfe94c5c3da6cdd644e6486dab55e1f46e4f5103a55c787ff88e83706caf88df75bf439b636ff813f"}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x208}, 0x1, 0x0, 0x0, 0x804}, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x62)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6ad2594c)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
getitimer(0x2, 0x0)
recvmmsg(r1, &(0x7f0000000f40)=[{{&(0x7f0000000600)=@nl, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000680)=""/207, 0xcf}, {&(0x7f0000000780)=""/198, 0xc6}, {&(0x7f0000000880)=""/226, 0xe2}, {&(0x7f0000000040)=""/26, 0x1a}, {&(0x7f0000000980)=""/104, 0x68}], 0x5, &(0x7f0000000a00)=""/70, 0x46}, 0x7}, {{&(0x7f0000000a80)=@phonet, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000b00)=""/122, 0x7a}, {&(0x7f0000000b80)=""/87, 0x57}, {&(0x7f0000000c00)=""/55, 0x37}, {&(0x7f0000000c40)=""/28, 0x1c}], 0x4}, 0x6}, {{&(0x7f0000000cc0)=@can, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000fc0)=""/185, 0xb9}, {&(0x7f0000000d40)=""/66, 0x42}], 0x2, &(0x7f0000000f00)=""/26, 0x1a}, 0x99}], 0x3, 0x40002002, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r3, 0x0, 0x0, 0x880, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x24000800, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @local}, 0x1c)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0x0, 0xfffffffe, 0x5, "0062af7d82000000160000000000f738096304"})
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x10, 0x5, &(0x7f0000001180)=ANY=[@ANYRES8, @ANYBLOB="835c76f74975560664a03571727bf28758049be636922a871c1867d193ab46978ac58772c6c9f7244ce66d16ed4bc5a099a065436297cc072bfb016c25874be032cc326450aa3d185b4a0c25000c0667803d6e16741152a8bd18aaccf5fc9bcd3506c8d50f6d138ee4006eaa91397a28fa334eb09fcbfc3c9deaf750134b8a07245206519f3edd9533cf4d773672f1dfe57fda961ce3e4916f6f2d18487e63dd1db82a3dc69994e50e9a85e1dcb4d6400ebe3b2148d057a274fae546a71cf2712f242eaed07bfc1f657715d00ec01a141ff838cd50d225eb8dd036c4c4073320841b932330b8572af3ed9bc49044a873d05bb4d5a5"], &(0x7f0000000e00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r6 = syz_open_pts(r5, 0xbe841)
r7 = dup3(r6, 0xffffffffffffffff, 0x0)
read(r7, &(0x7f00000000c0)=""/226, 0xe2)
read$watch_queue(r7, &(0x7f0000001d40)=""/4095, 0xfff)

14.118065694s ago: executing program 1 (id=3712):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000640)='\xf0\x891\xb8R\xe6\x8d\x12\xe5\xe3+\xcd24\x01\x80\x1a\xc9A\x93\xb1@\xbf\x89K\xd0\x86\xd9\x86\x18\xc4:\xc3\xe0\xac\xed~\x97\a\xbe\xfb1d\xbe\xa1\xc1N\xd2p\xf0\xc6\xf3\x8eD\x1b\xc7q\x99?9\xf1\xe6\f\xa9\x90\xec:\x037\xe8\x0f\rX6\xf2\x88\x8d\r\xd2\xfc+\x19\x9a}\x9c\xd9\x1a\xef\xf1\x16d>ah\xa2\xa7\x02U\x06\xe1\xe1PY\x90\x17\xf0p\x01*!I\xd3$\xd00C\x88*NA\xc3\x95`\xb2\xf1\xb1\xed\x91\xe4\x87\xcf_9\x1eIpAfN\x99\xa9\v)\x98p\xea[\xc5&D\xe7\xf3\xba/\xcd\xdb\x9dz\xb2\xbf\xc6\xea?\x13(\x15\xc1\tm\xe7t,[\x14|bM\xfa\xeb\x91\xb0\xdfAR\xf3\xe2\xdf', &(0x7f00000007c0)='{\xe0e%m\"\x92\xb5\xcb\x00\x01\x0e!5\xd8\xf2\x92\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xf2j\t\x7f??,\xd9\xe28\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x1c\x81>\t\xc30-\xe2\xb3\xb0<m\x8ePDhx\x04\xd8\x17\xbcP\x8bl\xd5\x00\x00\x00\x00\x00\x00\xa3E\x9a_\x9b\x98#\xb2\x03\x18!V\x1b\xcbk\xf8\xd6JE4,\xdf\x96\x80j#\xf9\xd8\x13,\x89\x10\x90:l/\xb9T\x9a', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/96, 0x60}], 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000480)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f0000000340)='/\x00\x01\x00H\x98', 0x0)
tkill(r1, 0xb)

13.902101383s ago: executing program 1 (id=3713):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x2, 0x3fc, 0x0, 0x32}, 0x9c)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000100)={0x4, 0x0, 0x4, 0x0, 0x4002})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000300)={'wpan0\x00', <r9=>0x0})
r10 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8c01, 0x0)
write(r10, 0x0, 0x0)
ioctl$SNAPSHOT_FREE(r10, 0x3305)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)=ANY=[@ANYBLOB="fcffff7f", @ANYRES16=r7, @ANYBLOB="01002dbd7000ffdbdf251d00000008000300", @ANYRES32=r9, @ANYBLOB="0c002f8008000100fbffffff"], 0x28}}, 0x8000)

13.239654113s ago: executing program 0 (id=3715):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, &(0x7f0000001440)=ANY=[@ANYBLOB="01000000000000000100000003000000070002000000f0ffffff01000000ff0300"/46])
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b4426ea40a206b9cdbc407406838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb0711745f126fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e15c9b67ed40416ba164033135fee831df925e9baabdb846b5bf66855e3f8b79dca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf9"})

13.118065004s ago: executing program 0 (id=3716):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000006c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000000)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x401, 0x0, 0x4, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @bond={{0x9}, {0x8, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_IP_TARGET={0x4}]}}}]}, 0x38}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f0000000600)=0x5, 0x4)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000080071000040", @ANYRESOCT])
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r5, r4, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
sendmmsg$alg(r3, &(0x7f00000005c0)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000440)="dafa58667435299e3274412bef6dd0412295ac0fdd118b2d2ca48779418cd717513d66ef4fbad3280a02a83d9bbcdc220ac14133b48d7ba4fca02bf2f51db1d139a527680dca9b5a2bb1d4e45227f451732701a06f33d9d2a90fe06112e0ba3d23e4849b40337adc89ab0d4edbe0ada64379d3e8f2626e7ab33a18bf9f3550f995cf51c76e735d30ba3219253d5ccd1efd8218161bdb7b71", 0x98}, {&(0x7f00000002c0)="3fa5", 0x2}, {&(0x7f0000000300)="934cb8d2de22a03d64", 0x9}, {&(0x7f0000000500)="a44ded82169928986fe0dd82591fe17ee71ca4123d1e17d353489eceee3401ea66711071c75dfde0bea3fde89a0e2bfd23fde25fa82dc525b978af619177766df09f67ce00d0e9a75f42b8bed6f2012927a5f0fe67d1523bda01b98043fbfd0f40aa2441b9de6d90c96ee34dc85011eddd937c79fdabb059f5b3996e587c3aca586be39f2d", 0x85}], 0x4, 0x0, 0x0, 0x64}], 0x1, 0x801)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r9, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0xffffffffffffff20, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000980)={@flat=@binder={0x73622a85, 0x0, 0x2}, @flat=@weak_handle={0x77682a85, 0x10a}, @flat=@weak_binder={0x77622a85, 0x100a, 0x2}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0200000042"], 0x10)

12.709616049s ago: executing program 1 (id=3719):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000006c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000000)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000080071000040", @ANYRESOCT])
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r9 = dup3(r5, r4, 0x0)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r10, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000980)={@flat=@binder={0x73622a85, 0x0, 0x2}, @flat=@weak_handle={0x77682a85, 0x10a}, @flat=@weak_binder={0x77622a85, 0x100a, 0x2}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0200000042"], 0x10)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000080)={0x6, [0x3, 0x4000, 0x1, 0x3, 0x6, 0x7, 0x0, 0x2f5c, 0x8, 0xfffd, 0x3, 0xe, 0x9, 0x3, 0xacea, 0x80, 0x7c, 0x5b, 0x1, 0x3, 0x3, 0x8, 0x400, 0x1, 0x9, 0x0, 0x4a65, 0xfff, 0x4c, 0x7, 0x6, 0x8, 0xffff, 0x4, 0x8, 0x1000, 0x8, 0x7, 0x2, 0xff, 0x5, 0xb, 0x81, 0x9, 0x5b, 0xffff, 0x3, 0x401], 0x4})

12.151704757s ago: executing program 1 (id=3721):
r0 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x8, &(0x7f0000003140), &(0x7f0000000040)=0x30) (async)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000000)={&(0x7f0000000080)=""/4096, 0x110000, 0x1000, 0xfffffbff, 0x2}, 0x1c)

12.147010133s ago: executing program 0 (id=3722):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000006c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x4000000)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000080071000040", @ANYRESOCT])
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r9 = dup3(r5, r4, 0x0)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r10, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000980)={@flat=@binder={0x73622a85, 0x0, 0x2}, @flat=@weak_handle={0x77682a85, 0x10a}, @flat=@weak_binder={0x77622a85, 0x100a, 0x2}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) (fail_nth: 2)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0200000042"], 0x10)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000080)={0x6, [0x3, 0x4000, 0x1, 0x3, 0x6, 0x7, 0x0, 0x2f5c, 0x8, 0xfffd, 0x3, 0xe, 0x9, 0x3, 0xacea, 0x80, 0x7c, 0x5b, 0x1, 0x3, 0x3, 0x8, 0x400, 0x1, 0x9, 0x0, 0x4a65, 0xfff, 0x4c, 0x7, 0x6, 0x8, 0xffff, 0x4, 0x8, 0x1000, 0x8, 0x7, 0x2, 0xff, 0x5, 0xb, 0x81, 0x9, 0x5b, 0xffff, 0x3, 0x401], 0x4})

11.919487757s ago: executing program 1 (id=3724):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, &(0x7f0000001440)=ANY=[@ANYBLOB="01000000000000000100000003000000070002000000f0ffffff01000000ff0300"/46])
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b4426ea40a206b9cdbc407406838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb0711745f126fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e15c9b67ed40416ba164033135fee831df925e9baabdb846b5bf66855e3f8b79dca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf9"})

11.747575539s ago: executing program 0 (id=3725):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00')
getdents64(r1, &(0x7f0000000500)=""/157, 0x9d)
getdents(r1, &(0x7f0000000ec0)=""/4096, 0x1000)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040)={0xc, 0x1}, 0x8)
shutdown(r2, 0x0)
syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
r9 = openat$tun(0xffffff9c, &(0x7f00000001c0), 0x84002, 0x0)
ioctl$TUNGETFILTER(r9, 0x800854db, &(0x7f0000000280)=""/149)
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$PPPIOCGCHAN(r10, 0x80047437, &(0x7f0000000080))
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@random="99177fa54f29", @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@gettfilter={0x24, 0x2e, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xa, 0xfff3}, {0x0, 0xfff1}, {0x0, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000094}, 0x4044040)

8.737748946s ago: executing program 3 (id=3732):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
ioctl$TIOCCBRK(r0, 0x5428)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = syz_usb_connect$cdc_ecm(0x3, 0x60, &(0x7f0000000140)=ANY=[@ANYRES32=0x0], &(0x7f0000000440)={0x0, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x4e, 0x10, 0x7, 0x10, 0x3}, 0x43, &(0x7f00000006c0)=ANY=[@ANYBLOB="050f4300040710020c7d0d7020100a06050100000f0006006000000000000000f0000000cf3fff00080839ca4774576cbf9b12ea03100b6495271fa18e3f877929ee14192eb51a1e8ee3d86a57e81f85e26bc3b2505705be05714552a9697c3677fcc5f447749d14d295d0ce68e218a98ec3a2510d2bbea68985191f48436525e0b5edb7917d16803bb661f22942c3e892f6286cba5851f66ea0714e35ca35a53e4cb33b3b483388e3323eb85e"], 0x3, [{0x2f, &(0x7f0000000580)=ANY=[@ANYBLOB="2f032e1680f714e73905881e287420ede0e9a627c6a39f8dc1604dea934405353656ad401b7fe5cb7bf8fe22473feed8003a0d923f15c4"]}, {0x6f, &(0x7f0000000300)=@string={0x6f, 0x3, "4b23bb41371953c7ef163546b05114eb1be602467df687a6702c0a501337560636f8049dc320addfb222ea4e12e3d3cbe6088a3cf2b430d3e5a82760d75b4d03763df734e516670b7dbe81bd947bf7eb3c57f298502eb62af7a5457bce0c03ebaf2d0b2a460c9e347408ffaff0"}}, {0x1f, &(0x7f0000000640)=ANY=[@ANYBLOB="1f03202a1d3669c046c84d31e684f8024c719d2c93e1547d76dafb7d94a09aacffe528552a62b701dab6717071dbbd5e6edacea15d3b7c403ec087f8400e561939024b237a7d480db4deeafd4180248170a431"]}]})
syz_usb_ep_read(r2, 0x5, 0xdc, &(0x7f0000000480)=""/220)
set_tid_address(0x0)
syz_usb_control_io(r1, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x85, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcd6, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}}, 0x24}}, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[])
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000bc0)=@mangle={'mangle\x00', 0x64, 0x6, 0x4d4, 0x190, 0xc8, 0xc8, 0x258, 0xc8, 0x40c, 0x40c, 0x40c, 0x40c, 0x40c, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa4, 0xc8, 0x0, {0x0, 0x3a010000}}, @HL={0x24}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0x258}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0xa4, 0xc8}, @unspec=@CHECKSUM={0x24}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev={0xfe, 0x80, '\x00', 0xc}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x530)
getpriority(0x2, 0xffffffffffffffff)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = syz_io_uring_setup(0x1e21, &(0x7f00000003c0)={0x0, 0x86f4, 0x2000, 0xfffffffc}, &(0x7f0000002000)=<r6=>0x0, &(0x7f0000000000)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x23})
io_uring_enter(r5, 0x48e9, 0xc5a5, 0x2e, 0x0, 0x0)
r8 = syz_io_uring_setup(0x4b6, &(0x7f0000000200)={0x0, 0x2361, 0x20, 0x2, 0x38a}, &(0x7f0000ff0000), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f0000000040)=[{0x0}], 0x1)
syz_open_dev$sg(0xfffffffffffffffe, 0x3ff, 0x442440)
io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f0000000180), 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
read(0xffffffffffffffff, &(0x7f00000002c0)=""/199, 0xc7)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x18, 0x41, 0x107, 0xfffffffc, 0x0, {0x4, 0x7c}, [@typed={0x4, 0x12d}]}, 0x18}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
rt_sigprocmask(0x2, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
timer_create(0x3, 0x0, &(0x7f0000044000))

5.699535757s ago: executing program 3 (id=3736):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00')
getdents64(r1, &(0x7f0000000500)=""/157, 0x9d)
getdents(r1, &(0x7f0000000ec0)=""/4096, 0x1000)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040)={0xc, 0x1}, 0x8)
shutdown(r2, 0x0)
syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
r9 = openat$tun(0xffffff9c, &(0x7f00000001c0), 0x84002, 0x0)
ioctl$TUNGETFILTER(r9, 0x800854db, &(0x7f0000000280)=""/149)
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r10, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r8, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@random="99177fa54f29", @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@gettfilter={0x24, 0x2e, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xa, 0xfff3}, {0x0, 0xfff1}, {0x0, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000094}, 0x4044040)

4.906512505s ago: executing program 1 (id=3724):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, &(0x7f0000001440)=ANY=[@ANYBLOB="01000000000000000100000003000000070002000000f0ffffff01000000ff0300"/46])
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b4426ea40a206b9cdbc407406838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb0711745f126fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e15c9b67ed40416ba164033135fee831df925e9baabdb846b5bf66855e3f8b79dca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf9"})

4.814553729s ago: executing program 0 (id=3725):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00')
getdents64(r1, &(0x7f0000000500)=""/157, 0x9d)
getdents(r1, &(0x7f0000000ec0)=""/4096, 0x1000)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040)={0xc, 0x1}, 0x8)
shutdown(r2, 0x0)
syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
r9 = openat$tun(0xffffff9c, &(0x7f00000001c0), 0x84002, 0x0)
ioctl$TUNGETFILTER(r9, 0x800854db, &(0x7f0000000280)=""/149)
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$PPPIOCGCHAN(r10, 0x80047437, &(0x7f0000000080))
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@random="99177fa54f29", @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@gettfilter={0x24, 0x2e, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xa, 0xfff3}, {0x0, 0xfff1}, {0x0, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000094}, 0x4044040)

3.887275168s ago: executing program 2 (id=3741):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x11}})

3.058306322s ago: executing program 3 (id=3742):
r0 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000000c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
openat$rtc(0xffffff9c, 0x0, 0x8103, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x2, 0x5}, {0x6, 0x7f36}, {0x200, 0x70}, {0x3, 0xf}, {0x6, 0x100}, {0x6, 0x589}, {0x8, 0x7}, {0x10041, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x3}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000008, 0x8b}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000100)=0x29ab, 0x4)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f00000001c0)={@multicast1, @local}, &(0x7f0000000240)=0xc)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1)
accept4(0xffffffffffffffff, &(0x7f0000000300)=@x25, &(0x7f0000000000)=0x80, 0x800)
openat$uinput(0xffffff9c, 0x0, 0x802, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x800)
recvmmsg$unix(r5, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4e0, 0x0, 0x25, 0x148, 0x340, 0x60, 0x44c, 0x2a8, 0x2a8, 0x44c, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xc4, 0x10c, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@ah={{0x2c}, {[0x1, 0x4]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x53c)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, 0x0)

3.056056923s ago: executing program 2 (id=3750):
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0900000006000000ff0f00000400000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000e1ff00000000000000"], 0x48)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x4, 0x80001)
ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000040)={0x0, {0xffff, 0x3}})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000008900000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000007500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000100), 0x1001)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000ac0)='mm_page_free_batched\x00', r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r3, 0x80489439, &(0x7f0000000000))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, &(0x7f0000000180))
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2)

2.116774108s ago: executing program 2 (id=3743):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl1\x00', <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}})
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x10, 0x0)
inotify_init1(0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd74)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000000)={'ip_vti0\x00', r1, 0x7800, 0x40, 0x9, 0x2, {{0x6, 0x4, 0x2, 0x6, 0x18, 0x67, 0x0, 0xfb, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@end]}}}}})
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x800)
recvmmsg$unix(r7, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)

2.007465154s ago: executing program 3 (id=3744):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = socket(0x2b, 0x80801, 0x1)
setsockopt$inet_tcp_int(r2, 0x6, 0x9, &(0x7f0000000080)=0xffffb77a, 0x4)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'veth0_to_team\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0xc}, {0xfff3}}}, 0x24}}, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r7)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000280)={{{@in=@dev={0xac, 0x14, 0x14, 0x12}, @in=@broadcast, 0x4e22, 0x1, 0x4e21, 0x0, 0xa, 0x80, 0x80, 0x87, 0x0, r7}, {0x2, 0x7ffd, 0x100, 0x7fff, 0x8, 0x5, 0x1, 0x1}, {0x0, 0x6, 0x7ff, 0x45}, 0x4, 0x6e6bb9, 0x1, 0x1, 0x2}, {{@in6=@empty, 0x4d4, 0x32}, 0xa, @in=@empty, 0x3504, 0x3, 0x0, 0xf, 0x1000, 0xfffffff7, 0x4}}, 0xe4)

