last executing test programs:

1m30.331869081s ago: executing program 2 (id=451):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x9)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000003b0007010000000000000000037c0000040000000c000180cdfe0300000000008a5ec66b01c7c279050b08ac52af2409e0bdf1b50cea3b96d28b2d89195833a247cde7261f5eed4bdff6530f0ff5870861998611c8cc94aac67985bf5868be02376a1e42930100c546cb5756f79d0755af8e4f3d4905555ae3"], 0x24}}, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r4, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0x4e0, r6, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x4ba, 0x33, @reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, {0x8}, @device_b, @device_a, @from_mac=@broadcast, {0x8, 0x1}}, 0x4, 0x45, @default, @void, @val={0x2d, 0x1a, {0x80, 0x0, 0x4, 0x0, {0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x300, 0x10, 0x7}}, [{0xdd, 0xf4, "427d4ad4ac12b30271ca162355c31b72d027120daa591b754330233689ca4eb46c974a4dff1227b3864eac0f74ebbb932ef388374e25acb51732d9af2d8a135b388f0b89aa5cd4d4373044ee6bcff14fe70344e181793680a90493b1a7af56ea81d144734b510863c66e909b52699e8fa89536c9e240ca886fcd88dc9770e49678936e9513f5b9a6889340df58f0cb780cdff6eebbf76925d5143d25a2f1a0c04451702686176238c22adde1fc4c0c1b91f521233f1c397094c81ed97d0ea1f6ff411542984ecada104551e3eea3f210152a1db183f1e9916661bd8ebbae52ae7fd4656597abec5ee04f4b69894f19f3631cc786"}, {0xdd, 0xca, "cea0262549eda8334978cea8df9978488c63a77d09662700b0eb0debf804b4f926aafb2fcdb3e5b4c9b161deae9b91add6e988a1447524b779aaca1f9000188f205caa9c5bdf91f5504fdb0d5d00b50e155076f80e946371e8168faa50535f5821148de5d01fbe43f85ff1acbd16834cdd1865ed9c7c61b96f349135444c783e49a67881ad66c1373928783bd02d8b4432b3d106844075a156673bf16d68cb800166c69a60fe40c17ff99ecd3f89f0ce1b285f492f349978e3625e11abdce903727fd235004f47bdf43f"}, {0xdd, 0xfffffffffffffebf, "f819801275415ff10a20246da2c3067a19a97452321fcd1b05"}, {0xdd, 0x99, "b6a14db682bdb94aa1d9bbade5bd0b7076e7d168d7b1d9ccf9989106a8e0642d63be5fafbc7fea5814b2b84ebb83ce96c659ecc31dfa583f2046973e229fc1683867c4d995beb0cdc08ee7be45f3612cf6e29aa09b2002e525f6d31262ecb7989eca6d9f5c217bdde47d80d3feeb2896963c7cb6a75bab37a740b9d0ed04c0b365606356630662caec2ab13b943b31131f72ff561632f98f0d"}, {0xdd, 0x29, "66cb1526077edf3456742cc4975288f5992254652db0b089f6da415b648d80340e53d0dae672c59cca"}, {0xdd, 0xe5, "31aab40530ef90a8833d7f4fb9bf717820bb10f0de8a84fab5a7d25cfde44dcae00f6d876aedd6658a764139b6c3a2efe0fe1df762eeb79d0111591a70d34ffde573fe260bd192d12aac9008adece28f5fdfff5e9e867d50c1e60e588039e99bf6d7798d53b5fcf52284e19eccf5f07e20338c365d5c7aced7dc9c8412e7d46884722986e114afd793551848ca7e4f172e7d1ca26d98a1e0005c48314b877fe33570605c627ce01bb46650f2d6d9f01b030ac66e7b3135a0643e1b162fefe70fdf244a1ff8eeb5abc05158670b5c2d0cc61cf864204805e275fe209ae8c409e317ae81119b"}, {0xdd, 0x38, "f0270fdf4ce595886f33ae67868e72a3403b0eb03f04ef91d15d9b1498803ce66990c318fb225fb445177bd4c473e8ef9a2ffa96d3059d89"}, {0xdd, 0x6c, "8d5298fab88beaeb1ed53b2df34361bdd449a127fedec5476fc4faf556c1e6825d6c04441fd8f37ec2e5f0d4b6c37fd4fd67cc508b70f8ec1af97c080aeea80f33f7176ae0aed292ea4183ac686e2bd8c9d510a93c6d7afad9b84c0865c08024965782ca1d91dd57b62d863a"}, {0xdd, 0x40, "8d2fa0a65f6579e00c9a0584c8f1f0ea2b0260790817c8d2c51fe32453797bc677083dc6a943d913160c71c13104cdbc5881f149c8fbfa50013810872e075576"}, {0xdd, 0x6, "b956ed12852b"}]}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x1d1}]}, 0x4e0}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080)
sendmsg$NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r6, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8, 0x10b, 0xfffffff7}, @NL80211_ATTR_WIPHY_RTS_THRESHOLD={0x8, 0x40, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x48000)
ioperm(0x0, 0x6, 0x2da3b9f3)
fchown(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r7 = syz_open_procfs$pagemap(0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000c68000/0x3000)=nil, 0x7fffffff, 0x0, 0x0, 0x6, 0x0, 0x2})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ipv6_route\x00')
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x500, 0x2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)

1m28.062238814s ago: executing program 2 (id=465):
syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="14000a002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

1m27.932547892s ago: executing program 2 (id=466):
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000002100)={0x1, 'wg1\x00', 0x40001}, 0x18)
io_uring_setup(0x3936, 0x0)
socket$kcm(0x11, 0x3, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0xffffff01, 0x34324152, 0x1, 0x0, [{0x80000, 0x3}, {0xfffffffc, 0xa0a}, {}, {0x2}, {0x0, 0x7}, {0xfffffffa, 0x6}, {0x0, 0xd61}, {0x800}], 0x6, 0x0, 0x3, 0x0, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
socketpair(0x8, 0x80000, 0x7, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000500)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(sha1-avx2,xchacha20-simd)\x00'}, 0x58)
munlockall()
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
io_uring_setup(0x5e72, &(0x7f0000000340)={0x0, 0x4ee4, 0x400, 0x0, 0xfffffffc, 0x0, r5})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x6080, 0x0)
io_setup(0x1, &(0x7f0000000040))
read$FUSE(r5, &(0x7f0000002140)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000240)={0x50, 0x0, r6, {0x7, 0x29, 0x3, 0x20040, 0x7, 0x534c, 0x4, 0x7, 0x0, 0x0, 0x2, 0x5}}, 0x50)
write$P9_RSTATu(r5, &(0x7f0000000740)=ANY=[], 0x5a)

1m27.010394285s ago: executing program 2 (id=473):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80011200, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

1m26.162636281s ago: executing program 2 (id=480):
gettid()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
pread64(r2, &(0x7f0000001600)=""/4089, 0x5, 0x200000000000049a)

1m25.962665456s ago: executing program 2 (id=482):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="1c0000f50000000060000000001c3a00ff020000000002000000000000000001fe8000000000000000000000000000aa8200907800050098fe8800000000000000000000000001017d010000"], 0x4c)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, 0x0, 0x0}, 0x20)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5, 0x0, {0x0, 0xf0}, 0xfe}, 0x18)
sendmsg$can_j1939(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x1d, r5, 0x2, {0x2, 0xf0, 0x1}, 0xfd}, 0x18, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x14)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x6)
r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x10)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf4fffff7, 0x12, r6, 0x0)
r7 = open$dir(&(0x7f0000000080)='./file0\x00', 0x100, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r7, 0x0)
r8 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r8, &(0x7f0000000780)="026126d40eb8b249", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r9, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1}}, 0x3c)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a0b0400000000000000000200000038000480340001800b00010074617267657400002400028010000100434f4e4e5345434d41524b0005000300ef00000008ea0240000000000900010073797a30000000000900020073797a3200"], 0x98}}, 0x0)

1m25.920942897s ago: executing program 32 (id=482):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="1c0000f50000000060000000001c3a00ff020000000002000000000000000001fe8000000000000000000000000000aa8200907800050098fe8800000000000000000000000001017d010000"], 0x4c)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, 0x0, 0x0}, 0x20)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5, 0x0, {0x0, 0xf0}, 0xfe}, 0x18)
sendmsg$can_j1939(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x1d, r5, 0x2, {0x2, 0xf0, 0x1}, 0xfd}, 0x18, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x14)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x6)
r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x10)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf4fffff7, 0x12, r6, 0x0)
r7 = open$dir(&(0x7f0000000080)='./file0\x00', 0x100, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r7, 0x0)
r8 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r8, &(0x7f0000000780)="026126d40eb8b249", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r9, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1}}, 0x3c)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a0b0400000000000000000200000038000480340001800b00010074617267657400002400028010000100434f4e4e5345434d41524b0005000300ef00000008ea0240000000000900010073797a30000000000900020073797a3200"], 0x98}}, 0x0)

5.321407902s ago: executing program 3 (id=1071):
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000006, 0x10, 0xffffffffffffffff, 0xb1dde000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="6753ebb2df81a031fa240a1a410c140000001000010000000000000000000000000a34000000030a1b000000000000000000020000000900010073797a30000000000900030073797a320000000008000a4000000004140000001100010000000000000000000000000a"], 0x5c}}, 0x0)
setuid(0xee00)
fsetxattr$security_capability(r0, &(0x7f00000000c0), &(0x7f0000000100)=@v2={0x2000000, [{0x5, 0xfffffff3}, {0x400, 0x100}]}, 0x14, 0x3)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/164)

5.02194286s ago: executing program 3 (id=1073):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0x8915, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

5.021700224s ago: executing program 3 (id=1074):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = userfaultfd(0x80001)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8850}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xa}, 0x20)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x20001, 0x4)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r4, 0xae80, 0x0)

4.680452521s ago: executing program 1 (id=1080):
r0 = socket$kcm(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x44110}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x8}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r7 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_DEV_CREATE(r7, 0x5501)
lseek(r6, 0x9, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f00000020c0)={@remote, 0x80, r9})

4.290337562s ago: executing program 4 (id=1084):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r1, 0x1, 0x70bd2e, 0x800}, 0x14}}, 0x40880)

4.118576299s ago: executing program 4 (id=1086):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = io_uring_setup(0x17fb, &(0x7f0000000440)={0x0, 0x0, 0x80, 0x8000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$KVM_GET_XSAVE2(0xffffffffffffffff, 0x9000aecf, &(0x7f00001ea000/0x2000)=nil)
pipe(0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18)
r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGDEV(r5, 0x540e, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000002c0)=0x7e)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000540)=0x9)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000300)=0xfe)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000001c0)=0x7e)
close_range(r0, 0xffffffffffffffff, 0x0)
userfaultfd(0x801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x30, 0xffffffffffffffff, 0x0)
inotify_init1(0x0)

4.01677065s ago: executing program 3 (id=1087):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRESOCT=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000040), 0x3ff, 0x0)
r4 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x8801, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = inotify_init1(0x0)
inotify_rm_watch(r5, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000140)={0x0, 0x1, 0x0, "ee471a55b5e2c266422ef07bbfd7a61e37466e060403bbd8115bd48970e86a02"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_getscheduler(0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = syz_io_uring_setup(0x4ac3, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x3db}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0)
writev(r4, &(0x7f0000000040), 0x200000000000019f)
ioctl$VIDIOC_STREAMOFF(r3, 0x40045613, &(0x7f0000000200)=0x1)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xfe}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

3.821262849s ago: executing program 1 (id=1088):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = socket$netlink(0x10, 0x3, 0x4)
write(r1, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27)
sendmsg$NFT_BATCH(r1, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWFLOWTABLE={0x50, 0x16, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELCHAIN={0xa0, 0x5, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_CHAIN_COUNTERS={0x7c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xc9}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xfffffffffffffc00}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x10001}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x6}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x496682bc}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x800}, @NFTA_COUNTER_PACKETS={0xc}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x8}]}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}]}, @NFT_MSG_DELOBJ={0x2e8, 0x14, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_OBJ_USERDATA={0x60, 0x8, "9f366980e99fcce4540400ea8b019734682aa5e63e024f59b6771f57940f72ef825ec2590b8dfb1ce8e2627ad4796c3aed1c84b8461bbf8e2f5d45f75ed7792c62e9a31b79792125e13121f429237385fa0c6ab14c9e74bdfc1f5d04"}, @NFTA_OBJ_USERDATA={0xa1, 0x8, "b38797322266111aa4f26fcab2b111da705929fa5c787bbdbb74a3db51e73f29b444b8da1ce0db29f2382db0dccc8edac53185dbdae7cdf3603414c204521d6c5dd8d7fdd717947f8988463ed04e6e0d25925000092fbc82e80e0607c2ffb4eb1521eefed73994379effb3561d6f8c55b287d2752a260a81d92c1786dac123097b381fb037c5f0def109c7af2f7daaf4db24c75b0ba6fa3bbd374ed5ac"}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_USERDATA={0xbb, 0x8, "c64e7aac66be87417376631d517a81003abf9cd6926a017fd1c48135c109bf314c3ef48668e1ec09b2e0483c0544d7063f796adb7e09636ebdcddbe3af1b555a078f7f46da7a889ee920f231b32b6693241814ae684490e9a03520225a8243f7dee2fc583151a838bd078396107133d210a2bb9c613a9331acc9c0b95cf88f578eecc48c10b3379f1b411396d5f1b471cac62e3add515fbebf26a43b3e6fbf1aaa145a1f9e7554a5ba12701999ded643a061ec6e0fddd4"}, @NFTA_OBJ_USERDATA={0xe4, 0x8, "d93e54a70146ab954d984abe22e3bd1517550c42aa3ffccd9b60fcda9d8846e195d953643ed46c50850af2564b9e3dd0fc2ef0627941b2271e4f5049da4354690b6c866202f581ed0d4e9337cbbf37759327e1a6d9d5c361e187071de8955ec85ec2dd9fd6d63dfe3de8ade54f2816a74bfa60cee1f2b997369a3e2d9debb7515639f516c98d5029c3ed313e093cb6aebb8cc488781f13bece8c9fd3abf3c9e79490390b5716fdc1fa0809f7ca30954904a1b938ee89534d3a8a9a38dcfd034b5f5057c9e8d75bf06af077a4289833895b78faa9653eae369569c1106b370a5b"}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x400}, 0x1, 0x0, 0x0, 0x5}, 0x4040080)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f0000000c00)=0xff070000, 0x4)

3.310002831s ago: executing program 1 (id=1089):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newspdinfo={0x1c, 0x24, 0x3ff, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x1c}}, 0x4800)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x82, 0x0)
read$hiddev(r4, &(0x7f00000002c0)=""/219, 0xdb)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x154, r7, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x12d, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @device_b, @device_a, @initial, {0xf, 0x5}}, 0xffffffffffffffff, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x1ff}, @val={0x5, 0xbf, {0x5, 0x97, 0x5, "6e7610ee8c9e0ad2622d42253dc662d116721555ae0e034de7d84e06c34d34b48b1a16c0a7f69e5cffaeb5f7c2f32a8d228fb4026e21d0966fb0b605653b13173fc75a72c4a2f99518efa41fbde1fc9138be6d0eb0b582b7bea100000000000000000000000000000000978ad650f37886ad2ef74418455db01873fbc57ec64505aee3c1d0f1188a6a8d048fff3800203b9ebb436056ac01a44df171a3a335cfc60734597f6c5cd66851ca1aae906dde3ad5c37959ded807b05f5bbb"}}, @val={0x25, 0x3, {0x0, 0x7, 0x7}}, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x1}}, @void, @val={0x71, 0x7, {0x69, 0x0, 0x1, 0x0, 0x1, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}}}]}, 0x154}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x68, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_a, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @NL80211_ATTR_SMPS_MODE={0x5}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x68}}, 0x0)

3.130428535s ago: executing program 4 (id=1090):
ioprio_set$pid(0x2, 0x0, 0x6000)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(&(0x7f0000000180), 0x5, 0x0, 0x0, &(0x7f0000000000), 0xaffffffa)