1.139199335s ago: executing program 2 (id=3745):
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x101701)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0xffffffff)
r2 = io_uring_setup(0x28d5, &(0x7f00000001c0)={0x0, 0x9208, 0x0, 0x0, 0x211})
close(r2)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
ioperm(0x3, 0x2c3, 0xbc)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/profiling', 0x141b82, 0x180)
write$cgroup_int(r3, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000440))
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0)

335.054049ms ago: executing program 3 (id=3746):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket(0x1d, 0x2, 0x6)
bind$l2tp(r1, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="04230d00c80001"], 0x10) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x68, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}]}, 0x68}}, 0x0) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000f9ffffff0924000000060a0b04000000000000000002000008040004800900020073797a3200000000140000001100010000000000000000000000000a93ae51bd1ebe0c5d5969fd92f738"], 0x4c}}, 0x0) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@mpls_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1, 0x4c00}}, 0x1c}}, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r8, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000000f", @ANYRES8=r0], 0x3c}}, 0x10)

239.512659ms ago: executing program 2 (id=3747):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001800dd8d000000000000000002000000000000060000000006001500010000001800168014000100000000000000000000003000000011"], 0x3c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r3=>0x0}) (async)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd74) (async)
ioctl$I2C_PEC(r5, 0x708, 0x8) (async)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r3, @ANYBLOB="1400040070696d3672656730000000000000000008000500060000000800178004000600"], 0x40}}, 0x0)

1.244617ms ago: executing program 2 (id=3748):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r3, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r4)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
write(r5, &(0x7f0000000000)="14000000140005b7ffccca38b9000000010860eb", 0x14)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x9, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
r7 = socket(0x23, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x89f0, &(0x7f0000000800)={'bridge0\x00', &(0x7f0000000240)=@ethtool_coalesce={0xf, 0x4, 0x101, 0xc3a5, 0x9, 0x1ff, 0x4, 0x2, 0xfffffff6, 0x7fb, 0x1, 0xc99d, 0x2, 0x9, 0x8d, 0x7ff, 0x2, 0xa98, 0x8, 0x6, 0x10000040, 0x3, 0xfd}})
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r8, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r9 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r9, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_mreqsrc(r6, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)

0s ago: executing program 3 (id=3749):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f)
r1 = openat$fb1(0xffffff9c, &(0x7f0000007740), 0x2000, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000000), r3, 0x0, 0x1, 0x4}}, 0x20)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000007780)={0xf00, 0x0, 0x280, 0x4b0, 0x8, 0x0, 0x8, 0x1, {0xfffffffa, 0x1, 0x1}, {0x9, 0x5, 0xffffffff}, {0x10022a, 0x1e4}, {0x1, 0x4f}, 0x2, 0x40, 0x3, 0x3, 0x1, 0x8, 0x100, 0x6, 0x10001, 0xd3b, 0x6, 0x2, 0xd, 0x2, 0x0, 0x8})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = userfaultfd(0x1)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
sendmsg$nl_netfilter(r4, &(0x7f0000003100)={0x0, 0x0, &(0x7f00000030c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000000403", @ANYRES8=r1], 0x14}}, 0x0)
unshare(0x22020400)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REJECT_ICMP_CODE={0x5}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}]}], {0x14}}, 0x7c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0)
ioperm(0x3fffc000, 0x8, 0x6)
syz_genetlink_get_family_id$nl80211(&(0x7f0000003180), r4)

kernel console output (not intermixed with test programs):