1.901060389s ago: executing program 4 (id=1092):
read$FUSE(0xffffffffffffffff, &(0x7f0000000040)={0x2020, 0x0, <r0=>0x0, 0x0, <r1=>0x0}, 0x2020)
fchownat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xee01, r1, 0x400)
r2 = openat$fuse(0xffffff9c, &(0x7f0000002080), 0x2, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f00000020c0)={0x50, 0x0, r0, {0x7, 0x2b, 0x80, 0x2030080, 0x2, 0x5, 0x80000000, 0xffff850f, 0x0, 0x0, 0x40, 0x4}}, 0x50)
read$FUSE(r2, &(0x7f0000002140)={0x2020, 0x0, <r3=>0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_STATFS(r2, &(0x7f0000004180)={0x60, 0x0, r3, {{0x2b, 0x8, 0xe, 0x3, 0xcb4b, 0x8, 0xffffff00, 0x4}}}, 0x60)
read$FUSE(r2, &(0x7f0000004200)={0x2020}, 0x2020)
write(r2, &(0x7f0000006240)="4311b8b35d5189522d71cc3895eb62123203c863a444059a07ca38be3b473bab81081134ba9c35dfac64bc903a48015845c5c98e81825a6dc9cb7f5fd28c6c70c9171309a3f0c8f667284b237d84329e2f25e26cfa83cfc9ddec0bcf8b77460ff60426a4b6186df2694c79de93e1e7a61d1ccb358c4140543f4bbe8c933e8506c535b4af8edebef90102063867465cb9c395848fd99596e1e754a84e702af260bc4b54521f8cd788f8ae66259a7325556c27f2c6db4ca1a91b3053ba8aab5c9a655040de684595eb177d401d186ec98bc5797747890ae03b76f0ecda2bc84ce9fb8395d5d5df8e189863", 0xea)
r5 = getuid()
mount$afs(&(0x7f0000006340), &(0x7f0000006380)='./file0\x00', &(0x7f00000063c0), 0x3004801, &(0x7f0000006400)={[{}, {@flock_write}, {@flock_write}, {@dyn}], [{@fowner_lt={'fowner<', r5}}]})
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
sendmsg$inet(r6, &(0x7f0000006a80)={&(0x7f0000006480)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000006a00)=[{&(0x7f00000064c0)="cf7b86c9d6647b832def1557ee6e4e8dc44870bc0d6691f5158dae498bd84faab2059ef3fa059351ae9368aaad2f291caf1e5bb194f46553a59a57d8de9e188eee3ec4f3bb0300cd09c46df27b472d5c51dab334b5eea95d32032033864153d2156b00a69f9fe43ff7e588b8e2bc24bbeccb1ec2", 0x74}, {&(0x7f0000006540)="0abaf5fb8de709330e80962aba44050e790d6abfd3b11aafdfcd0dc124f6fa296135566ac9a2fdec6d844ccad753072f3eb6841f9cd682b3bfdeb4f8d5e0f0f507e5a954128468a590cef2885c7a5ec2b746d78a0e96850cdfa227151c6c8980aecb9ac740836a38bbb61aee7f81485a992f83b66e19ab7338ca8fd48934acb4f107b5420cc3fa8bccf118e0b8c4b1aa682cbc5ddc781e9ae1ca732d87d5fc8895527b39b434b1abce77085a296f6ab81b4743ff7a8120c3b2bde40867579e4a99ecb65da068e97765c831276ce64e919a3252fe136818e719e733048d813d855a3ad28fec524dd399cd1af1c7", 0xed}, {&(0x7f0000006640)="72549a2b6c5703c686704591e2139922b409d4d193876e346acae3d045663d1a5bfd2442746c7bea1bb59eb2f6efd0474ecd4cb67d60455835e5934276d384d9e85a375970020943492747e14e672d9cc51f9ed9c8ea46ada51f9b004c28ff7ccc8fdd58bb381edbcae63b197b2255ab64616107dec92031687a077856fad5ce159ae317075e9bd902477b9465c60a523ad4a674a3494574c021c5126a5f098b4309a0192ef658c47e1740365c4c6ddbe4ece761c24edfe326951a3851a8db8de9b09a9d313c1ee0a15ab345207dc4f30b48d06697fdd79bc6c9d4d9e32b", 0xde}, {&(0x7f0000006740)="644fa0", 0x3}, {&(0x7f0000006780)="1ad83624ef43ba", 0x7}, {&(0x7f00000067c0)="6c2cc11a34a98db6956dfddaf2fcc1b24a502a7d5ba0db98e23dd7ff2dce4ef40002e3b744a7ae788b0f398be8a7ebd147727e7fc3b18ae48925956439cc90bff554fc2012840ad9597a916efaf09d50123a3f31c58ea2a91099c7f8657de20ceb7b6bdfb255dc58b527ee80ee4c6c93aba756bb850f029a713e5d874e150a37c28a6b3fc46b2d5c6010f65d8131ceb8ce2035b9f878fffe763b2c6e512436046b04acba", 0xa4}, {&(0x7f0000006880)="5d4e1153e76cf54809", 0x9}, {&(0x7f00000068c0)="4b26fc045375199bf25a541070ed5eb29d969ce893709f9cb0bb0f2422bb76f6f7485abf854eaa36a4da2989598378db209c75da97bc4932c769d85e238fff3f7f42", 0x42}, {&(0x7f0000006940)="559e5e0d8fe0aedcb8a75b646e9bd40bf116dcb3f564387061c9093938ce8b572ac2f5d2d77a92132d83045e2f066f53a03c664769e5e99638ff7d64d808596b5d9476902a3240d887a513e7683a165315b0917bb3ca67c212f4686538f99ef10d5d0712ab7f", 0x66}, {&(0x7f00000069c0)="a227917f99286fc40160045144f036a617e7c2e378db4d9e4609011a110076677c3add", 0x23}], 0xa}, 0x90)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000006ac0)={<r8=>0x0, 0x60f4, 0xffff, 0x8, 0xfffc, 0x7f, 0x5, 0x1, {0x0, @in={{0x2, 0x4e20, @broadcast}}, 0x1, 0x1, 0x4, 0x6, 0xa}}, &(0x7f0000006b80)=0xb0)
getsockopt$inet_sctp_SCTP_STATUS(r7, 0x84, 0xe, &(0x7f0000006bc0)={0x0, 0xb, 0x6, 0x1, 0x85, 0xa1, 0x3, 0x3, {<r9=>r8, @in6={{0xa, 0x4e24, 0x20, @empty, 0x5}}, 0x8, 0x7, 0x8, 0x2e1, 0x5}}, &(0x7f0000006c80)=0xb0)
r10 = fsmount(r6, 0x0, 0x0)
ioctl$BLKTRACESETUP(r10, 0xc0401273, &(0x7f0000006cc0)={'\x00', 0x401, 0x1, 0x0, 0x9, 0x8, r4})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r10, 0x89f3, &(0x7f0000006d80)={'ip6_vti0\x00', &(0x7f0000006d00)={'syztnl0\x00', <r11=>0x0, 0x2f, 0x53, 0x7f, 0x4, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x1, 0x200, 0x5}})
setsockopt$packet_drop_memb(r10, 0x107, 0x2, &(0x7f0000006dc0)={r11, 0x1, 0x6, @multicast}, 0x10)
write$FUSE_INIT(r2, &(0x7f0000006e00)={0x50, 0xfffffffffffffff5, r3, {0x7, 0x2b, 0x29c, 0x20000, 0x3, 0x7, 0xfff, 0x8, 0x0, 0x0, 0x61977063b8bcf343, 0x60000}}, 0x50)
pwritev(r7, &(0x7f0000006fc0)=[{&(0x7f0000006e80)="2dac4e89a1aed34612e36a73bd3671f1b7eea633c2fc4ffb", 0x18}, {&(0x7f0000006ec0)="24e8df6aeefbce6538a507b4b3848f5a87f7183a5bc5bd5c0bfcb6963e659e2c8121a43c35fed636fd4d10bfc1df5f035b6f0cdc10f369889fe0ed3f8f6295cb6007f704e34bdc7cfbb661ed55e60fc31d4a036be82a93408cddcdc9dbe7ab1664717125c745507c9de7fd0bf328ba297c6341e86f9e981acd18f779f794214c25ab836d6ae438e19d27edf81db08a4b3a34c8da552f1a2cde55749413a6a8de95abcb77c8f10ed24e75122f0accda8097055cfa833bc2a8c72f79bab5c2337f82cf9e4a85d42fe3911e7c058bca5b5d21a5b358bf21d64abad8afdb2dd67dd8b9f9a8c192294f266260ba8e3c0af38b74d9e42d2bce6f285f316bb5", 0xfc}], 0x2, 0x2, 0x8)
rename(&(0x7f0000007000)='./file0\x00', &(0x7f0000007040)='./file0\x00')
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000007540)={r10, 0xe0, &(0x7f0000007440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000007280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0xa, &(0x7f00000072c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000007300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r12=>0x0, 0x9a, &(0x7f0000007340)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000007380), &(0x7f00000073c0), 0x8, 0x42, 0x8, 0x8, &(0x7f0000007400)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000007600)={0x1f, 0x12, &(0x7f0000007080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x100}, [@alu={0x4, 0x0, 0x4, 0xa, 0xa, 0xffffffffffffffef, 0xffffffffffffffff}, @map_idx={0x18, 0x5, 0x5, 0x0, 0xa}, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2839}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, @ldst={0x0, 0x2, 0x4, 0x1, 0x9, 0x2, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0x8, 0x3, 0x0, 0x80, 0x10}, @map_val={0x18, 0x4, 0x2, 0x0, r10, 0x0, 0x0, 0x0, 0xf7345aa5}, @map_idx={0x18, 0x4, 0x5, 0x0, 0x8}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x13}]}, &(0x7f0000007140)='GPL\x00', 0xcc, 0x85, &(0x7f0000007180)=""/133, 0x40f00, 0x3, '\x00', r11, @fallback=0x27, r10, 0x8, 0x0, 0x0, 0x10, &(0x7f0000007240)={0x2, 0x0, 0x9, 0xf}, 0x10, r12, 0xffffffffffffffff, 0x4, &(0x7f0000007580)=[r10, r10], &(0x7f00000075c0)=[{0x2, 0x4, 0xf, 0x8}, {0x2, 0x4, 0x6, 0xb}, {0x1, 0x1, 0x5, 0x6}, {0x1, 0x5, 0x2, 0x8}], 0x10, 0xfffffc00, @void, @value}, 0x94)
accept4$unix(r10, &(0x7f00000076c0), &(0x7f0000007740)=0x6e, 0x80800)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r10, 0xc0189374, &(0x7f0000007780)={{0x1, 0x1, 0x18, <r13=>r7, {0x9}}, './file1\x00'})
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r13, 0x84, 0x75, &(0x7f00000077c0)={<r14=>r8, 0x7}, &(0x7f0000007800)=0x8)
getsockopt$inet_sctp6_SCTP_RTOINFO(r10, 0x84, 0x0, &(0x7f0000007840)={<r15=>r9, 0x0, 0x7ff, 0x4}, &(0x7f0000007880)=0x10)
getsockopt$inet_sctp_SCTP_STATUS(r10, 0x84, 0xe, &(0x7f00000078c0)={r14, 0x0, 0x368, 0x4, 0xd9, 0x81, 0x7, 0x8, {r15, @in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x4c8c, 0xff, 0x3, 0x337f, 0x9}}, &(0x7f0000007980)=0xb0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r13, &(0x7f0000007c00)={&(0x7f00000079c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000007bc0)={&(0x7f0000007a40)={0x150, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xfffffff7}, {0x6, 0x16, 0x5}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x9}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x3a}, {0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x4}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x5}, {0x6, 0x16, 0x50}, {0x5, 0x12, 0x1}}]}, 0x150}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.831670538s ago: executing program 4 (id=1093):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x325, 0x0, 0x0, {0x8}}, 0x14}}, 0x0)

1.011768151s ago: executing program 1 (id=1094):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xf, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0xfffffffffffffffc}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x50}}, 0x0)
setrlimit(0x1, &(0x7f0000000380)={0x1, 0x713})
r1 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
keyctl$read(0x2, r1, &(0x7f00000003c0)=""/4096, 0x1000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
syz_clone(0x80, &(0x7f0000000200)="13979d3dd4ac0b402d3bcd2a17aca43997e5ec0796649172888966badeb2524614b33d77367c1b625a42c25948e600d11ec582e4409f90f57d2641803661298efe756e9036dbbabec728c19247799bb5f9aa0570492da341fb465c8ec4c566fa6729fbe60fc75b4a725cf037c043a24fcbb70855cf37d3aacd1093ad75918a78464f517d85183238be9d2acf254ca5f130d0199b81022d5ecac5252cc3d828ed5fe41a98c564f0c8bb68561e6ae9c6c6f1a728aed1d6aceadd90c315d656b3bfab063ad5beb5d83d3d97f99586a4627967f006", 0xd3, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)="d81a0bedc85ce59ccb152074bcdf6279df9cfccdefe8becc0e")
r3 = syz_open_dev$vim2m(&(0x7f0000000500), 0xb53d, 0x2)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000a00)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}}, 0x44080)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000540)={0x0, 0x1, 0x2})
r7 = signalfd4(r3, &(0x7f0000000000)={[0x80000000, 0x2]}, 0x8, 0x800)
shutdown(r7, 0x0)

961.589639ms ago: executing program 3 (id=1095):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = userfaultfd(0x80001)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8850}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xa}, 0x20)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x20001, 0x4)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r4, 0xae80, 0x0)

961.384398ms ago: executing program 0 (id=1096):
mmap(&(0x7f0000d79000/0x3000)=nil, 0x3000, 0x0, 0x132, 0xffffffffffffffff, 0x0)
setsockopt$MRT_PIM(0xffffffffffffffff, 0x0, 0xd0, &(0x7f0000002700)=0x3, 0x4)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$hpet(0xffffff9c, 0x0, 0x4400, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
ioctl$CDROMCLOSETRAY(0xffffffffffffffff, 0x5319)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
write$sndseq(r4, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r4, 0x402c5342, &(0x7f0000000040)={0x0, 0x7a124, 0x63, {0x0, 0x100}})
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r5, &(0x7f0000014980)=[{{&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000001c00)='{', 0x1}], 0x1}}, {{&(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010101}, 0x10, &(0x7f0000010700)=[{&(0x7f0000010140)="9b", 0x1}], 0x1}}], 0x2, 0x0)
listen(r0, 0x8001)
r6 = getpid()
sched_setscheduler(r6, 0x5, &(0x7f0000000200)=0x4)
socket$inet6(0xa, 0x3, 0xff)
r7 = syz_open_dev$rtc(&(0x7f0000000040), 0x4, 0x20)
ioctl$RTC_WKALM_SET(r7, 0x4028700f, &(0x7f0000000100)={0x1, 0x1, {0xa, 0x17, 0x0, 0xa, 0x8, 0x4000000, 0x5, 0xf, 0xffffffffffffffff}})
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)

891.57433ms ago: executing program 1 (id=1097):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa07, &(0x7f0000000280)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}})
r2 = syz_io_uring_setup(0x115, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001740)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2000}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0xc, 0x0, r0, 0x0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1800"], 0x18}, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

771.528233ms ago: executing program 1 (id=1098):
socket$l2tp6(0xa, 0x2, 0x73)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000380)=0x3)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$sndseq(r2, &(0x7f0000000140)=[{0x0, 0x0, 0x0, 0xf2, @time={0x4}, {}, {}, @raw32={[0x9, 0x8, 0x5a7]}}, {0x6, 0x0, 0x1, 0x81, @time={0xffff, 0x80000001}, {0x8, 0x30}, {0x2}, @time=@tick=0x1}], 0x38)
socket$key(0xf, 0x3, 0x2)
syz_usb_connect$cdc_ecm(0x3, 0x4d, &(0x7f0000001240)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902"], 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00')
r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r3)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r0, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x5c, r4, 0x200, 0x70bd27, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x140080c4}, 0x40)
userfaultfd(0x801)
syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x2a8600)
r5 = syz_open_dev$dri(&(0x7f0000000380), 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r6=>0x0], 0x40000012})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000180)={0x201, 0x1, &(0x7f0000000540)=[r6], &(0x7f0000000500)=[0x1], &(0x7f0000000200), &(0x7f0000000580), 0x0, 0x7f})

771.192791ms ago: executing program 4 (id=1099):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
io_uring_setup(0x60f7, &(0x7f0000000300)={0x0, 0x0, 0x2000, 0x4000000, 0x3bd})
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r1, 0x4)
recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}}], 0x1, 0x40000100, 0x0)
close_range(r0, r1, 0x0)
dup(r0)
socket$kcm(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x2}, {0x1e, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9f, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x48, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
openat$binfmt(0xffffffffffffff9c, r5, 0x42, 0x1ff)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r6, &(0x7f0000000180)={0xa, 0x2, 0x0, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x7}, 0x1c)
sendto$inet6(r6, &(0x7f0000000640)='\x00', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
shutdown(r6, 0x1)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x4b4a, 0xffffffffffffff15)

441.31501ms ago: executing program 0 (id=1100):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102376, 0x18fe8)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x40042, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f00000000c0)=0xc4030a4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x242801, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0xa, 0x0, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @link_local, @val={@void, {0x8100, 0x1, 0x1, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x4e20, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2, 0xfff7}}}}}}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r6, 0x58, &(0x7f0000000340)={0x0, <r7=>0x0}}, 0x10)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r7}, 0xc)
close(r8)
write$cgroup_int(r4, &(0x7f0000000140)=0x7fffffff, 0x12)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)