 835.367908][T18909] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  835.382791][T18909] lo speed is unknown, defaulting to 1000
[  835.386659][T18909] lo speed is unknown, defaulting to 1000
[  835.389229][T18909] lo speed is unknown, defaulting to 1000
[  835.391703][T18909] lo speed is unknown, defaulting to 1000
[  835.447891][T18913] syzkaller1: entered promiscuous mode
[  835.449686][T18913] syzkaller1: entered allmulticast mode
[  835.634695][T18922] syzkaller1: entered promiscuous mode
[  835.636612][T18922] syzkaller1: entered allmulticast mode
[  835.896347][T18928] random: crng reseeded on system resumption
[  835.904089][T18928] Restarting kernel threads ...
[  835.905992][T18928] Done restarting kernel threads.
[  836.316553][T18935] erofs (device loop3): cannot find valid erofs superblock
[  837.035796][T18938] lo speed is unknown, defaulting to 1000
[  837.042841][T18938] lo speed is unknown, defaulting to 1000
[  837.427076][T18946] FAULT_INJECTION: forcing a failure.
[  837.427076][T18946] name fail_futex, interval 1, probability 0, space 0, times 1
[  837.431032][T18946] CPU: 0 UID: 0 PID: 18946 Comm: syz.3.3268 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  837.431048][T18946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  837.431055][T18946] Call Trace:
[  837.431059][T18946]  <TASK>
[  837.431064][T18946]  dump_stack_lvl+0x16c/0x1f0
[  837.431081][T18946]  should_fail_ex+0x512/0x640
[  837.431096][T18946]  get_futex_key+0xf3e/0x1540
[  837.431116][T18946]  ? __pfx_get_futex_key+0x10/0x10
[  837.431136][T18946]  ? _kstrtoull+0x145/0x200
[  837.431154][T18946]  futex_wait_requeue_pi+0x1f6/0x830
[  837.431170][T18946]  ? __pfx_futex_wait_requeue_pi+0x10/0x10
[  837.431198][T18946]  ? __pfx_futex_wake_mark+0x10/0x10
[  837.431215][T18946]  ? find_held_lock+0x2b/0x80
[  837.431232][T18946]  ? ksys_write+0x190/0x250
[  837.431246][T18946]  do_futex+0x2ae/0x350
[  837.431257][T18946]  ? __pfx_do_futex+0x10/0x10
[  837.431272][T18946]  __ia32_sys_futex_time32+0x1d9/0x460
[  837.431286][T18946]  ? fput+0x70/0xf0
[  837.431298][T18946]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  837.431311][T18946]  ? ksys_write+0x1ac/0x250
[  837.431321][T18946]  ? __pfx_ksys_write+0x10/0x10
[  837.431333][T18946]  ? rcu_is_watching+0x12/0xc0
[  837.431351][T18946]  __do_fast_syscall_32+0x7c/0x3a0
[  837.431364][T18946]  do_fast_syscall_32+0x32/0x80
[  837.431376][T18946]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  837.431391][T18946] RIP: 0023:0xf7fb6579
[  837.431399][T18946] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  837.431410][T18946] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0
[  837.431421][T18946] RAX: ffffffffffffffda RBX: 000000008000cffc RCX: 000000000000000b
[  837.431428][T18946] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000080048000
[  837.431435][T18946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  837.431441][T18946] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  837.431447][T18946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  837.431460][T18946]  </TASK>
[  839.798594][T18989] random: crng reseeded on system resumption
[  839.815192][T18989] Restarting kernel threads ...
[  839.817470][T18989] Done restarting kernel threads.
[  840.574619][T18991] __nla_validate_parse: 49 callbacks suppressed
[  840.574638][T18991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3282'.
[  840.582806][T18991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3282'.
[  840.586884][T18991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3282'.
[  840.590805][T18991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3282'.
[  841.252712][T14723] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  841.252781][ T5943] Bluetooth: hci1: command 0x1003 tx timeout
[  841.825112][T19021] random: crng reseeded on system resumption
[  841.835961][T19021] Restarting kernel threads ...
[  841.837802][T19021] Done restarting kernel threads.
[  841.923170][T19027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3293'.
[  841.926661][T19027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3293'.
[  841.929817][T19027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3293'.
[  841.933562][T19027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3293'.
[  841.939922][T19035] siw: device registration error -23
[  843.349666][T19082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3310'.
[  843.354440][T19082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3310'.
[  843.730435][T19093] random: crng reseeded on system resumption
[  843.741869][T19093] Restarting kernel threads ...
[  843.743838][T19093] Done restarting kernel threads.
[  844.312231][T19101] netlink: 'syz.0.3318': attribute type 14 has an invalid length.
[  844.427926][T19105] FAULT_INJECTION: forcing a failure.
[  844.427926][T19105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  844.433309][T19105] CPU: 2 UID: 0 PID: 19105 Comm: syz.0.3320 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  844.433333][T19105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  844.433343][T19105] Call Trace:
[  844.433350][T19105]  <TASK>
[  844.433356][T19105]  dump_stack_lvl+0x16c/0x1f0
[  844.433378][T19105]  should_fail_ex+0x512/0x640
[  844.433400][T19105]  _copy_to_user+0x32/0xd0
[  844.433423][T19105]  simple_read_from_buffer+0xcb/0x170
[  844.433450][T19105]  proc_fail_nth_read+0x197/0x270
[  844.433477][T19105]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  844.433504][T19105]  ? rw_verify_area+0xcf/0x680
[  844.433529][T19105]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  844.433554][T19105]  vfs_read+0x1e1/0xc60
[  844.433571][T19105]  ? fdget_pos+0x2a2/0x370
[  844.433591][T19105]  ? __pfx_vfs_read+0x10/0x10
[  844.433605][T19105]  ? find_held_lock+0x2b/0x80
[  844.433637][T19105]  ? __fget_files+0x20e/0x3c0
[  844.433660][T19105]  ksys_read+0x12a/0x250
[  844.433676][T19105]  ? __pfx_ksys_read+0x10/0x10
[  844.433699][T19105]  ? rcu_is_watching+0x12/0xc0
[  844.433729][T19105]  __do_fast_syscall_32+0x7c/0x3a0
[  844.433750][T19105]  do_fast_syscall_32+0x32/0x80
[  844.433768][T19105]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  844.433789][T19105] RIP: 0023:0xf703e579
[  844.433802][T19105] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  844.433818][T19105] RSP: 002b:00000000f502e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  844.433834][T19105] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f502e620
[  844.433845][T19105] RDX: 000000000000000f RSI: 00000000f73a2ff4 RDI: 0000000000000000
[  844.433854][T19105] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  844.433864][T19105] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  844.433873][T19105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  844.433895][T19105]  </TASK>
[  844.517577][    C2] hpet_rtc_timer_reinit: 29 callbacks suppressed
[  844.517586][    C2] hpet: Lost 4 RTC interrupts
[  844.713353][T19115] tipc: Started in network mode
[  844.714979][T19115] tipc: Node identity 4, cluster identity 4711
[  844.717266][T19115] tipc: Node number set to 4
[  844.990674][T19135] erofs (device loop2): cannot find valid erofs superblock
[  845.530467][T19139] lo speed is unknown, defaulting to 1000
[  845.537864][T19139] lo speed is unknown, defaulting to 1000
[  845.880152][T19153] FAULT_INJECTION: forcing a failure.
[  845.880152][T19153] name failslab, interval 1, probability 0, space 0, times 0
[  845.884767][T19153] CPU: 2 UID: 0 PID: 19153 Comm: syz.1.3336 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  845.884804][T19153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  845.884814][T19153] Call Trace:
[  845.884821][T19153]  <TASK>
[  845.884827][T19153]  dump_stack_lvl+0x16c/0x1f0
[  845.884849][T19153]  should_fail_ex+0x512/0x640
[  845.884867][T19153]  ? fs_reclaim_acquire+0xae/0x150
[  845.884892][T19153]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  845.884908][T19153]  should_failslab+0xc2/0x120
[  845.884929][T19153]  __kmalloc_noprof+0xd2/0x510
[  845.884952][T19153]  tomoyo_realpath_from_path+0xc2/0x6e0
[  845.884970][T19153]  ? tomoyo_profile+0x47/0x60
[  845.884989][T19153]  tomoyo_path_number_perm+0x245/0x580
[  845.885010][T19153]  ? tomoyo_path_number_perm+0x237/0x580
[  845.885033][T19153]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  845.885080][T19153]  ? find_held_lock+0x2b/0x80
[  845.885102][T19153]  ? hook_file_ioctl_common+0x145/0x410
[  845.885129][T19153]  ? __fget_files+0x20e/0x3c0
[  845.885144][T19153]  ? __fput_deferred+0x360/0x370
[  845.885168][T19153]  security_file_ioctl_compat+0x9b/0x240
[  845.885193][T19153]  __ia32_compat_sys_ioctl+0xc3/0x370
[  845.885219][T19153]  __do_fast_syscall_32+0x7c/0x3a0
[  845.885238][T19153]  do_fast_syscall_32+0x32/0x80
[  845.885255][T19153]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  845.885269][T19153] RIP: 0023:0xf7f78579
[  845.885278][T19153] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  845.885290][T19153] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  845.885306][T19153] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000af02
[  845.885316][T19153] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  845.885324][T19153] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  845.885333][T19153] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  845.885342][T19153] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  845.885361][T19153]  </TASK>
[  845.885581][T19153] ERROR: Out of memory at tomoyo_realpath_from_path.
[  846.205072][T19161] __nla_validate_parse: 12 callbacks suppressed
[  846.205083][T19161] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3338'.
[  846.211718][T19161] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3338'.
[  846.215625][T19161] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3338'.
[  846.219801][T19161] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3338'.
[  846.355707][T19165] @: renamed from vlan0 (while UP)
[  847.578520][T19189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3349'.
[  847.582940][T19189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3349'.
[  847.587060][T19189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3349'.
[  847.591384][T19189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3349'.
[  847.597644][T19189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3349'.
[  847.692085][T19196] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3345'.
[  847.700611][T19196] FAULT_INJECTION: forcing a failure.
[  847.700611][T19196] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  847.705474][T19196] CPU: 1 UID: 0 PID: 19196 Comm: syz.1.3345 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  847.705510][T19196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  847.705518][T19196] Call Trace:
[  847.705522][T19196]  <TASK>
[  847.705527][T19196]  dump_stack_lvl+0x16c/0x1f0
[  847.705542][T19196]  should_fail_ex+0x512/0x640
[  847.705556][T19196]  _copy_from_user+0x2e/0xd0
[  847.705570][T19196]  memdup_user+0x6b/0xe0
[  847.705585][T19196]  strndup_user+0x78/0xe0
[  847.705599][T19196]  __do_sys_add_key+0x156/0x470
[  847.705613][T19196]  ? __pfx___do_sys_add_key+0x10/0x10
[  847.705624][T19196]  ? ksys_write+0x1ac/0x250
[  847.705638][T19196]  ? rcu_is_watching+0x12/0xc0
[  847.705656][T19196]  __do_fast_syscall_32+0x7c/0x3a0
[  847.705670][T19196]  do_fast_syscall_32+0x32/0x80
[  847.705682][T19196]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  847.705696][T19196] RIP: 0023:0xf7f78579
[  847.705705][T19196] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  847.705716][T19196] RSP: 002b:00000000f505455c EFLAGS: 00000296 ORIG_RAX: 000000000000011e
[  847.705727][T19196] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000080000180
[  847.705734][T19196] RDX: 0000000080000100 RSI: 00000000000000ca RDI: 00000000fffffffe
[  847.705740][T19196] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  847.705747][T19196] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  847.705753][T19196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  847.705766][T19196]  </TASK>
[  847.777497][T19199] loop7: detected capacity change from 0 to 16384
[  847.812070][T19200] random: crng reseeded on system resumption
[  847.832232][T19200] Restarting kernel threads ...
[  847.834253][T19200] Done restarting kernel threads.
[  847.973065][T19199] loop7: detected capacity change from 16384 to 0
[  848.209700][T19212] ieee802154 phy0 wpan0: encryption failed: -22
[  848.832635][   T59] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  848.988507][   T59] usb 7-1: config 1 has an invalid interface number: 169 but max is 2
[  848.991839][   T59] usb 7-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  849.005267][   T59] usb 7-1: config 1 has an invalid interface number: 107 but max is 2
[  849.011745][   T59] usb 7-1: config 1 has an invalid interface number: 148 but max is 2
[  849.018927][   T59] usb 7-1: config 1 has no interface number 0
[  849.027625][   T59] usb 7-1: config 1 has no interface number 1
[  849.030557][   T59] usb 7-1: config 1 has no interface number 2
[  849.035210][   T59] usb 7-1: config 1 interface 169 altsetting 5 endpoint 0x4 has invalid maxpacket 520, setting to 64
[  849.039583][   T59] usb 7-1: config 1 interface 169 altsetting 5 has a duplicate endpoint with address 0x5, skipping
[  849.044601][   T59] usb 7-1: config 1 interface 169 altsetting 5 endpoint 0xE has invalid maxpacket 1024, setting to 64
[  849.049969][   T59] usb 7-1: config 1 interface 169 altsetting 5 endpoint 0xC has an invalid bInterval 249, changing to 7
[  849.054856][   T59] usb 7-1: config 1 interface 169 altsetting 5 has a duplicate endpoint with address 0x8C, skipping
[  849.059115][   T59] usb 7-1: config 1 interface 169 altsetting 5 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  849.068313][   T59] usb 7-1: config 1 interface 169 altsetting 5 has a duplicate endpoint with address 0x2, skipping
[  849.073001][   T59] usb 7-1: config 1 interface 169 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  849.077689][   T59] usb 7-1: config 1 interface 169 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  849.082087][   T59] usb 7-1: config 1 interface 169 altsetting 5 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  849.086917][   T59] usb 7-1: config 1 interface 169 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  849.091536][   T59] usb 7-1: config 1 interface 107 altsetting 5 has a duplicate endpoint with address 0xF, skipping
[  849.097781][   T59] usb 7-1: config 1 interface 107 altsetting 5 endpoint 0xA has an invalid bInterval 24, changing to 7
[  849.105207][   T59] usb 7-1: config 1 interface 107 altsetting 5 endpoint 0x9 has invalid wMaxPacketSize 0
[  849.109260][   T59] usb 7-1: config 1 interface 107 altsetting 5 has a duplicate endpoint with address 0xE, skipping
[  849.114253][   T59] usb 7-1: config 1 interface 107 altsetting 5 has a duplicate endpoint with address 0x6, skipping
[  849.118564][   T59] usb 7-1: config 1 interface 107 altsetting 5 has a duplicate endpoint with address 0xF, skipping
[  849.123256][   T59] usb 7-1: config 1 interface 107 altsetting 5 has an endpoint descriptor with address 0xBC, changing to 0x8C
[  849.132821][   T59] usb 7-1: config 1 interface 107 altsetting 5 endpoint 0x8C has invalid maxpacket 11831, setting to 1024
[  849.137415][   T59] usb 7-1: config 1 interface 107 altsetting 5 bulk endpoint 0x8C has invalid maxpacket 1024
[  849.141561][   T59] usb 7-1: config 1 interface 107 altsetting 5 has a duplicate endpoint with address 0x9, skipping
[  849.146639][   T59] usb 7-1: config 1 interface 107 altsetting 5 has a duplicate endpoint with address 0x9, skipping
[  849.151799][   T59] usb 7-1: config 1 interface 107 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  849.156352][   T59] usb 7-1: config 1 interface 107 altsetting 5 has 12 endpoint descriptors, different from the interface descriptor's value: 11
[  849.161708][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0xF, skipping
[  849.166917][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0xF, skipping
[  849.171350][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0xA, skipping
[  849.175763][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0x3, skipping
[  849.180014][   T59] usb 7-1: config 1 interface 148 altsetting 180 endpoint 0xD has invalid maxpacket 1024, setting to 64
[  849.184479][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0x5, skipping
[  849.188746][   T59] usb 7-1: config 1 interface 148 altsetting 180 has an invalid descriptor for endpoint zero, skipping
[  849.193242][   T59] usb 7-1: config 1 interface 148 altsetting 180 has an invalid descriptor for endpoint zero, skipping
[  849.197696][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0xA, skipping
[  849.202082][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0xE, skipping
[  849.206431][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0x2, skipping
[  849.210675][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0xD, skipping
[  849.215121][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0xC, skipping
[  849.219425][   T59] usb 7-1: config 1 interface 148 altsetting 180 has a duplicate endpoint with address 0x3, skipping
[  849.223767][   T59] usb 7-1: config 1 interface 169 has no altsetting 0
[  849.226455][   T59] usb 7-1: config 1 interface 107 has no altsetting 0
[  849.229145][   T59] usb 7-1: config 1 interface 148 has no altsetting 0
[  849.246451][   T59] usb 7-1: New USB device found, idVendor=07c9, idProduct=b100, bcdDevice=bc.99
[  849.250077][   T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  849.253986][   T59] usb 7-1: Product: 췍끴獑⏖焎ꜵ桙ᄬ狿씠ҕ怫뫛㣙㏥ᑩ⓾䛌⦔漏殣ᓎ⪶笪抚ꁪؓ룜뮲뿋뼃䩫⥾烇ﱂ셗鉰⍣ኲᗸ쑴舧㏑鍤யᰏ施햕Ɯᓬ펳㡧瑶㦃珄摊必⢦
[  849.262167][   T59] usb 7-1: Manufacturer: 儺鿇㳔
[  849.264534][   T59] usb 7-1: SerialNumber: ﳿ
[  849.268415][   T59] usb 7-1: Interface #169 referenced by multiple IADs
[  849.271802][   T59] usb 7-1: Interface #107 referenced by multiple IADs
[  849.275180][   T59] usb 7-1: Interface #148 referenced by multiple IADs
[  849.489852][   T59] pegasus 7-1:1.169: probe with driver pegasus failed with error -71
[  849.498958][   T59] pegasus 7-1:1.107: probe with driver pegasus failed with error -71
[  849.505789][   T59] pegasus 7-1:1.148: probe with driver pegasus failed with error -71
[  849.510080][   T59] usb 7-1: USB disconnect, device number 8
[  849.604347][T19243] random: crng reseeded on system resumption
[  849.608934][T19243] Restarting kernel threads ...
[  849.610801][T19243] Done restarting kernel threads.
[  850.159502][T19249] fuse: Bad value for 'fd'
[  850.322958][T19250] could not allocate digest TFM handle cbcmac-aes-neon
[  851.078708][T19268] @: renamed from vlan0 (while UP)
[  851.458248][T19282] __nla_validate_parse: 5 callbacks suppressed
[  851.458283][T19282] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3379'.
[  851.471001][T11264] libceph: connect (1)[c::]:6789 error -101
[  851.473389][T11264] libceph: mon0 (1)[c::]:6789 connect error
[  851.476498][T11264] libceph: connect (1)[c::]:6789 error -101
[  851.478670][T11264] libceph: mon0 (1)[c::]:6789 connect error
[  851.542439][T19282] ceph: No mds server is up or the cluster is laggy
[  852.107092][T19293] syzkaller1: entered promiscuous mode
[  852.109101][T19293] syzkaller1: entered allmulticast mode
[  853.640042][T19332] FAULT_INJECTION: forcing a failure.
[  853.640042][T19332] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  853.644411][T19332] CPU: 1 UID: 0 PID: 19332 Comm: syz.0.3394 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  853.644439][T19332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  853.644447][T19332] Call Trace:
[  853.644452][T19332]  <TASK>
[  853.644457][T19332]  dump_stack_lvl+0x16c/0x1f0
[  853.644473][T19332]  should_fail_ex+0x512/0x640
[  853.644488][T19332]  _copy_from_user+0x2e/0xd0
[  853.644502][T19332]  copy_from_sockptr_offset+0x15c/0x1b0
[  853.644514][T19332]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  853.644525][T19332]  ? trace_sched_exit_tp+0xde/0x130
[  853.644541][T19332]  compat_do_replace+0x1c4/0x3c0
[  853.644554][T19332]  ? __pfx_compat_do_replace+0x10/0x10
[  853.644566][T19332]  ? __pfx_aa_get_newest_label+0x10/0x10
[  853.644581][T19332]  ? rcu_is_watching+0x12/0xc0
[  853.644604][T19332]  ? bpf_lsm_capable+0x9/0x10
[  853.644615][T19332]  ? security_capable+0x7e/0x260
[  853.644631][T19332]  do_ipt_set_ctl+0x55d/0xa60
[  853.644642][T19332]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  853.644663][T19332]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  853.644676][T19332]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  853.644692][T19332]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  853.644707][T19332]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  853.644726][T19332]  nf_setsockopt+0x8a/0xf0
[  853.644744][T19332]  ip_setsockopt+0xcb/0xf0
[  853.644757][T19332]  raw_setsockopt+0xb7/0x2a0
[  853.644771][T19332]  ? __pfx_raw_setsockopt+0x10/0x10
[  853.644784][T19332]  ? sock_common_setsockopt+0x2e/0xf0
[  853.644797][T19332]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  853.644808][T19332]  do_sock_setsockopt+0x224/0x470
[  853.644821][T19332]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  853.644849][T19332]  __sys_setsockopt+0x120/0x1a0
[  853.644877][T19332]  __ia32_sys_setsockopt+0xbc/0x160
[  853.644899][T19332]  ? lockdep_hardirqs_on+0x7c/0x110
[  853.644917][T19332]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  853.644935][T19332]  __do_fast_syscall_32+0x7c/0x3a0
[  853.644949][T19332]  do_fast_syscall_32+0x32/0x80
[  853.644961][T19332]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  853.644976][T19332] RIP: 0023:0xf703e579
[  853.644985][T19332] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  853.644996][T19332] RSP: 002b:00000000f4fec55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  853.645007][T19332] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000000
[  853.645015][T19332] RDX: 0000000000000040 RSI: 0000000080000380 RDI: 00000000000002fc
[  853.645021][T19332] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  853.645028][T19332] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  853.645035][T19332] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  853.645048][T19332]  </TASK>
[  854.133348][T19337] syzkaller0: entered promiscuous mode
[  854.135180][T19337] syzkaller0: entered allmulticast mode
[  854.880274][T19354] random: crng reseeded on system resumption
[  854.895635][T19354] Restarting kernel threads ...
[  854.897585][T19354] Done restarting kernel threads.
[  855.550962][T19369] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3402'.
[  855.896879][T19366] random: crng reseeded on system resumption
[  855.911334][T19366] Restarting kernel threads ...
[  855.916112][T19366] Done restarting kernel threads.
[  855.995457][   T68] IPVS: starting estimator thread 0...
[  856.112708][T19376] IPVS: using max 40 ests per chain, 96000 per kthread
[  856.643077][T19387] syzkaller0: entered promiscuous mode
[  856.647147][T19387] syzkaller0: entered allmulticast mode
[  857.390868][T19395] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3411'.
[  857.488409][   T59] libceph: connect (1)[c::]:6789 error -101
[  857.490980][   T59] libceph: mon0 (1)[c::]:6789 connect error
[  857.495113][   T59] libceph: connect (1)[c::]:6789 error -101
[  857.504222][   T59] libceph: mon0 (1)[c::]:6789 connect error
[  857.560039][T19401] ceph: No mds server is up or the cluster is laggy
[  858.530234][T19418] FAULT_INJECTION: forcing a failure.
[  858.530234][T19418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  858.534614][T19418] CPU: 2 UID: 0 PID: 19418 Comm: syz.1.3417 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  858.534631][T19418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  858.534639][T19418] Call Trace:
[  858.534643][T19418]  <TASK>
[  858.534648][T19418]  dump_stack_lvl+0x16c/0x1f0
[  858.534665][T19418]  should_fail_ex+0x512/0x640
[  858.534680][T19418]  _copy_to_user+0x32/0xd0
[  858.534695][T19418]  simple_read_from_buffer+0xcb/0x170
[  858.534714][T19418]  proc_fail_nth_read+0x197/0x270
[  858.534732][T19418]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  858.534750][T19418]  ? rw_verify_area+0xcf/0x680
[  858.534767][T19418]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  858.534784][T19418]  vfs_read+0x1e1/0xc60
[  858.534796][T19418]  ? fdget_pos+0x2a2/0x370
[  858.534809][T19418]  ? __pfx_vfs_read+0x10/0x10
[  858.534820][T19418]  ? find_held_lock+0x2b/0x80
[  858.534840][T19418]  ? __fget_files+0x20e/0x3c0
[  858.534855][T19418]  ksys_read+0x12a/0x250
[  858.534866][T19418]  ? __pfx_ksys_read+0x10/0x10
[  858.534878][T19418]  ? rcu_is_watching+0x12/0xc0
[  858.534897][T19418]  __do_fast_syscall_32+0x7c/0x3a0
[  858.534911][T19418]  do_fast_syscall_32+0x32/0x80
[  858.534923][T19418]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  858.534937][T19418] RIP: 0023:0xf7f78579
[  858.534947][T19418] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  858.534959][T19418] RSP: 002b:00000000f5096590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  858.534970][T19418] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5096620
[  858.534977][T19418] RDX: 000000000000000f RSI: 00000000f7402ff4 RDI: 0000000000000000
[  858.534984][T19418] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  858.534994][T19418] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  858.535001][T19418] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  858.535015][T19418]  </TASK>
[  858.606482][    C2] hpet: Lost 3 RTC interrupts
[  858.634323][T19420] random: crng reseeded on system resumption
[  858.646795][T19420] Restarting kernel threads ...
[  858.648627][T19420] Done restarting kernel threads.
[  858.662486][T19424] syzkaller1: entered promiscuous mode
[  858.665008][T19424] syzkaller1: entered allmulticast mode
[  858.669168][T19426] syzkaller1: entered promiscuous mode