371.270306ms ago: executing program 0 (id=1101):
r0 = openat$dlm_monitor(0xffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06464ce, &(0x7f0000000040)={0x0, 0x9, 0x4, 0x401, 0x3, [0x0, <r1=>0x0], [0x20104a7, 0xc, 0x7, 0x1], [0x40, 0x13b, 0x8, 0x80], [0x6, 0x5, 0x1d2f, 0x18]})
ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f00000000c0)={r1})
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) (async)
ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r2=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000140)={r2, 0x1, 0x6, @link_local}, 0x10)
openat$procfs(0xffffff9c, &(0x7f0000000180)='/proc/mdstat\x00', 0x0, 0x0) (async)
r3 = openat$procfs(0xffffff9c, &(0x7f0000000180)='/proc/mdstat\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_AGP_RELEASE(r3, 0x6431)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r4=>0xffffffffffffffff, {0xfffffff7}}, './file0\x00'})
getsockopt$inet6_tcp_int(r4, 0x6, 0x240164697de8dfaf, &(0x7f0000000200), &(0x7f0000000240)=0x4)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000280))
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f00000002c0)={0x48}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f00000002c0)={0x48, 0x2, 0x0, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0xa, r5}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0xa, r5})
socket$igmp(0x2, 0x3, 0x2)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000004c0)={@ifindex=r2, 0xd, 0x0, 0x9, &(0x7f00000003c0)=[0x0], 0x1, 0x0, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0], <r6=>0x0}, 0x40)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000580)={0xffffffffffffffff, r0, 0x0, 0x1, &(0x7f0000000540)='\x00', <r7=>0x0}, 0x30)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000500)={@cgroup=r0, r0, 0x24, 0x28, 0x0, @void, @void, @void, @value=r7, r6}, 0x20)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f00000006c0)={r3, 0x0, 0xae, 0x0, &(0x7f00000005c0)="2661f9288ef27b22c677a2aae54adb2cf0b6059f1277cdfed74f85d6bcbe89f1c453c6bfd25170773075220c1f4d4d6ae1c307958b1384f61140c4183f0a55bd657ba8b48637b48e3bacd4da7004192902cf33509455fe6705f7c41f22b0233620e7de700c9a1f712cf53595ac26d5bfe240420e59d6d46cf52fc4bda377528f8fc3f8c771bbefc44de82ba0faab9c3a871f5a63383d00ce86e3f88634ae359b24cd00c3facfe5267564fa7570e9", 0x0, 0x3ff8, 0x0, 0x0, 0x0, &(0x7f0000000680), 0x0, 0x2, 0x0, 0x48}, 0x4c) (async)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f00000006c0)={r3, 0x0, 0xae, 0x0, &(0x7f00000005c0)="2661f9288ef27b22c677a2aae54adb2cf0b6059f1277cdfed74f85d6bcbe89f1c453c6bfd25170773075220c1f4d4d6ae1c307958b1384f61140c4183f0a55bd657ba8b48637b48e3bacd4da7004192902cf33509455fe6705f7c41f22b0233620e7de700c9a1f712cf53595ac26d5bfe240420e59d6d46cf52fc4bda377528f8fc3f8c771bbefc44de82ba0faab9c3a871f5a63383d00ce86e3f88634ae359b24cd00c3facfe5267564fa7570e9", 0x0, 0x3ff8, 0x0, 0x0, 0x0, &(0x7f0000000680), 0x0, 0x2, 0x0, 0x48}, 0x4c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x24, &(0x7f0000000740)=0x8000, 0x4)
mmap$usbmon(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x300000a, 0x8010, r4, 0x7) (async)
mmap$usbmon(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x300000a, 0x8010, r4, 0x7)
r8 = accept4(r3, &(0x7f0000000780)=@l2, &(0x7f0000000800)=0x80, 0x80000)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$MRT_DONE(r8, 0x0, 0xc9, 0x0, 0x0)
recvmmsg(r8, &(0x7f0000001200)=[{{&(0x7f0000000840)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000001000)=[{&(0x7f00000008c0)=""/131, 0x83}, {&(0x7f0000000980)=""/200, 0xc8}, {&(0x7f0000000a80)=""/130, 0x82}, {&(0x7f0000000b40)=""/166, 0xa6}, {&(0x7f0000000c00)=""/117, 0x75}, {&(0x7f0000000c80)=""/218, 0xda}, {&(0x7f0000000d80)=""/93, 0x5d}, {&(0x7f0000000e00)=""/5, 0x5}, {&(0x7f0000000e40)=""/200, 0xc8}, {&(0x7f0000000f40)=""/147, 0x93}], 0xa, &(0x7f0000001080)=""/22, 0x16}, 0x8}, {{&(0x7f00000010c0)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f00000011c0)=[{&(0x7f0000001140)=""/83, 0x53}], 0x1}, 0xfb1}], 0x2, 0x0, &(0x7f0000001240)={0x0, 0x989680}) (async)
recvmmsg(r8, &(0x7f0000001200)=[{{&(0x7f0000000840)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000001000)=[{&(0x7f00000008c0)=""/131, 0x83}, {&(0x7f0000000980)=""/200, 0xc8}, {&(0x7f0000000a80)=""/130, 0x82}, {&(0x7f0000000b40)=""/166, 0xa6}, {&(0x7f0000000c00)=""/117, 0x75}, {&(0x7f0000000c80)=""/218, 0xda}, {&(0x7f0000000d80)=""/93, 0x5d}, {&(0x7f0000000e00)=""/5, 0x5}, {&(0x7f0000000e40)=""/200, 0xc8}, {&(0x7f0000000f40)=""/147, 0x93}], 0xa, &(0x7f0000001080)=""/22, 0x16}, 0x8}, {{&(0x7f00000010c0)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f00000011c0)=[{&(0x7f0000001140)=""/83, 0x53}], 0x1}, 0xfb1}], 0x2, 0x0, &(0x7f0000001240)={0x0, 0x989680})
recvmsg$kcm(r8, &(0x7f0000001480)={&(0x7f0000001280)=@hci, 0x80, &(0x7f00000013c0)=[{&(0x7f0000001300)=""/160, 0xa0}], 0x1, &(0x7f0000001400)=""/89, 0x59}, 0x40010002)
syz_init_net_socket$ax25(0x3, 0x0, 0xc4) (async)
r9 = syz_init_net_socket$ax25(0x3, 0x0, 0xc4)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r9, 0xc0c09425, &(0x7f00000014c0)={"34624d9500bdf677420fd3a2dbe02b24", 0x0, <r10=>0x0, {0xc77, 0x1000}, {0xfffffffffffff9d3, 0x4cc}, 0x5, [0xd7e, 0x3, 0x0, 0x8, 0x8, 0xfffffffc00000000, 0x3, 0x1, 0x4, 0x5, 0xe, 0x8, 0x2, 0x7, 0x6, 0x800]})
ioctl$BTRFS_IOC_BALANCE_V2(r4, 0xc4009420, &(0x7f0000001580)={0xb, 0x2, {0xfdb, @struct={0x3, 0x6}, 0x0, 0xfffffffffffffff7, 0x8, 0x2, 0x3, 0xf7e, 0x60, @usage=0x72d, 0x6, 0x8, [0x3, 0x8000, 0xfffffffffffffffc, 0x7f52, 0x9, 0x3]}, {0x800, @usage=0x7, <r11=>0x0, 0x186, 0x7f, 0x7, 0x7, 0x6, 0x10, @struct={0x4, 0x3ff}, 0x10, 0x5, [0x1, 0xf695, 0x4, 0x90, 0x6, 0xfffffffffffffffc]}, {0x2, @struct={0x200}, 0x0, 0x6, 0x6, 0x9, 0xa, 0x3, 0x431, @struct={0xffff, 0x7}, 0x2, 0x3, [0x8, 0xb, 0x3, 0x2, 0x7fffffff, 0x7]}, {0x7, 0x8, 0x9}})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000001980)={{r4}, r10, 0x1e, @unused=[0x38, 0x89a, 0x46, 0x9], @devid=r11}) (async)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000001980)={{r4}, r10, 0x1e, @unused=[0x38, 0x89a, 0x46, 0x9], @devid=r11})
getsockopt$inet6_int(r8, 0x29, 0x11, &(0x7f0000002980), &(0x7f00000029c0)=0x4)

280.027713ms ago: executing program 0 (id=1102):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001700)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x4}, {0xffff, 0xffff}, {0xb, 0xfff1}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x0, 0x8}}]}}]}, 0x48}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0x3}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8}]}}]}, 0x38}}, 0x4000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000240)={{&(0x7f0000c00000/0x400000)=nil, 0x400000}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x424040, 0x0)
r5 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
r6 = syz_open_dev$dri(0x0, 0x0, 0x4501)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56561, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r9, {0xb, 0x2}, {0xffff, 0xb}, {0xb, 0x8}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x1}, @TCA_RATE={0x6, 0x5, {0xdd, 0xbe}}, @qdisc_kind_options=@q_qfg={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4040002)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x2f126000)

110.296981ms ago: executing program 0 (id=1103):
mkdir(&(0x7f0000000040)='./file1\x00', 0x1e)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000280)='./bus\x00', &(0x7f0000000080), 0x2000000, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0)
mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
unlink(&(0x7f0000000180)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000340)='./file1\x00', 0x1000000)

785.894µs ago: executing program 0 (id=1104):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e120800060000000401a80016000900014003000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad956677806dcdf63951f215ce3bb9ad809d5e1cae6ccd40dd6e4edef3d93452a92e19f805dece9324568907e075a7cfc954b43370e9701000000000000000044dce693ec9bcccde35c0000000000e373422a9d78e30e4c050a700f510f0ea325d0187caf47bb8a87e8afc8083359d2e28160d6250dfdcaca5b81a349", 0x11f}], 0x1}, 0x0)

0s ago: executing program 3 (id=1105):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102376, 0x18fe8)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x40042, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f00000000c0)=0xc4030a4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x242801, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0xa, 0x0, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @link_local, @val={@void, {0x8100, 0x1, 0x1, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x4e20, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2, 0xfff7}}}}}}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r6, 0x58, &(0x7f0000000340)={0x0, <r7=>0x0}}, 0x10)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r7}, 0xc)
close(r8)
write$cgroup_int(r4, &(0x7f0000000140)=0x7fffffff, 0x12)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), r9)

kernel console output (not intermixed with test programs):