[  858.671571][T19426] syzkaller1: entered allmulticast mode
[  858.978570][T19432] syzkaller0: entered promiscuous mode
[  858.980435][T19432] syzkaller0: entered allmulticast mode
[  860.527511][T19458] syzkaller1: entered promiscuous mode
[  860.530131][T19458] syzkaller1: entered allmulticast mode
[  861.119688][T19465] random: crng reseeded on system resumption
[  861.152499][T19465] Restarting kernel threads ...
[  861.154453][T19465] Done restarting kernel threads.
[  861.823677][T19473] syzkaller1: entered promiscuous mode
[  861.825720][T19473] syzkaller1: entered allmulticast mode
[  861.911016][T19475] kvm: pic: non byte read
[  862.430654][T19493] random: crng reseeded on system resumption
[  862.445102][T19493] Restarting kernel threads ...
[  862.447534][T19493] Done restarting kernel threads.
[  862.995555][T19498] 9pnet: Unknown protocol version 9p20\++}
[  863.047444][T19501] FAULT_INJECTION: forcing a failure.
[  863.047444][T19501] name failslab, interval 1, probability 0, space 0, times 0
[  863.051985][T19501] CPU: 2 UID: 0 PID: 19501 Comm: syz.0.3439 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  863.052002][T19501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  863.052009][T19501] Call Trace:
[  863.052014][T19501]  <TASK>
[  863.052041][T19501]  dump_stack_lvl+0x16c/0x1f0
[  863.052060][T19501]  should_fail_ex+0x512/0x640
[  863.052073][T19501]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  863.052086][T19501]  should_failslab+0xc2/0x120
[  863.052101][T19501]  __kmalloc_cache_noprof+0x6a/0x3e0
[  863.052113][T19501]  ? cfg80211_sinfo_alloc_tid_stats+0xa6/0x170
[  863.052128][T19501]  cfg80211_sinfo_alloc_tid_stats+0xa6/0x170
[  863.052141][T19501]  sta_set_sinfo+0x23ea/0x4600
[  863.052159][T19501]  ? kasan_save_track+0x14/0x30
[  863.052173][T19501]  __sta_info_destroy_part2+0x2da/0x540
[  863.052189][T19501]  __sta_info_flush+0x521/0x740
[  863.052204][T19501]  ? __pfx___sta_info_flush+0x10/0x10
[  863.052221][T19501]  ieee80211_ibss_disconnect+0x165/0x8f0
[  863.052241][T19501]  ieee80211_ibss_leave+0x4a/0x160
[  863.052257][T19501]  cfg80211_leave_ibss+0x1ac/0x480
[  863.052276][T19501]  cfg80211_ibss_wext_siwessid+0x2e4/0x3c0
[  863.052296][T19501]  cfg80211_wext_siwessid+0x10f/0x140
[  863.052316][T19501]  ioctl_standard_iw_point+0x5e4/0xca0
[  863.052330][T19501]  ? __pfx_cfg80211_wext_siwessid+0x10/0x10
[  863.052350][T19501]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[  863.052362][T19501]  ? __pfx___might_resched+0x10/0x10
[  863.052381][T19501]  ? rcu_is_watching+0x12/0xc0
[  863.052398][T19501]  ? trace_contention_end+0xdd/0x130
[  863.052412][T19501]  ? __mutex_lock+0x1ca/0xb90
[  863.052426][T19501]  compat_standard_call+0x20d/0x350
[  863.052438][T19501]  ? __pfx_cfg80211_wext_siwessid+0x10/0x10
[  863.052457][T19501]  ? __pfx_compat_standard_call+0x10/0x10
[  863.052469][T19501]  ? full_name_hash+0xbc/0x110
[  863.052484][T19501]  ? netdev_name_node_lookup+0x127/0x180
[  863.052500][T19501]  ? __pfx_compat_standard_call+0x10/0x10
[  863.052525][T19501]  ? __pfx_cfg80211_wext_siwessid+0x10/0x10
[  863.052547][T19501]  wireless_process_ioctl.constprop.0+0x28e/0x3d0
[  863.052563][T19501]  compat_wext_handle_ioctl+0x284/0x310
[  863.052576][T19501]  ? __pfx_compat_wext_handle_ioctl+0x10/0x10
[  863.052597][T19501]  compat_sock_ioctl+0x320/0x730
[  863.052623][T19501]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  863.052635][T19501]  ? hook_file_ioctl_common+0x145/0x410
[  863.052654][T19501]  ? __fget_files+0x20e/0x3c0
[  863.052663][T19501]  ? __fput_deferred+0x360/0x370
[  863.052682][T19501]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  863.052693][T19501]  __ia32_compat_sys_ioctl+0x23f/0x370
[  863.052712][T19501]  __do_fast_syscall_32+0x7c/0x3a0
[  863.052725][T19501]  do_fast_syscall_32+0x32/0x80
[  863.052738][T19501]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  863.052752][T19501] RIP: 0023:0xf703e579
[  863.052762][T19501] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  863.052773][T19501] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  863.052785][T19501] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008b1a
[  863.052792][T19501] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  863.052799][T19501] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  863.052805][T19501] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  863.052812][T19501] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  863.052826][T19501]  </TASK>
[  863.183368][    C2] hpet: Lost 7 RTC interrupts
[  863.240838][T19503] block device autoloading is deprecated and will be removed.
[  863.249181][T19507] syzkaller1: entered promiscuous mode
[  863.251446][T19507] syzkaller1: entered allmulticast mode
[  863.468177][T19517] random: crng reseeded on system resumption
[  864.450533][T19536] syzkaller1: entered promiscuous mode
[  864.453114][T19536] syzkaller1: entered allmulticast mode
[  864.781547][   T40] audit: type=1326 audit(2000000260.659:1740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19544 comm="syz.0.3452" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0
[  864.792336][T19545] random: crng reseeded on system resumption
[  864.801781][T19545] Restarting kernel threads ...
[  864.804366][T19545] Done restarting kernel threads.
[  864.836086][T19547] FAULT_INJECTION: forcing a failure.
[  864.836086][T19547] name failslab, interval 1, probability 0, space 0, times 0
[  864.841327][T19547] CPU: 2 UID: 0 PID: 19547 Comm: syz.0.3452 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  864.841352][T19547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  864.841363][T19547] Call Trace:
[  864.841370][T19547]  <TASK>
[  864.841378][T19547]  dump_stack_lvl+0x16c/0x1f0
[  864.841401][T19547]  should_fail_ex+0x512/0x640
[  864.841422][T19547]  ? __kmalloc_noprof+0xbf/0x510
[  864.841444][T19547]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  864.841464][T19547]  should_failslab+0xc2/0x120
[  864.841501][T19547]  __kmalloc_noprof+0xd2/0x510
[  864.841522][T19547]  ? kasan_quarantine_put+0x10a/0x240
[  864.841547][T19547]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  864.841573][T19547]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  864.841594][T19547]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  864.841613][T19547]  ? trace_cap_capable+0x18d/0x200
[  864.841642][T19547]  ? bpf_lsm_capable+0x9/0x10
[  864.841660][T19547]  ? security_capable+0x7e/0x260
[  864.841682][T19547]  ? ns_capable+0xd7/0x110
[  864.841711][T19547]  genl_rcv_msg+0x55c/0x800
[  864.841733][T19547]  ? __pfx_genl_rcv_msg+0x10/0x10
[  864.841751][T19547]  ? __pfx___dev_queue_xmit+0x10/0x10
[  864.841772][T19547]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  864.841789][T19547]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  864.841809][T19547]  ? __pfx_nl80211_post_doit+0x10/0x10
[  864.841829][T19547]  ? __lock_acquire+0xb8a/0x1c90
[  864.841855][T19547]  netlink_rcv_skb+0x16d/0x440
[  864.841882][T19547]  ? __pfx_genl_rcv_msg+0x10/0x10
[  864.841902][T19547]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  864.841941][T19547]  ? __pfx_down_read+0x10/0x10
[  864.841963][T19547]  ? netlink_deliver_tap+0x1ae/0xd30
[  864.841993][T19547]  genl_rcv+0x28/0x40
[  864.842009][T19547]  netlink_unicast+0x53a/0x7f0
[  864.842038][T19547]  ? __pfx_netlink_unicast+0x10/0x10
[  864.842071][T19547]  netlink_sendmsg+0x8d1/0xdd0
[  864.842104][T19547]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.842132][T19547]  ? __import_iovec+0x1dd/0x650
[  864.842158][T19547]  ____sys_sendmsg+0xa95/0xc70
[  864.842181][T19547]  ? __pfx_____sys_sendmsg+0x10/0x10
[  864.842198][T19547]  ? get_compat_msghdr+0x11a/0x170
[  864.842236][T19547]  ___sys_sendmsg+0x134/0x1d0
[  864.842268][T19547]  ? __pfx____sys_sendmsg+0x10/0x10
[  864.842306][T19547]  ? find_held_lock+0x2b/0x80
[  864.842347][T19547]  __sys_sendmsg+0x16d/0x220
[  864.842374][T19547]  ? __pfx___sys_sendmsg+0x10/0x10
[  864.842410][T19547]  ? rcu_is_watching+0x12/0xc0
[  864.842440][T19547]  __do_fast_syscall_32+0x7c/0x3a0
[  864.842464][T19547]  do_fast_syscall_32+0x32/0x80
[  864.842482][T19547]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  864.842504][T19547] RIP: 0023:0xf703e579
[  864.842534][T19547] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  864.842551][T19547] RSP: 002b:00000000f500d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  864.842569][T19547] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  864.842581][T19547] RDX: 0000000000044050 RSI: 0000000000000000 RDI: 0000000000000000
[  864.842592][T19547] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  864.842602][T19547] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  864.842613][T19547] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  864.842637][T19547]  </TASK>
[  864.959449][    C2] hpet: Lost 7 RTC interrupts
[  865.749747][T19552] syzkaller1: entered promiscuous mode
[  865.752970][T19552] syzkaller1: entered allmulticast mode
[  866.846012][T19577] syzkaller0: entered promiscuous mode
[  866.847708][T19577] syzkaller0: entered allmulticast mode
[  867.788653][T19589] syzkaller1: entered promiscuous mode
[  867.790531][T19589] syzkaller1: entered allmulticast mode
[  868.038988][T19602] syzkaller1: entered promiscuous mode
[  868.041242][T19602] syzkaller1: entered allmulticast mode
[  869.408981][T19625] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3475'.
[  869.564889][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  869.566964][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  870.287737][   T40] audit: type=1326 audit(2000000266.169:1741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19641 comm="syz.0.3483" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0
[  870.542826][T14686] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  870.563402][T19655] syzkaller1: entered promiscuous mode
[  870.566336][T19655] syzkaller1: entered allmulticast mode
[  870.569071][T19657] netlink: 'syz.1.3488': attribute type 1 has an invalid length.
[  870.582120][T19657] 8021q: adding VLAN 0 to HW filter on device bond1
[  870.586884][T19657] FAULT_INJECTION: forcing a failure.
[  870.586884][T19657] name failslab, interval 1, probability 0, space 0, times 0
[  870.590764][T19657] CPU: 1 UID: 0 PID: 19657 Comm: syz.1.3488 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  870.590781][T19657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  870.590789][T19657] Call Trace:
[  870.590793][T19657]  <TASK>
[  870.590798][T19657]  dump_stack_lvl+0x16c/0x1f0
[  870.590814][T19657]  should_fail_ex+0x512/0x640
[  870.590827][T19657]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  870.590840][T19657]  should_failslab+0xc2/0x120
[  870.590855][T19657]  __kmalloc_cache_noprof+0x6a/0x3e0
[  870.590866][T19657]  ? rtnl_newlink+0x11b/0x2000
[  870.590885][T19657]  ? __pfx_rtnl_newlink+0x10/0x10
[  870.590901][T19657]  rtnl_newlink+0x11b/0x2000
[  870.590922][T19657]  ? __pfx_rtnl_newlink+0x10/0x10
[  870.590940][T19657]  ? kasan_quarantine_put+0x10a/0x240
[  870.590952][T19657]  ? lockdep_hardirqs_on+0x7c/0x110
[  870.590966][T19657]  ? kfree_skbmem+0x1a4/0x1f0
[  870.590980][T19657]  ? __lock_acquire+0x622/0x1c90
[  870.590994][T19657]  ? rcu_is_watching+0x12/0xc0
[  870.591012][T19657]  ? trace_cap_capable+0x18d/0x200
[  870.591029][T19657]  ? find_held_lock+0x2b/0x80
[  870.591045][T19657]  ? __pfx_rtnl_newlink+0x10/0x10
[  870.591061][T19657]  ? __pfx_rtnl_newlink+0x10/0x10
[  870.591077][T19657]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  870.591094][T19657]  ? __pfx_rtnl_newlink+0x10/0x10
[  870.591111][T19657]  rtnetlink_rcv_msg+0x95e/0xe90
[  870.591129][T19657]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  870.591152][T19657]  netlink_rcv_skb+0x16d/0x440
[  870.591171][T19657]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  870.591189][T19657]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  870.591213][T19657]  ? netlink_deliver_tap+0x1ae/0xd30
[  870.591232][T19657]  netlink_unicast+0x53a/0x7f0
[  870.591256][T19657]  ? __pfx_netlink_unicast+0x10/0x10
[  870.591277][T19657]  netlink_sendmsg+0x8d1/0xdd0
[  870.591296][T19657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  870.591315][T19657]  ? __import_iovec+0x1dd/0x650
[  870.591331][T19657]  ____sys_sendmsg+0xa95/0xc70
[  870.591345][T19657]  ? __pfx_____sys_sendmsg+0x10/0x10
[  870.591356][T19657]  ? get_compat_msghdr+0x11a/0x170
[  870.591378][T19657]  ___sys_sendmsg+0x134/0x1d0
[  870.591395][T19657]  ? __pfx____sys_sendmsg+0x10/0x10
[  870.591425][T19657]  ? find_held_lock+0x2b/0x80
[  870.591455][T19657]  __sys_sendmsg+0x16d/0x220
[  870.591471][T19657]  ? __pfx___sys_sendmsg+0x10/0x10
[  870.591493][T19657]  ? rcu_is_watching+0x12/0xc0
[  870.591513][T19657]  __do_fast_syscall_32+0x7c/0x3a0
[  870.591527][T19657]  do_fast_syscall_32+0x32/0x80
[  870.591539][T19657]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  870.591553][T19657] RIP: 0023:0xf7f78579
[  870.591562][T19657] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  870.591574][T19657] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  870.591585][T19657] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  870.591592][T19657] RDX: 000000000000c850 RSI: 0000000000000000 RDI: 0000000000000000
[  870.591599][T19657] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  870.591605][T19657] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  870.591612][T19657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  870.591625][T19657]  </TASK>
[  870.790725][T14686] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  870.795506][T14686] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  870.799273][T14686] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  870.802213][T14686] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  870.818256][T19644] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  870.834258][T14686] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  870.952691][T19662] usb usb8: usbfs: process 19662 (syz.1.3489) did not claim interface 0 before use
[  871.106339][ T5980] usb 8-1: USB disconnect, device number 4
[  871.356492][T19670] sp0: Synchronizing with TNC
[  871.377106][T19670] sp0: Found TNC
[  871.422908][T19673] netlink: 'syz.1.3492': attribute type 1 has an invalid length.
[  871.450059][T19673] 8021q: adding VLAN 0 to HW filter on device bond2
[  871.508490][T19673] bond2: (slave gretap1): making interface the new active one
[  871.514005][T19673] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  871.652638][   T40] audit: type=1804 audit(2000000267.529:1742): pid=19677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3494" name="/newroot/253/file0" dev="tmpfs" ino=1327 res=1 errno=0
[  871.653679][T19677] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1
[  871.664125][T19677] ref_ctr increment failed for inode: 0x52f offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804503a040
[  871.772054][ T5943] Bluetooth: hci0: Malformed Event: 0x2f
[  871.975379][T19686] syzkaller0: entered promiscuous mode
[  871.978745][T19686] syzkaller0: entered allmulticast mode
[  872.028165][T19691] netlink: 'syz.1.3499': attribute type 1 has an invalid length.
[  873.088610][T19691] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  873.191093][   T40] audit: type=1800 audit(2000000269.069:1743): pid=19709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3505" name="bus" dev="overlay" ino=2 res=0 errno=0
[  874.214608][T19731] netlink: 'syz.1.3512': attribute type 10 has an invalid length.
[  874.243582][T19731] team0: Port device dummy0 added
[  874.250431][T19731] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3512'.
[  874.269857][T19734] ref_ctr going negative. vaddr: 0x80ffc002, curr val: -29824, delta: 1
[  874.282462][   T40] audit: type=1804 audit(2000000270.149:1744): pid=19734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3513" name="/newroot/283/file0" dev="tmpfs" ino=1505 res=1 errno=0
[  874.292998][T19734] ref_ctr increment failed for inode: 0x5e1 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88802762a040
[  874.350778][T19745] FAULT_INJECTION: forcing a failure.
[  874.350778][T19745] name failslab, interval 1, probability 0, space 0, times 0
[  874.360204][T19745] CPU: 3 UID: 0 PID: 19745 Comm: syz.2.3514 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  874.360222][T19745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  874.360229][T19745] Call Trace:
[  874.360234][T19745]  <TASK>
[  874.360239][T19745]  dump_stack_lvl+0x16c/0x1f0
[  874.360256][T19745]  should_fail_ex+0x512/0x640
[  874.360269][T19745]  ? __kmalloc_noprof+0xbf/0x510
[  874.360284][T19745]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  874.360298][T19745]  should_failslab+0xc2/0x120
[  874.360313][T19745]  __kmalloc_noprof+0xd2/0x510
[  874.360325][T19745]  ? kasan_quarantine_put+0x10a/0x240
[  874.360340][T19745]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  874.360356][T19745]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  874.360369][T19745]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  874.360380][T19745]  ? rcu_is_watching+0x12/0xc0
[  874.360402][T19745]  ? bpf_lsm_capable+0x9/0x10
[  874.360414][T19745]  ? security_capable+0x7e/0x260
[  874.360430][T19745]  genl_rcv_msg+0x55c/0x800
[  874.360444][T19745]  ? __pfx_genl_rcv_msg+0x10/0x10
[  874.360455][T19745]  ? __pfx___dev_queue_xmit+0x10/0x10
[  874.360469][T19745]  ? __pfx_ila_xlat_nl_cmd_del_mapping+0x10/0x10
[  874.360489][T19745]  ? __lock_acquire+0xb8a/0x1c90
[  874.360505][T19745]  netlink_rcv_skb+0x16d/0x440
[  874.360522][T19745]  ? __pfx_genl_rcv_msg+0x10/0x10
[  874.360535][T19745]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  874.360559][T19745]  ? __pfx_down_read+0x10/0x10
[  874.360573][T19745]  ? netlink_deliver_tap+0x1ae/0xd30
[  874.360591][T19745]  genl_rcv+0x28/0x40
[  874.360601][T19745]  netlink_unicast+0x53a/0x7f0
[  874.360620][T19745]  ? __pfx_netlink_unicast+0x10/0x10
[  874.360642][T19745]  netlink_sendmsg+0x8d1/0xdd0
[  874.360661][T19745]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.360680][T19745]  ? __import_iovec+0x1dd/0x650
[  874.360697][T19745]  ____sys_sendmsg+0xa95/0xc70
[  874.360708][T19745]  ? gfs2_glock_seq_next+0x90/0x160
[  874.360723][T19745]  ? __pfx_____sys_sendmsg+0x10/0x10
[  874.360734][T19745]  ? get_compat_msghdr+0x11a/0x170
[  874.360757][T19745]  ___sys_sendmsg+0x134/0x1d0
[  874.360774][T19745]  ? __pfx____sys_sendmsg+0x10/0x10
[  874.360797][T19745]  ? find_held_lock+0x2b/0x80
[  874.360822][T19745]  __sys_sendmsg+0x16d/0x220
[  874.360839][T19745]  ? __pfx___sys_sendmsg+0x10/0x10
[  874.360861][T19745]  ? rcu_is_watching+0x12/0xc0
[  874.360880][T19745]  __do_fast_syscall_32+0x7c/0x3a0
[  874.360894][T19745]  do_fast_syscall_32+0x32/0x80
[  874.360906][T19745]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  874.360921][T19745] RIP: 0023:0xf709e579
[  874.360930][T19745] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  874.360942][T19745] RSP: 002b:00000000f506d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  874.360953][T19745] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000080000140
[  874.360960][T19745] RDX: 0000000004000010 RSI: 0000000000000000 RDI: 0000000000000000
[  874.360967][T19745] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  874.360973][T19745] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  874.360980][T19745] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  874.360994][T19745]  </TASK>
[  874.750799][    C3] vcan0: j1939_tp_rxtimer: 0xffff8880133f9000: rx timeout, send abort
[  875.284938][    C3] vcan0: j1939_tp_rxtimer: 0xffff8880235e8400: rx timeout, send abort
[  875.288541][    C3] vcan0: j1939_tp_rxtimer: 0xffff8880133f9000: abort rx timeout. Force session deactivation
[  875.972373][    C3] vcan0: j1939_tp_rxtimer: 0xffff8880235e8400: abort rx timeout. Force session deactivation
[  877.170633][T19770] tipc: Started in network mode
[  877.172270][T19770] tipc: Node identity 0e2c5dfc5eda, cluster identity 4711
[  877.174858][T19770] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  877.178979][T19770] syzkaller0: entered promiscuous mode
[  877.181311][T19770] syzkaller0: entered allmulticast mode
[  877.190931][T19770] tipc: Resetting bearer <eth:syzkaller0>
[  877.201495][T19768] tipc: Resetting bearer <eth:syzkaller0>
[  877.204466][T19773] FAULT_INJECTION: forcing a failure.
[  877.204466][T19773] name failslab, interval 1, probability 0, space 0, times 0
[  877.212140][T19773] CPU: 2 UID: 0 PID: 19773 Comm: syz.0.3526 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  877.212167][T19773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  877.212179][T19773] Call Trace:
[  877.212185][T19773]  <TASK>
[  877.212192][T19773]  dump_stack_lvl+0x16c/0x1f0
[  877.212216][T19773]  should_fail_ex+0x512/0x640
[  877.212235][T19773]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  877.212257][T19773]  should_failslab+0xc2/0x120
[  877.212280][T19773]  __kmalloc_cache_noprof+0x6a/0x3e0
[  877.212298][T19773]  ? __inet_diag_dump_start+0x8f/0x7f0
[  877.212328][T19773]  __inet_diag_dump_start+0x8f/0x7f0
[  877.212360][T19773]  __netlink_dump_start+0x60b/0x990
[  877.212391][T19773]  inet_diag_handler_cmd+0x282/0x2e0
[  877.212417][T19773]  ? __pfx_inet_diag_handler_cmd+0x10/0x10
[  877.212448][T19773]  ? __pfx_inet_diag_dump_start+0x10/0x10
[  877.212471][T19773]  ? __pfx_inet_diag_dump+0x10/0x10
[  877.212493][T19773]  ? __pfx_inet_diag_dump_done+0x10/0x10
[  877.212537][T19773]  ? sock_diag_lock_handler+0x10f/0x2e0
[  877.212568][T19773]  sock_diag_rcv_msg+0x437/0x790
[  877.212594][T19773]  netlink_rcv_skb+0x16d/0x440
[  877.212620][T19773]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  877.212645][T19773]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  877.212689][T19773]  ? netlink_deliver_tap+0x1ae/0xd30
[  877.212722][T19773]  netlink_unicast+0x53a/0x7f0
[  877.212752][T19773]  ? __pfx_netlink_unicast+0x10/0x10
[  877.212788][T19773]  netlink_sendmsg+0x8d1/0xdd0
[  877.212821][T19773]  ? __pfx_netlink_sendmsg+0x10/0x10
[  877.212849][T19773]  ? __import_iovec+0x1dd/0x650
[  877.212878][T19773]  ____sys_sendmsg+0xa95/0xc70
[  877.212901][T19773]  ? __pfx_____sys_sendmsg+0x10/0x10
[  877.212919][T19773]  ? get_compat_msghdr+0x11a/0x170
[  877.212972][T19773]  ___sys_sendmsg+0x134/0x1d0
[  877.213000][T19773]  ? __pfx____sys_sendmsg+0x10/0x10
[  877.213040][T19773]  ? find_held_lock+0x2b/0x80
[  877.213088][T19773]  __sys_sendmsg+0x16d/0x220
[  877.213114][T19773]  ? __pfx___sys_sendmsg+0x10/0x10
[  877.213154][T19773]  ? rcu_is_watching+0x12/0xc0
[  877.213183][T19773]  __do_fast_syscall_32+0x7c/0x3a0
[  877.213206][T19773]  do_fast_syscall_32+0x32/0x80
[  877.213225][T19773]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  877.213246][T19773] RIP: 0023:0xf703e579
[  877.213262][T19773] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  877.213279][T19773] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  877.213297][T19773] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  877.213309][T19773] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  877.213320][T19773] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  877.213330][T19773] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  877.213341][T19773] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  877.213365][T19773]  </TASK>
[  877.310331][    C2] hpet: Lost 6 RTC interrupts
[  877.321142][T19768] tipc: Disabling bearer <eth:syzkaller0>
[  878.382202][T19795] random: crng reseeded on system resumption
[  878.393288][T19795] Restarting kernel threads ...
[  878.395209][T19795] Done restarting kernel threads.
[  879.145672][   T40] audit: type=1326 audit(2000000275.029:1745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19813 comm="syz.0.3539" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0
[  879.146080][T19817] FAULT_INJECTION: forcing a failure.
[  879.146080][T19817] name failslab, interval 1, probability 0, space 0, times 0
[  879.159552][T19817] CPU: 1 UID: 0 PID: 19817 Comm: syz.2.3540 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  879.159576][T19817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  879.159587][T19817] Call Trace:
[  879.159593][T19817]  <TASK>
[  879.159600][T19817]  dump_stack_lvl+0x16c/0x1f0
[  879.159622][T19817]  should_fail_ex+0x512/0x640
[  879.159640][T19817]  ? __kmalloc_noprof+0xbf/0x510
[  879.159661][T19817]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  879.159681][T19817]  should_failslab+0xc2/0x120
[  879.159702][T19817]  __kmalloc_noprof+0xd2/0x510
[  879.159721][T19817]  ? kasan_quarantine_put+0x10a/0x240
[  879.159743][T19817]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  879.159768][T19817]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  879.159787][T19817]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  879.159804][T19817]  ? trace_cap_capable+0x18d/0x200
[  879.159831][T19817]  ? bpf_lsm_capable+0x9/0x10
[  879.159847][T19817]  ? security_capable+0x7e/0x260
[  879.159868][T19817]  ? ns_capable+0xd7/0x110
[  879.159926][T19817]  genl_rcv_msg+0x55c/0x800
[  879.159946][T19817]  ? __pfx_genl_rcv_msg+0x10/0x10
[  879.159962][T19817]  ? __pfx___dev_queue_xmit+0x10/0x10
[  879.159981][T19817]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  879.159998][T19817]  ? __pfx_nl80211_channel_switch+0x10/0x10
[  879.160020][T19817]  ? __pfx_nl80211_post_doit+0x10/0x10
[  879.160039][T19817]  ? __lock_acquire+0xb8a/0x1c90
[  879.160062][T19817]  netlink_rcv_skb+0x16d/0x440
[  879.160086][T19817]  ? __pfx_genl_rcv_msg+0x10/0x10
[  879.160104][T19817]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  879.160141][T19817]  ? __pfx_down_read+0x10/0x10
[  879.160161][T19817]  ? netlink_deliver_tap+0x1ae/0xd30
[  879.160197][T19817]  genl_rcv+0x28/0x40
[  879.160212][T19817]  netlink_unicast+0x53a/0x7f0
[  879.160239][T19817]  ? __pfx_netlink_unicast+0x10/0x10
[  879.160272][T19817]  netlink_sendmsg+0x8d1/0xdd0
[  879.160302][T19817]  ? __pfx_netlink_sendmsg+0x10/0x10