s_surp=0 hugepages_size=2048kB
[  126.889078][ T7804] 55529 total pagecache pages
[  126.890467][ T7804] 0 pages in swap cache
[  126.891755][ T7804] Free swap  = 124996kB
[  126.894219][ T7804] Total swap = 124996kB
[  126.895766][ T7804] 524155 pages RAM
[  126.897109][ T7804] 0 pages HighMem/MovableOnly
[  126.898756][ T7804] 208867 pages reserved
[  126.900681][ T7804] 0 pages cma reserved
[  126.956650][ T7727] veth0_vlan: entered promiscuous mode
[  126.961493][ T7727] veth1_vlan: entered promiscuous mode
[  126.978838][ T7727] veth0_macvtap: entered promiscuous mode
[  126.992091][ T7727] veth1_macvtap: entered promiscuous mode
[  127.002419][ T7727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.009374][ T7727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.012660][ T7727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  127.015898][ T7727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.022204][ T7727] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.035611][ T7727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.043126][ T7727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.046336][ T7727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  127.054876][ T7727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.058631][ T7727] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.075107][ T7727] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.077729][ T7727] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.080462][ T7727] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.093068][ T7727] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.145836][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.155649][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.175339][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.177911][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.339543][ T7831] tipc: Enabling of bearer <ió:b> rejected, media not registered
[  127.481139][ T7828] lo speed is unknown, defaulting to 1000
[  127.484918][ T7828] lo speed is unknown, defaulting to 1000
[  127.713069][ T5962] Bluetooth: hci1: command tx timeout
[  128.051406][ T7853] netlink: 72 bytes leftover after parsing attributes in process `syz.3.499'.
[  128.619211][ T7878] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  129.792994][ T5962] Bluetooth: hci1: command tx timeout
[  130.219521][ T7907] netlink: 36 bytes leftover after parsing attributes in process `syz.4.509'.
[  130.322268][ T7915] netlink: 72 bytes leftover after parsing attributes in process `syz.1.512'.
[  131.161139][ T7933] netlink: 'syz.1.517': attribute type 1 has an invalid length.
[  131.649226][ T7948] IPv4: Oversized IP packet from 172.20.20.24
[  131.652768][    C3] IPv4: Oversized IP packet from 172.20.20.24
[  131.655678][    C3] IPv4: Oversized IP packet from 172.20.20.24
[  131.865424][   T40] audit: type=1400 audit(1743778309.223:83): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=7954 comm="syz.0.526"
[  131.866335][ T7956] netlink: 'syz.0.526': attribute type 1 has an invalid length.
[  131.883150][ T5962] Bluetooth: hci1: command tx timeout
[  132.198665][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  132.200517][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  132.213221][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  132.315357][ T7970] netlink: 28 bytes leftover after parsing attributes in process `syz.4.530'.
[  132.350157][ T7973] fuse: Unknown parameter '0x0000000000000003'
[  132.363534][   T10] usb 5-1: Using ep0 maxpacket: 8
[  132.364755][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.364772][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.364790][   T10] usb 5-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  132.364802][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.366259][   T10] usb 5-1: config 0 descriptor??
[  132.407637][ T7974] dummy0: entered promiscuous mode
[  132.589132][ T7961] FAULT_INJECTION: forcing a failure.
[  132.589132][ T7961] name failslab, interval 1, probability 0, space 0, times 0
[  132.592569][ T7961] CPU: 0 UID: 0 PID: 7961 Comm: syz.0.527 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  132.592583][ T7961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  132.592590][ T7961] Call Trace:
[  132.592594][ T7961]  <TASK>
[  132.592598][ T7961]  dump_stack_lvl+0x16c/0x1f0
[  132.592615][ T7961]  should_fail_ex+0x512/0x640
[  132.592628][ T7961]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  132.592644][ T7961]  should_failslab+0xc2/0x120
[  132.592663][ T7961]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  132.592681][ T7961]  ? __kernfs_new_node+0xd2/0x8a0
[  132.592699][ T7961]  __kernfs_new_node+0xd2/0x8a0
[  132.592715][ T7961]  ? __pfx___kernfs_new_node+0x10/0x10
[  132.592733][ T7961]  ? find_held_lock+0x2b/0x80
[  132.592746][ T7961]  ? kernfs_root+0xee/0x2a0
[  132.592763][ T7961]  kernfs_new_node+0x13c/0x1e0
[  132.592776][ T7961]  __kernfs_create_file+0x53/0x350
[  132.592790][ T7961]  sysfs_add_file_mode_ns+0x207/0x3c0
[  132.592807][ T7961]  internal_create_group+0x578/0xf30
[  132.592820][ T7961]  ? __pfx_internal_create_group+0x10/0x10
[  132.592837][ T7961]  ? kernfs_create_link+0x1bd/0x240
[  132.592852][ T7961]  internal_create_groups+0x9d/0x150
[  132.592866][ T7961]  device_add+0x6d1/0x1a70
[  132.592878][ T7961]  ? __pfx_device_add+0x10/0x10
[  132.592888][ T7961]  ? lockdep_init_map_type+0x5c/0x280
[  132.592898][ T7961]  ? __init_waitqueue_head+0xca/0x150
[  132.592913][ T7961]  netdev_register_kobject+0x182/0x3a0
[  132.592930][ T7961]  register_netdevice+0x13dc/0x2040
[  132.592946][ T7961]  ? __pfx_register_netdevice+0x10/0x10
[  132.592960][ T7961]  ? dev_addr_mod+0x316/0x540
[  132.592972][ T7961]  ipip6_tunnel_create+0x11d/0x1d0
[  132.592989][ T7961]  ipip6_newlink+0x1f1/0x480
[  132.592999][ T7961]  ? __pfx_ipip6_newlink+0x10/0x10
[  132.593006][ T7961]  ? alloc_netdev_mqs+0xe7e/0x1570
[  132.593023][ T7961]  ? rtnl_create_link+0xa52/0xfa0
[  132.593036][ T7961]  ? __pfx_ipip6_newlink+0x10/0x10
[  132.593045][ T7961]  rtnl_newlink+0xc42/0x2000
[  132.593063][ T7961]  ? __pfx_rtnl_newlink+0x10/0x10
[  132.593082][ T7961]  ? kfree_skbmem+0x1a4/0x1f0
[  132.593095][ T7961]  ? rcu_is_watching+0x12/0xc0
[  132.593108][ T7961]  ? trace_cap_capable+0x18d/0x200
[  132.593121][ T7961]  ? find_held_lock+0x2b/0x80
[  132.593133][ T7961]  ? __pfx_rtnl_newlink+0x10/0x10
[  132.593144][ T7961]  ? __pfx_rtnl_newlink+0x10/0x10
[  132.593156][ T7961]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  132.593169][ T7961]  ? __pfx_rtnl_newlink+0x10/0x10
[  132.593182][ T7961]  rtnetlink_rcv_msg+0x95b/0xe90
[  132.593196][ T7961]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  132.593215][ T7961]  netlink_rcv_skb+0x16a/0x440
[  132.593229][ T7961]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  132.593243][ T7961]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  132.593263][ T7961]  ? netlink_deliver_tap+0x1ae/0xd30
[  132.593279][ T7961]  netlink_unicast+0x53a/0x7f0
[  132.593293][ T7961]  ? __pfx_netlink_unicast+0x10/0x10
[  132.593310][ T7961]  netlink_sendmsg+0x8d1/0xdd0
[  132.593325][ T7961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  132.593340][ T7961]  ? __import_iovec+0x1c8/0x660
[  132.593355][ T7961]  ____sys_sendmsg+0xa95/0xc70
[  132.593371][ T7961]  ? __pfx_____sys_sendmsg+0x10/0x10
[  132.593386][ T7961]  ? get_compat_msghdr+0x11a/0x170
[  132.593403][ T7961]  ___sys_sendmsg+0x134/0x1d0
[  132.593416][ T7961]  ? __pfx____sys_sendmsg+0x10/0x10
[  132.593445][ T7961]  __sys_sendmsg+0x16d/0x220
[  132.593457][ T7961]  ? __pfx___sys_sendmsg+0x10/0x10
[  132.593473][ T7961]  ? rcu_is_watching+0x12/0xc0
[  132.593486][ T7961]  ? rcu_is_watching+0x12/0xc0
[  132.593499][ T7961]  __do_fast_syscall_32+0x73/0x120
[  132.593514][ T7961]  do_fast_syscall_32+0x32/0x80
[  132.593527][ T7961]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  132.593539][ T7961] RIP: 0023:0xf742e579
[  132.593547][ T7961] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  132.593556][ T7961] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  132.593565][ T7961] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000080
[  132.593571][ T7961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  132.593577][ T7961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  132.593582][ T7961] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  132.593587][ T7961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  132.593599][ T7961]  </TASK>
[  132.729957][ T7979] lo speed is unknown, defaulting to 1000
[  132.732370][ T7979] lo speed is unknown, defaulting to 1000
[  132.800928][ T7981] netlink: 4 bytes leftover after parsing attributes in process `syz.1.534'.
[  133.196855][ T7988] futex_wake_op: syz.1.535 tries to shift op by -1; fix this program
[  133.405500][ T7997] netlink: 84 bytes leftover after parsing attributes in process `syz.4.537'.
[  134.248948][ T8004] fuse: Bad value for 'rootmode'
[  134.670568][   T40] audit: type=1326 audit(1743778312.023:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.3.545" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  134.676896][   T40] audit: type=1326 audit(1743778312.023:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.3.545" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  134.685307][   T40] audit: type=1326 audit(1743778312.023:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.3.545" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  134.694280][   T40] audit: type=1326 audit(1743778312.023:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.3.545" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  134.700501][   T40] audit: type=1326 audit(1743778312.023:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.3.545" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  134.707608][   T40] audit: type=1326 audit(1743778312.033:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.3.545" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  134.714251][   T40] audit: type=1326 audit(1743778312.033:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.3.545" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  134.719885][   T40] audit: type=1326 audit(1743778312.033:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.3.545" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  134.731105][   T40] audit: type=1326 audit(1743778312.033:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.3.545" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  134.997387][   T10] usbhid 5-1:0.0: can't add hid device: -71
[  135.000128][   T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  135.137596][   T10] usb 5-1: USB disconnect, device number 4
[  135.524433][ T8051] netlink: 16 bytes leftover after parsing attributes in process `syz.1.554'.
[  135.529599][ T8051] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.673137][ T8057] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  135.675615][ T8057] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  136.094742][ T8066] netlink: 8 bytes leftover after parsing attributes in process `syz.4.558'.
[  136.115449][ T8067] netlink: 72 bytes leftover after parsing attributes in process `syz.3.557'.
[  136.616922][ T8071] lo speed is unknown, defaulting to 1000
[  136.619599][ T8071] lo speed is unknown, defaulting to 1000
[  137.177024][ T8094] xt_CT: You must specify a L4 protocol and not use inversions on it
[  137.769216][ T8103] syz_tun: entered allmulticast mode
[  137.779020][ T8103] dvmrp1: entered allmulticast mode
[  137.831026][ T8102] syz_tun: left allmulticast mode
[  137.832509][ T8102] dvmrp1: left allmulticast mode
[  137.922477][ T8109] netlink: 12 bytes leftover after parsing attributes in process `syz.4.570'.