[  879.160329][T19817]  ? __import_iovec+0x1dd/0x650
[  879.160356][T19817]  ____sys_sendmsg+0xa95/0xc70
[  879.160378][T19817]  ? __pfx_____sys_sendmsg+0x10/0x10
[  879.160394][T19817]  ? get_compat_msghdr+0x11a/0x170
[  879.160429][T19817]  ___sys_sendmsg+0x134/0x1d0
[  879.160456][T19817]  ? __pfx____sys_sendmsg+0x10/0x10
[  879.160493][T19817]  ? find_held_lock+0x2b/0x80
[  879.160536][T19817]  __sys_sendmsg+0x16d/0x220
[  879.160559][T19817]  ? __pfx___sys_sendmsg+0x10/0x10
[  879.160595][T19817]  ? rcu_is_watching+0x12/0xc0
[  879.160624][T19817]  __do_fast_syscall_32+0x7c/0x3a0
[  879.160645][T19817]  do_fast_syscall_32+0x32/0x80
[  879.160663][T19817]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  879.160687][T19817] RIP: 0023:0xf709e579
[  879.160701][T19817] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  879.160718][T19817] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  879.160735][T19817] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  879.160747][T19817] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  879.160757][T19817] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  879.160767][T19817] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  879.160777][T19817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  879.160800][T19817]  </TASK>
[  879.346819][T19822] net_ratelimit: 312 callbacks suppressed
[  879.346832][T19822] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  880.637099][T19855] syzkaller0: entered promiscuous mode
[  880.639293][T19855] syzkaller0: entered allmulticast mode
[  880.899693][T19857] random: crng reseeded on system resumption
[  880.907626][T19857] Restarting kernel threads ...
[  880.909541][T19857] Done restarting kernel threads.
[  882.256807][   T40] audit: type=1326 audit(2000000278.139:1746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19878 comm="syz.1.3559" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f78579 code=0x0
[  883.144489][T19889] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  883.148002][T19889] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  883.155957][T19889] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  883.158514][T19889] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  883.162308][T19889] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  883.165329][T19889] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  883.169060][T19889] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  883.171986][T19889] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  884.842695][T14723] Bluetooth: hci4: command 0x0406 tx timeout
[  885.162884][T14723] Bluetooth: hci2: command 0x0406 tx timeout
[  885.162977][ T5943] Bluetooth: hci0: command 0x0c1a tx timeout
[  885.167374][T19889] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  885.173113][T19912] random: crng reseeded on system resumption
[  885.242740][ T5943] Bluetooth: hci3: command 0x0406 tx timeout
[  885.953954][T19927] random: crng reseeded on system resumption
[  885.967074][T19927] Restarting kernel threads ...
[  885.975172][T19927] Done restarting kernel threads.
[  886.246922][T19952] syzkaller0: entered promiscuous mode
[  886.249232][T19952] syzkaller0: entered allmulticast mode
[  886.928123][ T5943] Bluetooth: hci4: command 0x0406 tx timeout
[  887.245623][ T5943] Bluetooth: hci0: command 0x0c1a tx timeout
[  887.255078][ T5943] Bluetooth: hci2: command 0x0406 tx timeout
[  887.322759][ T5943] Bluetooth: hci3: command 0x0406 tx timeout
[  887.422697][T19971] random: crng reseeded on system resumption
[  887.436784][T19971] Restarting kernel threads ...
[  887.438805][T19971] Done restarting kernel threads.
[  888.204373][T19975] could not allocate digest TFM handle cryptd(blake2b-160)
[  889.016315][T19999] xt_bpf: check failed: parse error
[  889.322756][ T5943] Bluetooth: hci0: command 0x0c1a tx timeout
[  889.368217][T20004] random: crng reseeded on system resumption
[  889.385310][T20004] Restarting kernel threads ...
[  889.387880][T20004] Done restarting kernel threads.
[  889.666125][T20010] batadv_slave_0: entered promiscuous mode
[  889.669837][T20010] batadv_slave_0: left promiscuous mode
[  889.769492][T20015] syzkaller0: entered promiscuous mode
[  889.771207][T20015] syzkaller0: entered allmulticast mode
[  890.899428][T20026] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3602'.
[  890.920569][T20029] syzkaller0: entered promiscuous mode
[  890.922256][T20029] syzkaller0: entered allmulticast mode
[  892.412499][T20058] syzkaller1: entered promiscuous mode
[  892.414500][T20058] syzkaller1: entered allmulticast mode
[  892.779961][T20064] netlink: 'syz.1.3612': attribute type 4 has an invalid length.
[  892.823920][T20064] netlink: 'syz.1.3612': attribute type 4 has an invalid length.
[  892.941737][T20053] syz.2.3611 (20053): drop_caches: 1
[  892.963683][T20056] syz.2.3611 (20056): drop_caches: 1
[  893.084988][T20053] syz.2.3611 (20053): drop_caches: 1
[  893.264192][T20082] binder: 20078:20082 ioctl 89f6 800000c0 returned -22
[  893.270996][T20077] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.347994][T20077] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.447386][T20077] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.516950][T20077] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  893.612650][ T5973] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  893.615116][T20077] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  893.624168][T20077] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  893.636146][T20077] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  893.649693][T20077] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  893.653788][ T6000] usb 7-1: new low-speed USB device number 9 using dummy_hcd
[  893.765720][ T5973] usb 8-1: Using ep0 maxpacket: 8
[  893.768743][ T5973] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  893.771218][ T5973] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  893.774409][ T5973] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  893.777506][ T5973] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  893.780973][ T5973] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  893.785953][ T5973] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  893.789203][ T5973] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  893.842650][ T6000] usb 7-1: Invalid ep0 maxpacket: 64
[  893.972753][ T6000] usb 7-1: new low-speed USB device number 10 using dummy_hcd
[  893.976704][T20095] FAULT_INJECTION: forcing a failure.
[  893.976704][T20095] name failslab, interval 1, probability 0, space 0, times 0
[  893.982845][T20095] CPU: 3 UID: 0 PID: 20095 Comm: syz.0.3624 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  893.982871][T20095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  893.982882][T20095] Call Trace:
[  893.982889][T20095]  <TASK>
[  893.982896][T20095]  dump_stack_lvl+0x16c/0x1f0
[  893.982942][T20095]  should_fail_ex+0x512/0x640
[  893.982968][T20095]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  893.982995][T20095]  should_failslab+0xc2/0x120
[  893.983017][T20095]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  893.983043][T20095]  ? __pfx___might_resched+0x10/0x10
[  893.983071][T20095]  ? alloc_vmap_area+0x64e/0x28f0
[  893.983102][T20095]  alloc_vmap_area+0x64e/0x28f0
[  893.983139][T20095]  ? __pfx_alloc_vmap_area+0x10/0x10
[  893.983174][T20095]  __get_vm_area_node+0x1ca/0x330
[  893.983206][T20095]  __vmalloc_node_range_noprof+0x277/0x1520
[  893.983236][T20095]  ? vhost_task_create+0x1d2/0x2e0
[  893.983258][T20095]  ? __mod_memcg_lruvec_state+0x527/0x740
[  893.983294][T20095]  ? vhost_task_create+0x1d2/0x2e0
[  893.983325][T20095]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  893.983352][T20095]  ? __memcg_slab_post_alloc_hook+0x500/0x9c0
[  893.983384][T20095]  ? vhost_task_create+0x1d2/0x2e0
[  893.983404][T20095]  __vmalloc_node_noprof+0xad/0xf0
[  893.983430][T20095]  ? vhost_task_create+0x1d2/0x2e0
[  893.983456][T20095]  copy_process+0x2f03/0x9170
[  893.983477][T20095]  ? kasan_save_stack+0x42/0x60
[  893.983493][T20095]  ? kasan_save_stack+0x33/0x60
[  893.983508][T20095]  ? kasan_save_track+0x14/0x30
[  893.983523][T20095]  ? __kasan_kmalloc+0xaa/0xb0
[  893.983539][T20095]  ? vhost_task_create+0xe5/0x2e0
[  893.983559][T20095]  ? kvm_mmu_post_init_vm+0x1b7/0x370
[  893.983579][T20095]  ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0
[  893.983598][T20095]  ? kvm_vcpu_ioctl+0x5e9/0x1680
[  893.983617][T20095]  ? kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  893.983636][T20095]  ? __ia32_compat_sys_ioctl+0x23f/0x370
[  893.983660][T20095]  ? __do_fast_syscall_32+0x7c/0x3a0
[  893.983678][T20095]  ? do_fast_syscall_32+0x32/0x80
[  893.983695][T20095]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  893.983727][T20095]  ? __pfx_copy_process+0x10/0x10
[  893.983793][T20095]  ? lockdep_init_map_type+0x5c/0x280
[  893.983819][T20095]  ? lockdep_init_map_type+0x5c/0x280
[  893.983840][T20095]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  893.983863][T20095]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  893.983891][T20095]  vhost_task_create+0x1d2/0x2e0
[  893.983913][T20095]  ? __pfx_vhost_task_create+0x10/0x10
[  893.983936][T20095]  ? kvm_mmu_post_init_vm+0xb4/0x370
[  893.983965][T20095]  ? __pfx_vhost_task_fn+0x10/0x10
[  893.984000][T20095]  kvm_mmu_post_init_vm+0x1b7/0x370
[  893.984027][T20095]  kvm_arch_vcpu_ioctl_run+0x66/0x18c0
[  893.984046][T20095]  ? kvm_vcpu_ioctl+0x14c2/0x1680
[  893.984070][T20095]  kvm_vcpu_ioctl+0x5e9/0x1680
[  893.984093][T20095]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  893.984114][T20095]  ? tomoyo_path_number_perm+0x18d/0x580
[  893.984144][T20095]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  893.984168][T20095]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  893.984193][T20095]  ? do_vfs_ioctl+0x523/0x1a60
[  893.984218][T20095]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  893.984265][T20095]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  893.984288][T20095]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  893.984308][T20095]  ? __fget_files+0x20e/0x3c0
[  893.984324][T20095]  ? __fput_deferred+0x360/0x370
[  893.984350][T20095]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  893.984371][T20095]  __ia32_compat_sys_ioctl+0x23f/0x370
[  893.984399][T20095]  __do_fast_syscall_32+0x7c/0x3a0
[  893.984423][T20095]  do_fast_syscall_32+0x32/0x80
[  893.984445][T20095]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  893.984467][T20095] RIP: 0023:0xf703e579
[  893.984482][T20095] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  893.984499][T20095] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  893.984517][T20095] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  893.984529][T20095] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  893.984539][T20095] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  893.984550][T20095] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  893.984562][T20095] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  893.984587][T20095]  </TASK>
[  893.984807][T20095] syz.0.3624: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  894.016125][ T5973] usb 8-1: usb_control_msg returned -32
[  894.016496][T20095] ,cpuset=
[  894.018383][ T5973] usbtmc 8-1:16.0: can't read capabilities
[  894.020846][T20095] /
[  894.123226][ T6000] usb 7-1: Invalid ep0 maxpacket: 64
[  894.128361][T20095] ,mems_allowed=0-1
[  894.148736][ T6000] usb usb7-port1: attempt power cycle
[  894.150031][T20095] 
[  894.160567][T20095] CPU: 3 UID: 0 PID: 20095 Comm: syz.0.3624 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  894.160584][T20095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  894.160591][T20095] Call Trace:
[  894.160597][T20095]  <TASK>
[  894.160602][T20095]  dump_stack_lvl+0x16c/0x1f0
[  894.160619][T20095]  warn_alloc+0x248/0x3a0
[  894.160634][T20095]  ? __pfx_warn_alloc+0x10/0x10
[  894.160647][T20095]  ? kfree+0x2b4/0x4d0
[  894.160661][T20095]  ? __get_vm_area_node+0x208/0x330
[  894.160682][T20095]  __vmalloc_node_range_noprof+0xd32/0x1520
[  894.160701][T20095]  ? __mod_memcg_lruvec_state+0x527/0x740
[  894.160724][T20095]  ? vhost_task_create+0x1d2/0x2e0
[  894.160743][T20095]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  894.160761][T20095]  ? __memcg_slab_post_alloc_hook+0x500/0x9c0
[  894.160781][T20095]  ? vhost_task_create+0x1d2/0x2e0
[  894.160795][T20095]  __vmalloc_node_noprof+0xad/0xf0
[  894.160813][T20095]  ? vhost_task_create+0x1d2/0x2e0
[  894.160828][T20095]  copy_process+0x2f03/0x9170
[  894.160841][T20095]  ? kasan_save_stack+0x42/0x60
[  894.160855][T20095]  ? kasan_save_stack+0x33/0x60
[  894.160871][T20095]  ? kasan_save_track+0x14/0x30
[  894.160887][T20095]  ? __kasan_kmalloc+0xaa/0xb0
[  894.160905][T20095]  ? vhost_task_create+0xe5/0x2e0
[  894.160924][T20095]  ? kvm_mmu_post_init_vm+0x1b7/0x370
[  894.160945][T20095]  ? kvm_arch_vcpu_ioctl_run+0x66/0x18c0
[  894.160962][T20095]  ? kvm_vcpu_ioctl+0x5e9/0x1680
[  894.160981][T20095]  ? kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  894.160993][T20095]  ? __ia32_compat_sys_ioctl+0x23f/0x370
[  894.161010][T20095]  ? __do_fast_syscall_32+0x7c/0x3a0
[  894.161026][T20095]  ? do_fast_syscall_32+0x32/0x80
[  894.161037][T20095]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  894.161057][T20095]  ? __pfx_copy_process+0x10/0x10
[  894.161079][T20095]  ? lockdep_init_map_type+0x5c/0x280
[  894.161095][T20095]  ? lockdep_init_map_type+0x5c/0x280
[  894.161108][T20095]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  894.161123][T20095]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  894.161143][T20095]  vhost_task_create+0x1d2/0x2e0
[  894.161158][T20095]  ? __pfx_vhost_task_create+0x10/0x10
[  894.161171][T20095]  ? kvm_mmu_post_init_vm+0xb4/0x370
[  894.161187][T20095]  ? __pfx_vhost_task_fn+0x10/0x10
[  894.161208][T20095]  kvm_mmu_post_init_vm+0x1b7/0x370
[  894.161222][T20095]  kvm_arch_vcpu_ioctl_run+0x66/0x18c0
[  894.161234][T20095]  ? kvm_vcpu_ioctl+0x14c2/0x1680
[  894.161249][T20095]  kvm_vcpu_ioctl+0x5e9/0x1680
[  894.161262][T20095]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  894.161276][T20095]  ? tomoyo_path_number_perm+0x18d/0x580
[  894.161294][T20095]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  894.161310][T20095]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  894.161327][T20095]  ? do_vfs_ioctl+0x523/0x1a60
[  894.161342][T20095]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  894.161371][T20095]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  894.161384][T20095]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  894.161396][T20095]  ? __fget_files+0x20e/0x3c0
[  894.161406][T20095]  ? __fput_deferred+0x360/0x370
[  894.161424][T20095]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  894.161437][T20095]  __ia32_compat_sys_ioctl+0x23f/0x370
[  894.161455][T20095]  __do_fast_syscall_32+0x7c/0x3a0
[  894.161469][T20095]  do_fast_syscall_32+0x32/0x80
[  894.161481][T20095]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  894.161495][T20095] RIP: 0023:0xf703e579
[  894.161505][T20095] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  894.161516][T20095] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  894.161528][T20095] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  894.161536][T20095] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  894.161542][T20095] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  894.161549][T20095] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  894.161555][T20095] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  894.161569][T20095]  </TASK>
[  894.161574][T20095] Mem-Info:
[  894.298690][T20095] active_anon:24037 inactive_anon:39 isolated_anon:0
[  894.298690][T20095]  active_file:907 inactive_file:3590 isolated_file:0
[  894.298690][T20095]  unevictable:2280 dirty:270 writeback:50
[  894.298690][T20095]  slab_reclaimable:10099 slab_unreclaimable:56602
[  894.298690][T20095]  mapped:24893 shmem:21250 pagetables:726
[  894.298690][T20095]  sec_pagetables:324 bounce:0
[  894.298690][T20095]  kernel_misc_reclaimable:0
[  894.298690][T20095]  free:83446 free_pcp:1155 free_cma:0
[  894.315596][T20095] Node 0 active_anon:2880kB inactive_anon:0kB active_file:76kB inactive_file:6780kB unevictable:5584kB isolated(anon):0kB isolated(file):0kB mapped:6728kB dirty:20kB writeback:0kB shmem:3828kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:7772kB pagetables:1048kB sec_pagetables:1152kB all_unreclaimable? yes Balloon:0kB
[  894.327365][T20095] Node 1 active_anon:93332kB inactive_anon:156kB active_file:3552kB inactive_file:7580kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:92816kB dirty:968kB writeback:0kB shmem:81172kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4084kB pagetables:1836kB sec_pagetables:144kB all_unreclaimable? no Balloon:0kB
[  894.339392][T20095] Node 0 DMA free:2724kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:304kB local_pcp:68kB free_cma:0kB
[  894.348222][T20095] lowmem_reserve[]: 0 290 290 290 290
[  894.350773][T20095] Node 0 DMA32 free:27984kB boost:10240kB min:23572kB low:26904kB high:30236kB reserved_highatomic:4096KB active_anon:2848kB inactive_anon:0kB active_file:76kB inactive_file:6780kB unevictable:5584kB writepending:0kB present:1032196kB managed:297400kB mlocked:2048kB bounce:0kB free_pcp:4256kB local_pcp:756kB free_cma:0kB
[  894.360427][T20095] lowmem_reserve[]: 0 0 0 0 0
[  894.362042][T20095] Node 1 DMA32 free:300196kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:0KB active_anon:93332kB inactive_anon:156kB active_file:3552kB inactive_file:7580kB unevictable:3536kB writepending:968kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:2736kB local_pcp:812kB free_cma:0kB
[  894.371355][T20095] lowmem_reserve[]: 0 0 0 0 0
[  894.373645][T20095] Node 0 DMA: 45*4kB (U) 26*8kB (UE) 12*16kB (U) 9*32kB (U) 1*64kB (E) 2*128kB (UE) 2*256kB (UE) 0*512kB 1*1024kB (E) 0*2048kB 0*4096kB = 2724kB
[  894.378769][T20095] Node 0 DMA32: 708*4kB (UMEH) 408*8kB (UMH) 68*16kB (UMEH) 44*32kB (UMH) 89*64kB (UMEH) 25*128kB (UME) 13*256kB (UME) 6*512kB (UM) 2*1024kB (UM) 1*2048kB (M) 0*4096kB = 27984kB
[  894.384536][T20095] Node 1 DMA32: 1475*4kB (UME) 1781*8kB (UME) 1178*16kB (UME) 1149*32kB (UME) 627*64kB (UME) 95*128kB (UME) 21*256kB (UM) 14*512kB (UME) 16*1024kB (UME) 8*2048kB (UM) 31*4096kB (UM) = 300340kB
[  894.390559][T20095] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  894.393626][T20095] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  894.393763][T20101] syzkaller1: entered promiscuous mode
[  894.396586][T20095] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  894.398854][T20101] syzkaller1: entered allmulticast mode
[  894.401885][T20095] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  894.408386][T20095] 25743 total pagecache pages
[  894.409888][T20095] 0 pages in swap cache
[  894.411222][T20095] Free swap  = 124996kB
[  894.412638][T20095] Total swap = 124996kB
[  894.413954][T20095] 524155 pages RAM
[  894.415146][T20095] 0 pages HighMem/MovableOnly
[  894.416644][T20095] 208894 pages reserved
[  894.417972][T20095] 0 pages cma reserved
[  894.503700][ T6000] usb 7-1: new low-speed USB device number 11 using dummy_hcd
[  894.523968][ T6000] usb 7-1: Invalid ep0 maxpacket: 64
[  894.652655][ T6000] usb 7-1: new low-speed USB device number 12 using dummy_hcd
[  894.673382][ T6000] usb 7-1: Invalid ep0 maxpacket: 64
[  894.800666][ T6000] usb usb7-port1: unable to enumerate USB device
[  896.280057][T20108] syzkaller1: entered promiscuous mode
[  896.282397][T20108] syzkaller1: entered allmulticast mode
[  896.393467][ T6002] usb 8-1: USB disconnect, device number 5
[  897.066713][T20113] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  897.068963][T20113] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  897.071149][T20113] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  897.073421][T20113] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  898.762882][T14723] Bluetooth: hci4: command 0x0406 tx timeout
[  899.172678][T20113] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  899.177516][T14723] Bluetooth: hci3: command 0x0406 tx timeout
[  899.180004][ T5943] Bluetooth: hci2: command 0x0406 tx timeout
[  899.181142][T20138] Bluetooth: hci0: command 0x0c1a tx timeout
[  899.264248][T20137] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  899.294046][T20142] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  899.437818][T20142] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  899.450529][T20152] block nbd2: NBD_DISCONNECT
[  899.459130][T20137] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  899.488302][T20151] block nbd2: Disconnected due to user request.
[  899.490481][T20151] block nbd2: shutting down sockets
[  899.507754][T20142] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  899.561114][T20137] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  899.619769][T20142] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  899.675921][T20137] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  899.757382][T20142] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  899.768575][T20142] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  899.778958][T20142] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  899.791122][T20142] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  899.841799][T20137] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  899.861163][T20137] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  899.878129][T20137] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  899.898261][T20137] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  901.042720][    C2] hpet: Lost 1 RTC interrupts
[  901.092708][    C2] hpet: Lost 1 RTC interrupts
[  901.134827][    C2] hpet: Lost 1 RTC interrupts
[  901.172811][    C2] hpet: Lost 1 RTC interrupts
[  901.201840][    C2] hpet: Lost 1 RTC interrupts
[  901.242795][T20139] Bluetooth: hci0: command 0x0c1a tx timeout
[  901.392262][    C2] hpet: Lost 1 RTC interrupts
[  903.161596][T20190] FAULT_INJECTION: forcing a failure.
[  903.161596][T20190] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  903.167103][T20190] CPU: 2 UID: 0 PID: 20190 Comm: syz.1.3647 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  903.167130][T20190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  903.167143][T20190] Call Trace:
[  903.167150][T20190]  <TASK>
[  903.167159][T20190]  dump_stack_lvl+0x16c/0x1f0
[  903.167185][T20190]  should_fail_ex+0x512/0x640
[  903.167210][T20190]  _copy_from_user+0x2e/0xd0
[  903.167234][T20190]  kstrtouint_from_user+0xd6/0x1d0
[  903.167261][T20190]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  903.167288][T20190]  ? __lock_acquire+0xb8a/0x1c90
[  903.167323][T20190]  proc_fail_nth_write+0x83/0x250
[  903.167353][T20190]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  903.167390][T20190]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  903.167416][T20190]  vfs_write+0x2a0/0x1150
[  903.167442][T20190]  ? __pfx_vfs_write+0x10/0x10
[  903.167459][T20190]  ? find_held_lock+0x2b/0x80
[  903.167494][T20190]  ? __fget_files+0x20e/0x3c0
[  903.167522][T20190]  ksys_write+0x12a/0x250
[  903.167541][T20190]  ? __pfx_ksys_write+0x10/0x10
[  903.167562][T20190]  ? rcu_is_watching+0x12/0xc0
[  903.167594][T20190]  __do_fast_syscall_32+0x7c/0x3a0
[  903.167618][T20190]  do_fast_syscall_32+0x32/0x80
[  903.167638][T20190]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  903.167688][T20190] RIP: 0023:0xf7f78579
[  903.167705][T20190] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  903.167724][T20190] RSP: 002b:00000000f5096590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  903.167744][T20190] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5096620
[  903.167757][T20190] RDX: 0000000000000001 RSI: 00000000f7402ff4 RDI: 0000000000000000
[  903.167769][T20190] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  903.167780][T20190] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  903.167792][T20190] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  903.167818][T20190]  </TASK>
[  903.251985][    C2] hpet: Lost 4 RTC interrupts
[  903.263023][T20183] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  903.266490][T20183] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  903.268893][T20183] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  903.271825][T20183] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  903.340128][T20194] syzkaller1: entered promiscuous mode
[  903.342057][T20194] syzkaller1: entered allmulticast mode
[  903.512641][   T59] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  903.662868][   T59] usb 7-1: Using ep0 maxpacket: 16
[  903.672483][   T59] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  903.677847][   T59] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  903.683931][   T59] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  903.689504][   T59] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  903.693354][   T59] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.700886][   T59] usb 7-1: config 0 descriptor??
[  904.113999][   T59] usbhid 7-1:0.0: can't add hid device: -71
[  904.117989][   T59] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  904.127762][   T59] usb 7-1: USB disconnect, device number 13
[  905.322698][T20183] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  905.322840][T20138] Bluetooth: hci3: command 0x0406 tx timeout
[  905.323844][T20139] Bluetooth: hci2: command 0x0406 tx timeout
[  905.323912][T20139] Bluetooth: hci0: command 0x0c1a tx timeout
[  905.323932][T20139] Bluetooth: hci4: command 0x0406 tx timeout
[  906.996032][T20221] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3656'.
[  907.021690][T20223] syzkaller1: entered promiscuous mode
[  907.023983][T20223] syzkaller1: entered allmulticast mode
[  907.041980][T20224] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3657'.
[  907.293060][T20227] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.357797][T20227] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.412818][T20138] Bluetooth: hci0: command 0x0c1a tx timeout
[  907.419895][T20227] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.476700][T20227] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  907.609046][T20227] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  907.617626][T20227] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  907.627030][T20227] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  907.636170][T20227] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  908.320961][T20251] program syz.0.3667 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  908.326469][T20251] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3667'.
[  908.458412][T20256] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3668'.
[  908.558306][T20259] FAULT_INJECTION: forcing a failure.
[  908.558306][T20259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  908.564380][T20259] CPU: 2 UID: 0 PID: 20259 Comm: syz.3.3669 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  908.564420][T20259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  908.564432][T20259] Call Trace:
[  908.564439][T20259]  <TASK>
[  908.564447][T20259]  dump_stack_lvl+0x16c/0x1f0
[  908.564472][T20259]  should_fail_ex+0x512/0x640
[  908.564495][T20259]  _copy_to_user+0x32/0xd0
[  908.564520][T20259]  simple_read_from_buffer+0xcb/0x170
[  908.564552][T20259]  proc_fail_nth_read+0x197/0x270
[  908.564579][T20259]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  908.564608][T20259]  ? rw_verify_area+0xcf/0x680
[  908.564635][T20259]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  908.564662][T20259]  vfs_read+0x1e1/0xc60
[  908.564681][T20259]  ? fdget_pos+0x2a2/0x370
[  908.564702][T20259]  ? __pfx_vfs_read+0x10/0x10
[  908.564718][T20259]  ? find_held_lock+0x2b/0x80
[  908.564752][T20259]  ? __fget_files+0x20e/0x3c0
[  908.564777][T20259]  ksys_read+0x12a/0x250
[  908.564796][T20259]  ? __pfx_ksys_read+0x10/0x10
[  908.564816][T20259]  ? rcu_is_watching+0x12/0xc0
[  908.564846][T20259]  __do_fast_syscall_32+0x7c/0x3a0
[  908.564868][T20259]  do_fast_syscall_32+0x32/0x80
[  908.564887][T20259]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  908.564910][T20259] RIP: 0023:0xf7fb6579
[  908.564925][T20259] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  908.564942][T20259] RSP: 002b:00000000f50d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  908.564959][T20259] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50d6620
[  908.564971][T20259] RDX: 000000000000000f RSI: 00000000f7442ff4 RDI: 0000000000000000
[  908.564982][T20259] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  908.564993][T20259] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  908.565003][T20259] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  908.565028][T20259]  </TASK>
[  908.650469][    C2] hpet: Lost 4 RTC interrupts
[  908.801234][    C2] hpet: Lost 1 RTC interrupts
[  909.020886][T20263] syzkaller1: entered promiscuous mode
[  909.023185][T20263] syzkaller1: entered allmulticast mode
[  909.307233][T20276] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.336850][T20277] random: crng reseeded on system resumption
[  909.341509][T20277] Restarting kernel threads ...
[  909.343420][T20277] Done restarting kernel threads.
[  909.368469][T20276] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.430435][T20276] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.526445][T20276] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.602141][T20276] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  909.620905][T20276] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  909.640047][T20276] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  909.648725][T20276] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  909.737663][T20281] syzkaller0: entered promiscuous mode
[  909.739442][T20281] syzkaller0: entered allmulticast mode
[  909.747177][T20281] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3676'.
[  911.699235][T20305] syzkaller1: entered promiscuous mode
[  911.702638][T20305] syzkaller1: entered allmulticast mode
[  912.184407][T20311] FAULT_INJECTION: forcing a failure.
[  912.184407][T20311] name failslab, interval 1, probability 0, space 0, times 0
[  912.189581][T20311] CPU: 3 UID: 0 PID: 20311 Comm: syz.2.3682 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  912.189608][T20311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  912.189619][T20311] Call Trace:
[  912.189627][T20311]  <TASK>
[  912.189634][T20311]  dump_stack_lvl+0x16c/0x1f0
[  912.189658][T20311]  should_fail_ex+0x512/0x640
[  912.189676][T20311]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  912.189701][T20311]  should_failslab+0xc2/0x120
[  912.189724][T20311]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  912.189745][T20311]  ? __alloc_skb+0x2b2/0x380
[  912.189773][T20311]  __alloc_skb+0x2b2/0x380
[  912.189802][T20311]  ? __pfx___alloc_skb+0x10/0x10
[  912.189829][T20311]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  912.189860][T20311]  netlink_alloc_large_skb+0x69/0x130
[  912.189888][T20311]  netlink_sendmsg+0x6a1/0xdd0
[  912.189920][T20311]  ? __pfx_netlink_sendmsg+0x10/0x10
[  912.189947][T20311]  ? __import_iovec+0x1dd/0x650
[  912.189974][T20311]  ____sys_sendmsg+0xa95/0xc70
[  912.189996][T20311]  ? __pfx_____sys_sendmsg+0x10/0x10
[  912.190013][T20311]  ? get_compat_msghdr+0x11a/0x170
[  912.190047][T20311]  ___sys_sendmsg+0x134/0x1d0
[  912.190074][T20311]  ? __pfx____sys_sendmsg+0x10/0x10
[  912.190109][T20311]  ? find_held_lock+0x2b/0x80
[  912.190151][T20311]  __sys_sendmsg+0x16d/0x220
[  912.190175][T20311]  ? __pfx___sys_sendmsg+0x10/0x10
[  912.190210][T20311]  ? rcu_is_watching+0x12/0xc0
[  912.190239][T20311]  __do_fast_syscall_32+0x7c/0x3a0
[  912.190259][T20311]  do_fast_syscall_32+0x32/0x80
[  912.190279][T20311]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  912.190299][T20311] RIP: 0023:0xf709e579
[  912.190313][T20311] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  912.190329][T20311] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  912.190348][T20311] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  912.190359][T20311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  912.190369][T20311] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  912.190379][T20311] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  912.190390][T20311] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  912.190413][T20311]  </TASK>
[  912.340080][T20318] syzkaller1: entered promiscuous mode
[  912.342309][T20318] syzkaller1: entered allmulticast mode
[  913.331356][T20327] random: crng reseeded on system resumption
[  913.342077][T20327] Restarting kernel threads ...
[  913.345295][T20327] Done restarting kernel threads.
[  913.432690][T11264] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  913.586146][T11264] usb 6-1: config 1 interface 0 has no altsetting 0
[  913.592708][T11264] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  913.597599][T11264] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  913.600189][T11264] usb 6-1: Product: syz
[  913.601555][T11264] usb 6-1: Manufacturer: syz
[  913.604545][T11264] usb 6-1: SerialNumber: syz
[  914.347541][T11264] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  914.372494][T11264] usb 6-1: USB disconnect, device number 3
[  914.403855][T11264] usblp0: removed
[  914.409523][T20334] 9pnet_fd: Insufficient options for proto=fd
[  914.453109][T20336] syzkaller1: entered promiscuous mode
[  914.454862][T20336] syzkaller1: entered allmulticast mode
[  914.662446][T20342] syzkaller1: entered promiscuous mode
[  914.664895][T20342] syzkaller1: entered allmulticast mode
[  914.730230][T20345] syzkaller1: entered promiscuous mode
[  914.732320][T20345] syzkaller1: entered allmulticast mode
[  914.909592][T20351] (syz.1.3695,20351,2):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  914.912911][T20351] (syz.1.3695,20351,2):ocfs2_fill_super:1177 ERROR: status = -22
[  915.591163][T20357] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3698'.
[  916.153434][T20363] ptm ptm8: ldisc open failed (-12), clearing slot 8
[  916.457847][T20369] x_tables: ip_tables: ah match: only valid for protocol 51
[  917.189578][T20375] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3702'.
[  917.206293][T20375] bond3: entered promiscuous mode
[  917.208328][T20375] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  917.212385][T20375] bond3: left promiscuous mode
[  917.322671][ T6002] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  917.492633][ T6002] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  917.495476][ T6002] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  917.498678][ T6002] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  917.501635][ T6002] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  917.512692][ T6002] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  917.518135][ T6002] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  917.521161][ T6002] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  917.530227][ T6002] usb 7-1: Product: syz
[  917.531551][ T6002] usb 7-1: Manufacturer: syz
[  917.563198][ T6002] cdc_wdm 7-1:1.0: skipping garbage
[  917.564906][ T6002] cdc_wdm 7-1:1.0: skipping garbage
[  917.568037][ T6002] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  917.570291][ T6002] cdc_wdm 7-1:1.0: Unknown control protocol
[  917.803173][T20379] syzkaller1: entered promiscuous mode
[  917.804971][T20379] syzkaller1: entered allmulticast mode
[  917.977390][   T68] usb 7-1: USB disconnect, device number 14
[  918.199858][T20393] syzkaller1: entered promiscuous mode
[  918.201635][T20393] syzkaller1: entered allmulticast mode
[  918.499766][T20401] netlink: 'syz.3.3709': attribute type 4 has an invalid length.
[  918.517967][T20401] netlink: 'syz.3.3709': attribute type 4 has an invalid length.
[  918.535127][   T29] lo speed is unknown, defaulting to 1000
[  918.539829][   T29] lo speed is unknown, defaulting to 1000
[  918.567216][T14686] libceph: connect (1)[c::]:6789 error -101
[  918.569231][T14686] libceph: mon0 (1)[c::]:6789 connect error
[  918.708007][T20403] ceph: No mds server is up or the cluster is laggy
[  919.226629][T20419] syzkaller1: entered promiscuous mode
[  919.228331][T20417] random: crng reseeded on system resumption
[  919.228391][T20419] syzkaller1: entered allmulticast mode
[  919.236098][T20417] Restarting kernel threads ...
[  919.238049][T20417] Done restarting kernel threads.
[  919.903116][T20435] binder: BINDER_SET_CONTEXT_MGR already set
[  919.906277][T20435] binder: 20426:20435 ioctl 4018620d 80000040 returned -16
[  920.419711][T20430] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  920.422332][T20430] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  920.424566][T20430] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  920.427316][T20430] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  920.461001][T20430] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  920.500695][T20444] FAULT_INJECTION: forcing a failure.
[  920.500695][T20444] name failslab, interval 1, probability 0, space 0, times 0
[  920.506041][T20444] CPU: 2 UID: 0 PID: 20444 Comm: syz.2.3720 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  920.506059][T20444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  920.506067][T20444] Call Trace:
[  920.506071][T20444]  <TASK>
[  920.506076][T20444]  dump_stack_lvl+0x16c/0x1f0
[  920.506092][T20444]  should_fail_ex+0x512/0x640
[  920.506104][T20444]  ? fs_reclaim_acquire+0xae/0x150
[  920.506123][T20444]  ? tomoyo_encode2+0x100/0x3e0
[  920.506140][T20444]  should_failslab+0xc2/0x120
[  920.506155][T20444]  __kmalloc_noprof+0xd2/0x510
[  920.506168][T20444]  ? d_absolute_path+0x136/0x1a0
[  920.506185][T20444]  tomoyo_encode2+0x100/0x3e0
[  920.506205][T20444]  tomoyo_encode+0x29/0x50
[  920.506222][T20444]  tomoyo_realpath_from_path+0x18f/0x6e0
[  920.506237][T20444]  tomoyo_path_number_perm+0x245/0x580
[  920.506252][T20444]  ? tomoyo_path_number_perm+0x237/0x580
[  920.506269][T20444]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  920.506311][T20444]  ? find_held_lock+0x2b/0x80
[  920.506330][T20444]  ? hook_file_ioctl_common+0x145/0x410
[  920.506348][T20444]  ? __fget_files+0x20e/0x3c0
[  920.506358][T20444]  ? __fput_deferred+0x360/0x370
[  920.506375][T20444]  security_file_ioctl_compat+0x9b/0x240
[  920.506393][T20444]  __ia32_compat_sys_ioctl+0xc3/0x370
[  920.506412][T20444]  __do_fast_syscall_32+0x7c/0x3a0
[  920.506427][T20444]  do_fast_syscall_32+0x32/0x80
[  920.506439][T20444]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  920.506453][T20444] RIP: 0023:0xf709e579
[  920.506464][T20444] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  920.506475][T20444] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  920.506487][T20444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c008561c
[  920.506494][T20444] RDX: 0000000080000400 RSI: 0000000000000000 RDI: 0000000000000000
[  920.506501][T20444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  920.506508][T20444] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  920.506514][T20444] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  920.506529][T20444]  </TASK>
[  920.507280][T20444] ERROR: Out of memory at tomoyo_realpath_from_path.
[  920.807696][ T1179] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  920.883334][ T1179] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  920.967871][ T1179] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  921.047836][ T1179] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  921.083224][T14723] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  921.088756][T14723] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  921.093616][T14723] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  921.098039][T14723] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  921.101322][T14723] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  921.168686][T20451] lo speed is unknown, defaulting to 1000
[  921.172026][T20451] lo speed is unknown, defaulting to 1000
[  921.296762][T14723] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  921.300881][T14723] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  921.303834][T14723] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  921.307803][T14723] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  921.310549][T14723] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  921.350504][ T1179] bridge_slave_1: left allmulticast mode
[  921.352972][ T1179] bridge_slave_1: left promiscuous mode
[  921.355384][ T1179] bridge0: port 2(bridge_slave_1) entered disabled state
[  921.373805][ T1179] bridge_slave_0: left allmulticast mode
[  921.375601][ T1179] bridge_slave_0: left promiscuous mode
[  921.377482][ T1179] bridge0: port 1(bridge_slave_0) entered disabled state
[  921.571170][T20459] random: crng reseeded on system resumption
[  921.584774][T20459] Restarting kernel threads ...
[  921.587290][T20459] Done restarting kernel threads.
[  921.768817][ T1179] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  921.773464][ T1179] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  921.777357][ T1179] bond0 (unregistering): Released all slaves
[  921.784608][ T1179] bond1 (unregistering): Released all slaves
[  921.802696][T20138] Bluetooth: hci4: command 0x0406 tx timeout
[  921.909529][ T1179] tipc: Left network mode
[  921.909931][T20456] lo speed is unknown, defaulting to 1000
[  921.915211][T20456] lo speed is unknown, defaulting to 1000
[  921.988444][T20451] chnl_net:caif_netlink_parms(): no params data found
[  922.154661][T20456] chnl_net:caif_netlink_parms(): no params data found
[  922.200141][T20451] bridge0: port 1(bridge_slave_0) entered blocking state
[  922.202563][T20451] bridge0: port 1(bridge_slave_0) entered disabled state
[  922.205003][T20451] bridge_slave_0: entered allmulticast mode
[  922.207740][T20451] bridge_slave_0: entered promiscuous mode
[  922.214330][T20451] bridge0: port 2(bridge_slave_1) entered blocking state
[  922.216635][T20451] bridge0: port 2(bridge_slave_1) entered disabled state
[  922.219113][T20451] bridge_slave_1: entered allmulticast mode
[  922.221899][T20451] bridge_slave_1: entered promiscuous mode
[  922.289115][T20451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  922.301249][ T1179] hsr_slave_0: left promiscuous mode
[  922.303601][ T1179] hsr_slave_1: left promiscuous mode
[  922.305594][ T1179] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  922.308033][ T1179] batman_adv: batadv0: Removing interface: batadv_slave_0
[  922.311059][ T1179] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  922.313928][ T1179] batman_adv: batadv0: Removing interface: batadv_slave_1
[  922.331038][ T1179] veth1_macvtap: left promiscuous mode
[  922.334442][ T1179] veth0_macvtap: left promiscuous mode
[  922.336572][ T1179] veth1_vlan: left promiscuous mode
[  922.338276][ T1179] veth0_vlan: left promiscuous mode
[  922.444704][T20138] Bluetooth: hci2: command 0x0406 tx timeout
[  923.156243][ T1179] team0 (unregistering): Port device team_slave_1 removed
[  923.162893][T20138] Bluetooth: hci0: command tx timeout
[  923.245353][ T1179] team0 (unregistering): Port device team_slave_0 removed
[  923.334560][T20138] Bluetooth: hci1: command tx timeout
[  923.774024][T20484] FAULT_INJECTION: forcing a failure.
[  923.774024][T20484] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  923.778309][T20484] CPU: 3 UID: 0 PID: 20484 Comm: syz.3.3731 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  923.778335][T20484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  923.778345][T20484] Call Trace:
[  923.778353][T20484]  <TASK>
[  923.778360][T20484]  dump_stack_lvl+0x16c/0x1f0
[  923.778389][T20484]  should_fail_ex+0x512/0x640
[  923.778411][T20484]  _copy_to_user+0x32/0xd0
[  923.778432][T20484]  simple_read_from_buffer+0xcb/0x170
[  923.778460][T20484]  proc_fail_nth_read+0x197/0x270
[  923.778486][T20484]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  923.778512][T20484]  ? rw_verify_area+0xcf/0x680
[  923.778539][T20484]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  923.778566][T20484]  vfs_read+0x1e1/0xc60
[  923.778586][T20484]  ? fdget_pos+0x2a2/0x370
[  923.778610][T20484]  ? __pfx_vfs_read+0x10/0x10
[  923.778626][T20484]  ? find_held_lock+0x2b/0x80
[  923.778663][T20484]  ? __fget_files+0x20e/0x3c0
[  923.778689][T20484]  ksys_read+0x12a/0x250
[  923.778708][T20484]  ? __pfx_ksys_read+0x10/0x10
[  923.778730][T20484]  ? rcu_is_watching+0x12/0xc0
[  923.778760][T20484]  __do_fast_syscall_32+0x7c/0x3a0
[  923.778784][T20484]  do_fast_syscall_32+0x32/0x80
[  923.778802][T20484]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  923.778820][T20484] RIP: 0023:0xf7fb6579
[  923.778833][T20484] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  923.778850][T20484] RSP: 002b:00000000f50d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  923.778868][T20484] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f50d6620
[  923.778880][T20484] RDX: 000000000000000f RSI: 00000000f7442ff4 RDI: 0000000000000000
[  923.778891][T20484] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  923.778902][T20484] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  923.778919][T20484] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  923.778945][T20484]  </TASK>
[  923.910123][T20451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  923.939439][T20456] bridge0: port 1(bridge_slave_0) entered blocking state
[  923.942613][T20456] bridge0: port 1(bridge_slave_0) entered disabled state
[  923.945139][T20456] bridge_slave_0: entered allmulticast mode
[  923.949437][T20456] bridge_slave_0: entered promiscuous mode
[  923.983788][T20456] bridge0: port 2(bridge_slave_1) entered blocking state
[  923.986437][T20456] bridge0: port 2(bridge_slave_1) entered disabled state
[  923.988747][T20456] bridge_slave_1: entered allmulticast mode
[  923.991445][T20456] bridge_slave_1: entered promiscuous mode
[  924.068810][T20456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  924.078368][T20451] team0: Port device team_slave_0 added
[  924.083736][T20456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  924.109421][T20451] team0: Port device team_slave_1 added
[  924.122655][   T29] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  924.190879][T20456] team0: Port device team_slave_0 added
[  924.194254][T20451] batman_adv: batadv0: Adding interface: batadv_slave_0
[  924.196811][T20451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  924.207533][T20451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  924.219391][T20456] team0: Port device team_slave_1 added
[  924.222881][T20451] batman_adv: batadv0: Adding interface: batadv_slave_1
[  924.225772][T20451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  924.236453][T20451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  924.272654][   T29] usb 8-1: device descriptor read/64, error -71
[  924.331506][T20456] batman_adv: batadv0: Adding interface: batadv_slave_0
[  924.334001][T20456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  924.342240][T20456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  924.348108][T20456] batman_adv: batadv0: Adding interface: batadv_slave_1
[  924.350662][T20456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  924.360000][T20456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  924.369504][T20451] hsr_slave_0: entered promiscuous mode
[  924.372931][T20451] hsr_slave_1: entered promiscuous mode
[  924.479641][T20456] hsr_slave_0: entered promiscuous mode
[  924.481922][T20456] hsr_slave_1: entered promiscuous mode
[  924.484290][T20456] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  924.486590][T20456] Cannot create hsr debugfs directory
[  924.522782][   T29] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  924.632096][T20451] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  924.662736][   T29] usb 8-1: device descriptor read/64, error -71
[  924.690503][T20451] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  924.780614][   T29] usb usb8-port1: attempt power cycle
[  924.786968][T20451] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  924.879198][T20451] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  925.144123][   T29] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  925.163498][   T29] usb 8-1: device descriptor read/8, error -71
[  925.242758][T20138] Bluetooth: hci0: command tx timeout
[  925.262434][T20451] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  925.268775][T20451] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  925.273396][T20451] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  925.289250][T20451] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  925.311441][T20456] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  925.317029][T20456] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  925.321643][T20456] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  925.327894][T20456] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  925.389025][T20451] 8021q: adding VLAN 0 to HW filter on device bond0
[  925.396804][T20456] 8021q: adding VLAN 0 to HW filter on device bond0
[  925.402744][   T29] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  925.405761][T20138] Bluetooth: hci1: command tx timeout
[  925.410025][T20451] 8021q: adding VLAN 0 to HW filter on device team0
[  925.417266][T20456] 8021q: adding VLAN 0 to HW filter on device team0
[  925.423853][   T29] usb 8-1: device descriptor read/8, error -71
[  925.424167][T13889] bridge0: port 1(bridge_slave_0) entered blocking state
[  925.428429][T13889] bridge0: port 1(bridge_slave_0) entered forwarding state
[  925.436696][ T1179] bridge0: port 1(bridge_slave_0) entered blocking state
[  925.439019][ T1179] bridge0: port 1(bridge_slave_0) entered forwarding state
[  925.443578][ T1179] bridge0: port 2(bridge_slave_1) entered blocking state
[  925.445901][ T1179] bridge0: port 2(bridge_slave_1) entered forwarding state
[  925.451335][T13889] bridge0: port 2(bridge_slave_1) entered blocking state
[  925.453674][T13889] bridge0: port 2(bridge_slave_1) entered forwarding state
[  925.533233][   T29] usb usb8-port1: unable to enumerate USB device
[  925.622912][T20451] 8021q: adding VLAN 0 to HW filter on device batadv0
[  925.639505][T20456] 8021q: adding VLAN 0 to HW filter on device batadv0
[  925.668021][T20451] veth0_vlan: entered promiscuous mode
[  925.679431][T20451] veth1_vlan: entered promiscuous mode
[  925.682630][ T6002] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  925.693841][T20456] veth0_vlan: entered promiscuous mode
[  925.705540][T20456] veth1_vlan: entered promiscuous mode
[  925.715822][T20451] veth0_macvtap: entered promiscuous mode
[  925.721770][T20451] veth1_macvtap: entered promiscuous mode
[  925.745432][T20451] batman_adv: batadv0: Interface activated: batadv_slave_0
[  925.748797][T20456] veth0_macvtap: entered promiscuous mode
[  925.756734][T20451] batman_adv: batadv0: Interface activated: batadv_slave_1
[  925.759950][T20456] veth1_macvtap: entered promiscuous mode
[  925.769381][T20451] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  925.772322][T20451] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  925.775613][T20451] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  925.778655][T20451] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  925.800383][T20456] batman_adv: batadv0: Interface activated: batadv_slave_0
[  925.816425][T20456] batman_adv: batadv0: Interface activated: batadv_slave_1
[  925.822738][ T6002] usb 8-1: device descriptor read/64, error -71
[  925.833883][ T1259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  925.834513][T20456] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  925.837127][ T1259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  925.840914][T20456] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  925.847534][T20456] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  925.851154][T20456] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  925.878520][T17118] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  925.881091][T17118] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  925.910495][T13889] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  925.914889][T13889] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  925.926615][T13889] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  925.930074][T13889] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  926.072819][ T6002] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  926.202932][ T6002] usb 8-1: device descriptor read/64, error -71
[  926.313160][ T6002] usb usb8-port1: attempt power cycle
[  926.672634][ T6002] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  926.693130][ T6002] usb 8-1: device descriptor read/8, error -71
[  926.942692][ T6002] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  927.152650][ T6002] usb 8-1: device not accepting address 13, error -71
[  927.154914][ T6002] usb usb8-port1: unable to enumerate USB device
[  927.479149][T20518] random: crng reseeded on system resumption
[  927.490421][T20518] Restarting kernel threads ...
[  927.492301][T20518] Done restarting kernel threads.
[  927.769319][T13889] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  927.957838][T14723] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  927.963072][T14723] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  927.966012][T14723] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  927.971847][T14723] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  927.976953][T14723] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  927.996239][T20520] lo speed is unknown, defaulting to 1000
[  928.000126][T20520] lo speed is unknown, defaulting to 1000
[  928.085512][T20520] chnl_net:caif_netlink_parms(): no params data found
[  928.135248][T20138] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  928.139204][T20138] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  928.145303][T20138] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  928.149005][T20138] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  928.152015][T20138] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  928.177613][T20520] bridge0: port 1(bridge_slave_0) entered blocking state
[  928.180684][T20520] bridge0: port 1(bridge_slave_0) entered disabled state
[  928.186282][T20520] bridge_slave_0: entered allmulticast mode
[  928.192718][T20520] bridge_slave_0: entered promiscuous mode
[  928.197516][T20520] bridge0: port 2(bridge_slave_1) entered blocking state
[  928.199884][T20520] bridge0: port 2(bridge_slave_1) entered disabled state
[  928.202172][T20520] bridge_slave_1: entered allmulticast mode
[  928.206286][T20520] bridge_slave_1: entered promiscuous mode
[  928.267952][T20527] lo speed is unknown, defaulting to 1000
[  928.270447][T20527] lo speed is unknown, defaulting to 1000
[  928.275282][T20520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  928.283038][T20520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  928.329316][T20520] team0: Port device team_slave_0 added
[  928.335993][T20532] syzkaller1: entered promiscuous mode
[  928.338372][T20532] syzkaller1: entered allmulticast mode
[  928.343681][T20520] team0: Port device team_slave_1 added
[  928.389528][T20520] batman_adv: batadv0: Adding interface: batadv_slave_0
[  928.391754][T20520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  928.400043][T20520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  928.407627][T20520] batman_adv: batadv0: Adding interface: batadv_slave_1
[  928.410318][T20520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  928.419161][T20520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  928.468513][T20520] hsr_slave_0: entered promiscuous mode
[  928.470787][T20520] hsr_slave_1: entered promiscuous mode
[  928.472976][T20520] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  928.475333][T20520] Cannot create hsr debugfs directory
[  928.588994][T20527] chnl_net:caif_netlink_parms(): no params data found
[  928.628763][T20537] FAULT_INJECTION: forcing a failure.
[  928.628763][T20537] name failslab, interval 1, probability 0, space 0, times 0
[  928.634021][T20537] CPU: 1 UID: 0 PID: 20537 Comm: syz.2.3740 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  928.634038][T20537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  928.634046][T20537] Call Trace:
[  928.634050][T20537]  <TASK>
[  928.634055][T20537]  dump_stack_lvl+0x16c/0x1f0
[  928.634070][T20537]  should_fail_ex+0x512/0x640
[  928.634084][T20537]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  928.634097][T20537]  should_failslab+0xc2/0x120
[  928.634112][T20537]  __kmalloc_cache_noprof+0x6a/0x3e0
[  928.634123][T20537]  ? do_signalfd4+0x169/0x430
[  928.634136][T20537]  do_signalfd4+0x169/0x430
[  928.634151][T20537]  __ia32_compat_sys_signalfd4+0x143/0x1e0
[  928.634168][T20537]  ? ksys_write+0x1ac/0x250
[  928.634185][T20537]  ? __pfx___ia32_compat_sys_signalfd4+0x10/0x10
[  928.634205][T20537]  ? rcu_is_watching+0x12/0xc0
[  928.634233][T20537]  __do_fast_syscall_32+0x7c/0x3a0
[  928.634253][T20537]  do_fast_syscall_32+0x32/0x80
[  928.634270][T20537]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  928.634290][T20537] RIP: 0023:0xf709e579
[  928.634304][T20537] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  928.634320][T20537] RSP: 002b:00000000f508e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000147
[  928.634335][T20537] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 0000000080000140
[  928.634346][T20537] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000000
[  928.634356][T20537] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  928.634366][T20537] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  928.634376][T20537] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  928.634397][T20537]  </TASK>
[  928.756853][T20527] bridge0: port 1(bridge_slave_0) entered blocking state
[  928.759355][T20527] bridge0: port 1(bridge_slave_0) entered disabled state
[  928.762025][T20527] bridge_slave_0: entered allmulticast mode
[  928.764721][T20527] bridge_slave_0: entered promiscuous mode
[  928.768908][T20527] bridge0: port 2(bridge_slave_1) entered blocking state
[  928.771164][T20527] bridge0: port 2(bridge_slave_1) entered disabled state
[  928.774303][T20527] bridge_slave_1: entered allmulticast mode
[  928.777008][T20527] bridge_slave_1: entered promiscuous mode
[  928.808383][T20527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  928.813080][T20527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  928.847205][T20527] team0: Port device team_slave_0 added
[  928.850769][T20527] team0: Port device team_slave_1 added
[  928.881973][T20527] batman_adv: batadv0: Adding interface: batadv_slave_0
[  928.885760][T20527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  928.893762][T20527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  928.898027][T20527] batman_adv: batadv0: Adding interface: batadv_slave_1
[  928.900212][T20527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  928.908298][T20527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  928.946767][T20527] hsr_slave_0: entered promiscuous mode
[  928.949221][T20527] hsr_slave_1: entered promiscuous mode
[  928.951346][T20527] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  928.953883][T20527] Cannot create hsr debugfs directory
[  929.430384][T13889] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.506617][T13889] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.607900][T13889] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.784643][T13889] bridge_slave_1: left allmulticast mode
[  929.787030][T13889] bridge_slave_1: left promiscuous mode
[  929.789528][T13889] bridge0: port 2(bridge_slave_1) entered disabled state
[  929.796815][T13889] bridge_slave_0: left allmulticast mode
[  929.799197][T13889] bridge_slave_0: left promiscuous mode
[  929.801640][T13889] bridge0: port 1(bridge_slave_0) entered disabled state
[  929.892425][T20550] x_tables: ip_tables: ah match: only valid for protocol 51
[  930.054423][T14723] Bluetooth: hci0: command tx timeout
[  930.121078][T13889] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  930.125633][T13889] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  930.143115][T13889] bond0 (unregistering): Released all slaves
[  930.203836][T14723] Bluetooth: hci1: command tx timeout
[  930.545553][T13889] hsr_slave_0: left promiscuous mode
[  930.547815][T13889] hsr_slave_1: left promiscuous mode
[  930.549785][T13889] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  930.552098][T13889] batman_adv: batadv0: Removing interface: batadv_slave_0
[  930.555240][T13889] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  930.557513][T13889] batman_adv: batadv0: Removing interface: batadv_slave_1
[  930.593177][T13889] veth1_macvtap: left promiscuous mode
[  930.595378][T13889] veth0_macvtap: left promiscuous mode
[  930.597861][T13889] veth1_vlan: left promiscuous mode
[  930.600132][T13889] veth0_vlan: left promiscuous mode
[  930.757908][T20555] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3744'.
[  931.005812][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  931.008009][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  931.396528][T13889] team0 (unregistering): Port device team_slave_1 removed
[  931.470106][T13889] team0 (unregistering): Port device team_slave_0 removed
[  932.132659][T14723] Bluetooth: hci0: command tx timeout
[  932.190539][T20555] team0: Port device team_slave_0 removed
[  932.247516][T20520] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  932.252174][T20520] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  932.282671][T14723] Bluetooth: hci1: command tx timeout
[  932.290703][T20527] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  932.315311][T20520] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  932.356887][T20520] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  932.386294][T20564] netlink: 'syz.3.3746': attribute type 2 has an invalid length.
[  932.390062][T20564] netlink: 'syz.3.3746': attribute type 1 has an invalid length.
[  932.408856][T20527] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  932.475328][T20520] 8021q: adding VLAN 0 to HW filter on device bond0
[  932.500397][T20527] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  932.513848][T20520] 8021q: adding VLAN 0 to HW filter on device team0
[  932.521368][ T1179] bridge0: port 1(bridge_slave_0) entered blocking state
[  932.523669][ T1179] bridge0: port 1(bridge_slave_0) entered forwarding state
[  932.533201][T17118] bridge0: port 2(bridge_slave_1) entered blocking state
[  932.535929][T17118] bridge0: port 2(bridge_slave_1) entered forwarding state
[  932.560958][T20520] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  932.619710][T20527] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  932.674963][T20520] 8021q: adding VLAN 0 to HW filter on device batadv0
[  932.698258][T20520] veth0_vlan: entered promiscuous mode
[  932.708739][T20520] veth1_vlan: entered promiscuous mode
[  932.727672][T20520] veth0_macvtap: entered promiscuous mode
[  932.733172][T20520] veth1_macvtap: entered promiscuous mode
[  932.756256][T20520] batman_adv: batadv0: Interface activated: batadv_slave_0
[  932.765872][T20520] batman_adv: batadv0: Interface activated: batadv_slave_1
[  932.771619][T20520] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  932.775658][T20520] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  932.779439][T20520] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  932.783467][T20520] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  932.817139][T13889] bridge_slave_1: left allmulticast mode
[  932.819130][T13889] bridge_slave_1: left promiscuous mode
[  932.821053][T13889] bridge0: port 2(bridge_slave_1) entered disabled state
[  932.826491][T13889] bridge_slave_0: left allmulticast mode
[  932.828264][T13889] bridge_slave_0: left promiscuous mode
[  932.830145][T13889] bridge0: port 1(bridge_slave_0) entered disabled state
[  933.097398][T20583] netlink: 'syz.2.3748': attribute type 4 has an invalid length.
[  933.162441][T20584] netlink: 'syz.2.3748': attribute type 4 has an invalid length.
[  933.188899][T13889] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  933.193682][T13889] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  933.198520][T13889] bond0 (unregistering): Released all slaves
[  933.241322][ T6000] lo speed is unknown, defaulting to 1000
[  933.250136][T11264] lo speed is unknown, defaulting to 1000
[  933.322099][T20527] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  933.329462][T20527] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  933.337414][ T1179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  933.340642][ T1179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  933.357455][T20527] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  933.366980][T20527] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  933.389190][ T1259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  933.391816][ T1259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  933.414179][T20520] ==================================================================
[  933.416688][T20520] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[  933.419242][T20520] Write of size 8 at addr ffff88804d549808 by task syz-executor/20520
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  933.422557][T20520] 
[  933.424389][T20520] CPU: 1 UID: 0 PID: 20520 Comm: syz-executor Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  933.424411][T20520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  933.424419][T20520] Call Trace:
[  933.424424][T20520]  <TASK>
[  933.424429][T20520]  dump_stack_lvl+0x116/0x1f0
[  933.424444][T20520]  print_report+0xcd/0x680
[  933.424458][T20520]  ? __virt_addr_valid+0x81/0x610
[  933.424477][T20520]  ? __phys_addr+0xe8/0x180
[  933.424494][T20520]  ? binder_add_device+0xa4/0xb0
[  933.424507][T20520]  kasan_report+0xe0/0x110
[  933.424520][T20520]  ? binder_add_device+0xa4/0xb0
[  933.424533][T20520]  binder_add_device+0xa4/0xb0
[  933.424544][T20520]  binderfs_binder_device_create.isra.0+0xa03/0xc30
[  933.424563][T20520]  binderfs_fill_super+0x8d4/0x1360
[  933.424581][T20520]  ? __pfx_binderfs_fill_super+0x10/0x10
[  933.424600][T20520]  ? shrinker_register+0x1a8/0x260
[  933.424615][T20520]  ? sget_fc+0x808/0xc20
[  933.424625][T20520]  ? apparmor_capable+0x114/0x1d0
[  933.424640][T20520]  ? __pfx_set_anon_super_fc+0x10/0x10
[  933.424657][T20520]  ? __pfx_binderfs_fill_super+0x10/0x10
[  933.424671][T20520]  get_tree_nodev+0xdd/0x190
[  933.424682][T20520]  vfs_get_tree+0x8e/0x340
[  933.424698][T20520]  path_mount+0x14d4/0x1f70
[  933.424711][T20520]  ? kmem_cache_free+0x2d1/0x4d0
[  933.424723][T20520]  ? __pfx_path_mount+0x10/0x10
[  933.424735][T20520]  ? getname_flags.part.0+0x1c5/0x550
[  933.424752][T20520]  ? putname+0x154/0x1a0
[  933.424765][T20520]  __ia32_sys_mount+0x28b/0x310
[  933.424778][T20520]  ? __pfx___ia32_sys_mount+0x10/0x10
[  933.424792][T20520]  ? rcu_is_watching+0x12/0xc0
[  933.424810][T20520]  __do_fast_syscall_32+0x7c/0x3a0
[  933.424829][T20520]  do_fast_syscall_32+0x32/0x80
[  933.424841][T20520]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  933.424856][T20520] RIP: 0023:0xf7fb4579
[  933.424865][T20520] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  933.424877][T20520] RSP: 002b:00000000fffe53c0 EFLAGS: 00000292 ORIG_RAX: 0000000000000015
[  933.424888][T20520] RAX: ffffffffffffffda RBX: 00000000f72d64ed RCX: 00000000f72c6be3
[  933.424896][T20520] RDX: 00000000f72d64ed RSI: 0000000000000000 RDI: 0000000000000000
[  933.424903][T20520] RBP: 00000000f72a4088 R08: 0000000000000000 R09: 0000000000000000
[  933.424909][T20520] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  933.424916][T20520] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  933.424926][T20520]  </TASK>
[  933.424930][T20520] 
[  933.507957][T20520] Allocated by task 20451:
[  933.509313][T20520]  kasan_save_stack+0x33/0x60
[  933.510831][T20520]  kasan_save_track+0x14/0x30
[  933.512291][T20520]  __kasan_kmalloc+0xaa/0xb0
[  933.513723][T20520]  __ipv6_dev_mc_inc+0x2b9/0xc10
[  933.515237][T20520]  ipv6_add_dev+0xbbf/0x15f0
[  933.516700][T20520]  addrconf_notify+0x53e/0x19e0
[  933.518535][T20520]  notifier_call_chain+0xb9/0x410
[  933.520295][T20520]  call_netdevice_notifiers_info+0xbe/0x140
[  933.522145][T20520]  register_netdevice+0x182e/0x2270
[  933.523792][T20520]  veth_newlink+0x30f/0xa00
[  933.525190][T20520]  rtnl_newlink+0xc42/0x2000
[  933.526645][T20520]  rtnetlink_rcv_msg+0x95e/0xe90
[  933.528202][T20520]  netlink_rcv_skb+0x16d/0x440
[  933.529663][T20520]  netlink_unicast+0x53a/0x7f0
[  933.531165][T20520]  netlink_sendmsg+0x8d1/0xdd0
[  933.532656][T20520]  __sys_sendto+0x4a3/0x520
[  933.534090][T20520]  __ia32_compat_sys_socketcall+0x625/0x770
[  933.535929][T20520]  __do_fast_syscall_32+0x7c/0x3a0
[  933.537984][T20520]  do_fast_syscall_32+0x32/0x80
[  933.539726][T20520]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  933.541664][T20520] 
[  933.542423][T20520] Freed by task 17118:
[  933.543688][T20520]  kasan_save_stack+0x33/0x60
[  933.545114][T20520]  kasan_save_track+0x14/0x30
[  933.546641][T20520]  kasan_save_free_info+0x3b/0x60
[  933.548196][T20520]  __kasan_slab_free+0x51/0x70
[  933.549682][T20520]  kmem_cache_free_bulk.part.0+0x383/0x7f0
[  933.551491][T20520]  kvfree_rcu_bulk+0x1bb/0x1f0
[  933.552969][T20520]  kfree_rcu_monitor+0x1d0/0x2f0
[  933.554484][T20520]  process_one_work+0x9cc/0x1b70
[  933.556059][T20520]  worker_thread+0x6c8/0xf10
[  933.557709][T20520]  kthread+0x3c5/0x780
[  933.559018][T20520]  ret_from_fork+0x5d7/0x6f0
[  933.560509][T20520]  ret_from_fork_asm+0x1a/0x30
[  933.561985][T20520] 
[  933.562756][T20520] Last potentially related work creation:
[  933.564504][T20520]  kasan_save_stack+0x33/0x60
[  933.566017][T20520]  kasan_record_aux_stack+0xa7/0xc0
[  933.567672][T20520]  kvfree_call_rcu+0x76/0x470
[  933.569156][T20520]  ma_put+0xff/0x150
[  933.570443][T20520]  ipv6_mc_destroy_dev+0x3c5/0x690
[  933.572058][T20520]  addrconf_ifdown.isra.0+0x13ef/0x1a90
[  933.573804][T20520]  addrconf_notify+0x220/0x19e0
[  933.575289][T20520]  notifier_call_chain+0xb9/0x410
[  933.576938][T20520]  call_netdevice_notifiers_info+0xbe/0x140
[  933.578771][T20520]  unregister_netdevice_many_notify+0xf9a/0x26f0
[  933.580795][T20520]  default_device_exit_batch+0x853/0xaf0
[  933.582512][T20520]  ops_exit_list+0x128/0x180
[  933.583979][T20520]  cleanup_net+0x5c1/0xb30
[  933.585338][T20520]  process_one_work+0x9cc/0x1b70
[  933.586844][T20520]  worker_thread+0x6c8/0xf10
[  933.588258][T20520]  kthread+0x3c5/0x780
[  933.589499][T20520]  ret_from_fork+0x5d7/0x6f0
[  933.590921][T20520]  ret_from_fork_asm+0x1a/0x30
[  933.592400][T20520] 
[  933.593153][T20520] The buggy address belongs to the object at ffff88804d549800
[  933.593153][T20520]  which belongs to the cache kmalloc-512 of size 512
[  933.597305][T20520] The buggy address is located 8 bytes inside of
[  933.597305][T20520]  freed 512-byte region [ffff88804d549800, ffff88804d549a00)
[  933.601344][T20520] 
[  933.602109][T20520] The buggy address belongs to the physical page:
[  933.604071][T20520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804d548800 pfn:0x4d548
[  933.607109][T20520] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  933.609641][T20520] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff)
[  933.612240][T20520] page_type: f5(slab)
[  933.613508][T20520] raw: 04fff00000000240 ffff88801b442c80 ffffea0001a77d10 ffffea00016c3310
[  933.616165][T20520] raw: ffff88804d548800 000000000010000c 00000000f5000000 0000000000000000
[  933.618805][T20520] head: 04fff00000000240 ffff88801b442c80 ffffea0001a77d10 ffffea00016c3310
[  933.621918][T20520] head: ffff88804d548800 000000000010000c 00000000f5000000 0000000000000000
[  933.624593][T20520] head: 04fff00000000002 ffffea0001355201 00000000ffffffff 00000000ffffffff
[  933.627226][T20520] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  933.629905][T20520] page dumped because: kasan: bad access detected
[  933.631863][T20520] page_owner tracks the page as allocated
[  933.633586][T20520] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5938, tgid 5938 (syz-executor), ts 46928771182, free_ts 46912149917
[  933.639370][T20520]  post_alloc_hook+0x1c0/0x230
[  933.640897][T20520]  get_page_from_freelist+0x135c/0x3950
[  933.642585][T20520]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  933.644407][T20520]  alloc_pages_mpol+0x1fb/0x550
[  933.645905][T20520]  new_slab+0x23b/0x330
[  933.647324][T20520]  ___slab_alloc+0xd9c/0x1940
[  933.648796][T20520]  __slab_alloc.constprop.0+0x56/0xb0
[  933.650423][T20520]  __kmalloc_cache_noprof+0xfb/0x3e0
[  933.652068][T20520]  tipc_topsrv_init_net+0x109/0x9e0
[  933.653689][T20520]  ops_init+0x1df/0x5f0
[  933.654972][T20520]  setup_net+0x21e/0x850
[  933.656304][T20520]  copy_net_ns+0x2a6/0x5f0
[  933.657691][T20520]  create_new_namespaces+0x3ea/0xa90
[  933.659346][T20520]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  933.661133][T20520]  ksys_unshare+0x45b/0xa40
[  933.662542][T20520]  __ia32_sys_unshare+0x30/0x40
[  933.664075][T20520] page last free pid 5938 tgid 5938 stack trace:
[  933.666005][T20520]  __free_frozen_pages+0x7f8/0x1180
[  933.667724][T20520]  qlist_free_all+0x4d/0x120
[  933.669174][T20520]  kasan_quarantine_reduce+0x195/0x1e0
[  933.670890][T20520]  __kasan_slab_alloc+0x69/0x90
[  933.672474][T20520]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  933.674149][T20520]  ref_tracker_alloc+0x18e/0x5b0
[  933.675695][T20520]  register_netdevice+0x1689/0x2270
[  933.677696][T20520]  register_netdev+0x34/0x50
[  933.679358][T20520]  vti6_init_net+0x28f/0x490
[  933.680854][T20520]  ops_init+0x1df/0x5f0
[  933.682168][T20520]  setup_net+0x21e/0x850
[  933.683531][T20520]  copy_net_ns+0x2a6/0x5f0
[  933.684884][T20520]  create_new_namespaces+0x3ea/0xa90
[  933.686503][T20520]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  933.688253][T20520]  ksys_unshare+0x45b/0xa40
[  933.689682][T20520]  __ia32_sys_unshare+0x30/0x40
[  933.691210][T20520] 
[  933.691968][T20520] Memory state around the buggy address:
[  933.693668][T20520]  ffff88804d549700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  933.696153][T20520]  ffff88804d549780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  933.699180][T20520] >ffff88804d549800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  933.701630][T20520]                       ^
[  933.702945][T20520]  ffff88804d549880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  933.705352][T20520]  ffff88804d549900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  933.707833][T20520] ==================================================================
[  933.723062][T20520] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  933.725509][T20520] CPU: 1 UID: 0 PID: 20520 Comm: syz-executor Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  933.729234][T20520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  933.732596][T20520] Call Trace:
[  933.733864][T20520]  <TASK>
[  933.734928][T20520]  dump_stack_lvl+0x3d/0x1f0
[  933.736602][T20520]  panic+0x71c/0x800
[  933.737791][T20520]  ? __pfx_panic+0x10/0x10
[  933.739217][T20520]  ? mark_held_locks+0x49/0x80
[  933.740700][T20520]  ? preempt_schedule_thunk+0x16/0x30
[  933.742314][T20520]  ? binder_add_device+0xa4/0xb0
[  933.743860][T20520]  ? preempt_schedule_common+0x44/0xc0
[  933.745509][T20520]  ? check_panic_on_warn+0x1f/0xb0
[  933.747073][T20520]  ? binder_add_device+0xa4/0xb0
[  933.748581][T20520]  check_panic_on_warn+0xab/0xb0
[  933.750138][T20520]  end_report+0x107/0x170
[  933.751487][T20520]  kasan_report+0xee/0x110
[  933.752876][T20520]  ? binder_add_device+0xa4/0xb0
[  933.754384][T20520]  binder_add_device+0xa4/0xb0
[  933.755881][T20520]  binderfs_binder_device_create.isra.0+0xa03/0xc30
[  933.757910][T20520]  binderfs_fill_super+0x8d4/0x1360
[  933.759519][T20520]  ? __pfx_binderfs_fill_super+0x10/0x10
[  933.761274][T20520]  ? shrinker_register+0x1a8/0x260
[  933.762829][T20520]  ? sget_fc+0x808/0xc20
[  933.764167][T20520]  ? apparmor_capable+0x114/0x1d0
[  933.765711][T20520]  ? __pfx_set_anon_super_fc+0x10/0x10
[  933.767371][T20520]  ? __pfx_binderfs_fill_super+0x10/0x10
[  933.769155][T20520]  get_tree_nodev+0xdd/0x190
[  933.770640][T20520]  vfs_get_tree+0x8e/0x340
[  933.772055][T20520]  path_mount+0x14d4/0x1f70
[  933.773445][T20520]  ? kmem_cache_free+0x2d1/0x4d0
[  933.774954][T20520]  ? __pfx_path_mount+0x10/0x10
[  933.776481][T20520]  ? getname_flags.part.0+0x1c5/0x550
[  933.778165][T20520]  ? putname+0x154/0x1a0
[  933.779521][T20520]  __ia32_sys_mount+0x28b/0x310
[  933.781099][T20520]  ? __pfx___ia32_sys_mount+0x10/0x10
[  933.782781][T20520]  ? rcu_is_watching+0x12/0xc0
[  933.784312][T20520]  __do_fast_syscall_32+0x7c/0x3a0
[  933.785898][T20520]  do_fast_syscall_32+0x32/0x80
[  933.787421][T20520]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  933.789373][T20520] RIP: 0023:0xf7fb4579
[  933.790689][T20520] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  933.796582][T20520] RSP: 002b:00000000fffe53c0 EFLAGS: 00000292 ORIG_RAX: 0000000000000015
[  933.799153][T20520] RAX: ffffffffffffffda RBX: 00000000f72d64ed RCX: 00000000f72c6be3
[  933.801625][T20520] RDX: 00000000f72d64ed RSI: 0000000000000000 RDI: 0000000000000000
[  933.804073][T20520] RBP: 00000000f72a4088 R08: 0000000000000000 R09: 0000000000000000
[  933.806499][T20520] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  933.808944][T20520] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  933.811401][T20520]  </TASK>
[  933.813080][T20520] Kernel Offset: disabled
[  933.814420][T20520] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:44:13  Registers:
info registers vcpu 0

CPU#0
RAX=000000000109441f RBX=0000000000000000 RCX=ffffffff8b71e0a9 RDX=0000000000000000
RSI=ffffffff8dbee096 RDI=ffffffff8bf4fdc0 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e08
R8 =0000000000000001 R9 =ffffed100564663d R10=ffff88802b2331eb R11=0000000000000001
R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90867e50 R15=0000000000000000
RIP=ffffffff8b71cc0f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977ac000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7476188 CR3=0000000060c0d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85530245 RDI=ffffffff9ae20cc0 RBP=ffffffff9ae20c80 RSP=ffffc900045974f0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3564343038387257
R12=0000000000000000 R13=0000000000000030 R14=ffffffff9ae20c80 R15=ffffffff855301e0
RIP=ffffffff8553026f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978ac000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f0d4ffc CR3=000000005f4ff000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000001 RBX=0000000000000001 RCX=0000000061a1e193 RDX=ffffffff816a244d
RSI=ffffffff8dbc8ccf RDI=ffffffff8bf4fdc0 RBP=ffffc900005389a0 RSP=ffffc900005388d0
R8 =7e7e23ab47813797 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=ffffffff81a66a70 R13=ffffc90000538958 R14=0000000000000000 R15=ffff888022228000
RIP=ffffffff81a059ed RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979ac000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7fe6e40 CR3=0000000047178000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7482ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=ffffffff8b3f4a39 RBX=ffff88805d9c8328 RCX=0000000000000002 RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff8e3c2640 RBP=0000000000000065 RSP=ffffc90006ef7af8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000400 R11=0000000000000001
R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81978f55 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097aac000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c2cfcfa CR3=0000000025750000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000001 Opmask01=0000000000000001 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=00000000fffffdff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc0c35358b 00007ffc0c35358b
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc0c353a90 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc0c353a90 0000003000000018
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 74732064656c6261 7369642064657265 746e652029305f65 76616c735f656700
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7473206465666261 7363642064657265 7464652023305565 7661667355656700
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2053534249207765 6e20676e69746165 7243203a316e616c 77205d3935323154
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f2055544d206568 54203a3076646174 6162203a7664615f 6e616d746162205d
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656361667265746e 6920666f2055544d 20656854203a3076 6461746162203a76
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 353128206c6c616d 73206f6f74207369 20315f6576616c73 5f76646174616220
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6220666f2074726f 70736e6172742065 687420656c646e61 68206f7420293030
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e6d656c626f7270 206568742065766c 6f7320646c756f77 2030363531206f74
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000