[  138.051276][ T8109] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  138.086406][ T8131] netlink: 'syz.3.569': attribute type 2 has an invalid length.
[  138.300060][ T8145] program syz.1.577 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  138.463212][ T8156] netlink: 20 bytes leftover after parsing attributes in process `syz.4.579'.
[  139.008719][ T8177] program syz.3.583 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  139.011602][ T8177] FAULT_INJECTION: forcing a failure.
[  139.011602][ T8177] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.016378][ T8177] CPU: 3 UID: 0 PID: 8177 Comm: syz.3.583 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  139.016393][ T8177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  139.016402][ T8177] Call Trace:
[  139.016407][ T8177]  <TASK>
[  139.016412][ T8177]  dump_stack_lvl+0x16c/0x1f0
[  139.016435][ T8177]  should_fail_ex+0x512/0x640
[  139.016518][ T8177]  _copy_to_user+0x32/0xd0
[  139.016543][ T8177]  simple_read_from_buffer+0xcb/0x170
[  139.016566][ T8177]  proc_fail_nth_read+0x197/0x270
[  139.016588][ T8177]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  139.016609][ T8177]  ? rw_verify_area+0xcf/0x680
[  139.016625][ T8177]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  139.016646][ T8177]  vfs_read+0x1de/0xc70
[  139.016669][ T8177]  ? __pfx___mutex_lock+0x10/0x10
[  139.016691][ T8177]  ? __pfx_vfs_read+0x10/0x10
[  139.016719][ T8177]  ? __fget_files+0x20e/0x3c0
[  139.016749][ T8177]  ksys_read+0x12a/0x240
[  139.016771][ T8177]  ? __pfx_ksys_read+0x10/0x10
[  139.016790][ T8177]  ? rcu_is_watching+0x12/0xc0
[  139.016811][ T8177]  ? rcu_is_watching+0x12/0xc0
[  139.016835][ T8177]  __do_fast_syscall_32+0x73/0x120
[  139.016860][ T8177]  do_fast_syscall_32+0x32/0x80
[  139.016882][ T8177]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  139.016901][ T8177] RIP: 0023:0xf7f46579
[  139.016914][ T8177] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  139.016929][ T8177] RSP: 002b:00000000f5066590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  139.016944][ T8177] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5066620
[  139.016953][ T8177] RDX: 000000000000000f RSI: 00000000f73ccff4 RDI: 0000000000000000
[  139.016962][ T8177] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  139.016970][ T8177] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  139.016979][ T8177] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  139.017000][ T8177]  </TASK>
[  139.125673][ T8188] lo speed is unknown, defaulting to 1000
[  139.127920][ T8188] lo speed is unknown, defaulting to 1000
[  139.176660][ T8190] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  139.874956][ T8209] netlink: 72 bytes leftover after parsing attributes in process `syz.4.590'.
[  140.886829][ T8241] lo speed is unknown, defaulting to 1000
[  140.890282][ T8241] lo speed is unknown, defaulting to 1000
[  141.869170][ T8264] team0 (unregistering): Port device team_slave_0 removed
[  141.904163][ T8264] team0 (unregistering): Port device team_slave_1 removed
[  142.297886][ T8285] netlink: 8 bytes leftover after parsing attributes in process `syz.3.608'.
[  142.449914][ T8294] netlink: 8 bytes leftover after parsing attributes in process `syz.4.606'.
[  142.532931][ T8293] IPVS: set_ctl: invalid protocol: 41 172.20.20.51:20004
[  142.535142][ T8293] netlink: 4 bytes leftover after parsing attributes in process `syz.3.611'.
[  143.101769][ T8305] bridge0: port 3(netdevsim0) entered blocking state
[  143.105289][ T8305] bridge0: port 3(netdevsim0) entered disabled state
[  143.107518][ T8305] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  143.110705][ T8305] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  143.117725][ T8305] bridge0: port 3(netdevsim0) entered blocking state
[  143.119780][ T8305] bridge0: port 3(netdevsim0) entered forwarding state
[  143.134726][ T8305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.615'.
[  143.373666][ T8323] futex_wake_op: syz.4.617 tries to shift op by -1; fix this program
[  143.648018][ T8331] netlink: 72 bytes leftover after parsing attributes in process `syz.1.623'.
[  144.221403][ T8338] FAULT_INJECTION: forcing a failure.
[  144.221403][ T8338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  144.225602][ T8338] CPU: 3 UID: 0 PID: 8338 Comm: syz.4.626 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  144.225615][ T8338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.225622][ T8338] Call Trace:
[  144.225633][ T8338]  <TASK>
[  144.225637][ T8338]  dump_stack_lvl+0x16c/0x1f0
[  144.225667][ T8338]  should_fail_ex+0x512/0x640
[  144.225685][ T8338]  _copy_to_user+0x32/0xd0
[  144.225698][ T8338]  simple_read_from_buffer+0xcb/0x170
[  144.225713][ T8338]  proc_fail_nth_read+0x197/0x270
[  144.225727][ T8338]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  144.225741][ T8338]  ? rw_verify_area+0xcf/0x680
[  144.225753][ T8338]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  144.225766][ T8338]  vfs_read+0x1de/0xc70
[  144.225781][ T8338]  ? __pfx___mutex_lock+0x10/0x10
[  144.225798][ T8338]  ? __pfx_vfs_read+0x10/0x10
[  144.225814][ T8338]  ? __fget_files+0x20e/0x3c0
[  144.225832][ T8338]  ksys_read+0x12a/0x240
[  144.225844][ T8338]  ? __pfx_ksys_read+0x10/0x10
[  144.225858][ T8338]  ? rcu_is_watching+0x12/0xc0
[  144.225872][ T8338]  __do_fast_syscall_32+0x73/0x120
[  144.225887][ T8338]  do_fast_syscall_32+0x32/0x80
[  144.225900][ T8338]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  144.225913][ T8338] RIP: 0023:0xf739e579
[  144.225921][ T8338] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  144.225949][ T8338] RSP: 002b:00000000f5026590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  144.225959][ T8338] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5026620
[  144.225965][ T8338] RDX: 000000000000000f RSI: 00000000f738cff4 RDI: 0000000000000000
[  144.225970][ T8338] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  144.225976][ T8338] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  144.225981][ T8338] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  144.225993][ T8338]  </TASK>
[  144.658218][   T29] libceph: connect (1)[c::]:6789 error -101
[  144.661314][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  144.923080][   T29] libceph: connect (1)[c::]:6789 error -101
[  144.925126][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  145.041096][ T8357] tipc: Started in network mode
[  145.043162][ T8357] tipc: Node identity 4, cluster identity 4711
[  145.045490][ T8357] tipc: Node number set to 4
[  145.272295][ T8351] ceph: No mds server is up or the cluster is laggy
[  145.378356][ T8374] netlink: 72 bytes leftover after parsing attributes in process `syz.0.635'.
[  145.608666][ T8395] FAULT_INJECTION: forcing a failure.
[  145.608666][ T8395] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  145.614615][ T8395] CPU: 0 UID: 0 PID: 8395 Comm: syz.4.644 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  145.614636][ T8395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  145.614645][ T8395] Call Trace:
[  145.614659][ T8395]  <TASK>
[  145.614665][ T8395]  dump_stack_lvl+0x16c/0x1f0
[  145.614706][ T8395]  should_fail_ex+0x512/0x640
[  145.614737][ T8395]  _copy_from_user+0x2e/0xd0
[  145.614758][ T8395]  get_compat_msghdr+0xa7/0x170
[  145.614776][ T8395]  ? __pfx_get_compat_msghdr+0x10/0x10
[  145.614795][ T8395]  ? __lock_acquire+0x5ca/0x1ba0
[  145.614815][ T8395]  ___sys_recvmsg+0x191/0x1a0
[  145.614836][ T8395]  ? __pfx____sys_recvmsg+0x10/0x10
[  145.614867][ T8395]  ? get_pid_task+0xb0/0x250
[  145.614889][ T8395]  do_recvmmsg+0x568/0x740
[  145.614906][ T8395]  ? find_held_lock+0x2b/0x80
[  145.614928][ T8395]  ? __pfx_do_recvmmsg+0x10/0x10
[  145.614966][ T8395]  ? __fget_files+0x20e/0x3c0
[  145.614991][ T8395]  __sys_recvmmsg+0x21c/0x280
[  145.615011][ T8395]  ? __pfx___sys_recvmmsg+0x10/0x10
[  145.615032][ T8395]  ? __pfx_ksys_write+0x10/0x10
[  145.615057][ T8395]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  145.615077][ T8395]  ? lockdep_hardirqs_on+0x7c/0x110
[  145.615095][ T8395]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  145.615115][ T8395]  __do_fast_syscall_32+0x73/0x120
[  145.615138][ T8395]  do_fast_syscall_32+0x32/0x80
[  145.615158][ T8395]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  145.615176][ T8395] RIP: 0023:0xf739e579
[  145.615188][ T8395] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  145.615203][ T8395] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  145.615217][ T8395] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000640
[  145.615226][ T8395] RDX: 0000000000000001 RSI: 0000000000002102 RDI: 0000000000000000
[  145.615235][ T8395] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  145.615244][ T8395] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  145.615253][ T8395] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  145.615271][ T8395]  </TASK>
[  145.706061][ T8402] FAULT_INJECTION: forcing a failure.
[  145.706061][ T8402] name failslab, interval 1, probability 0, space 0, times 0
[  145.709705][ T8402] CPU: 0 UID: 0 PID: 8402 Comm: syz.4.647 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  145.709719][ T8402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  145.709726][ T8402] Call Trace:
[  145.709733][ T8402]  <TASK>
[  145.709737][ T8402]  dump_stack_lvl+0x16c/0x1f0
[  145.709754][ T8402]  should_fail_ex+0x512/0x640
[  145.709766][ T8402]  ? fs_reclaim_acquire+0xae/0x150
[  145.709780][ T8402]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  145.709794][ T8402]  should_failslab+0xc2/0x120
[  145.709804][ T8402]  __kmalloc_noprof+0xd2/0x510
[  145.709822][ T8402]  tomoyo_realpath_from_path+0xc2/0x6e0
[  145.709837][ T8402]  ? tomoyo_profile+0x47/0x60
[  145.709853][ T8402]  tomoyo_path_number_perm+0x245/0x580
[  145.709864][ T8402]  ? tomoyo_path_number_perm+0x237/0x580
[  145.709877][ T8402]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  145.709889][ T8402]  ? find_held_lock+0x2b/0x80
[  145.709934][ T8402]  ? find_held_lock+0x2b/0x80
[  145.709952][ T8402]  ? hook_file_ioctl_common+0x145/0x410
[  145.709967][ T8402]  ? __fget_files+0x20e/0x3c0
[  145.709983][ T8402]  security_file_ioctl_compat+0x9b/0x240
[  145.709998][ T8402]  __do_compat_sys_ioctl+0x4e/0x2c0
[  145.710011][ T8402]  __do_fast_syscall_32+0x73/0x120
[  145.710026][ T8402]  do_fast_syscall_32+0x32/0x80
[  145.710040][ T8402]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  145.710052][ T8402] RIP: 0023:0xf739e579
[  145.710061][ T8402] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  145.710071][ T8402] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  145.710080][ T8402] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c040aed5
[  145.710087][ T8402] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  145.710092][ T8402] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  145.710098][ T8402] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  145.710103][ T8402] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  145.710115][ T8402]  </TASK>
[  145.710119][ T8402] ERROR: Out of memory at tomoyo_realpath_from_path.
[  145.884405][ T8407] »»»»»»: renamed from lo (while UP)
[  145.947944][ T8413] netlink: 4 bytes leftover after parsing attributes in process `syz.3.651'.
[  145.996435][ T8413] netlink: 4 bytes leftover after parsing attributes in process `syz.3.651'.
[  146.092318][ T8417] FAULT_INJECTION: forcing a failure.
[  146.092318][ T8417] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  146.092403][ T8417] CPU: 2 UID: 0 PID: 8417 Comm: syz.0.653 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  146.092416][ T8417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  146.092423][ T8417] Call Trace:
[  146.092426][ T8417]  <TASK>
[  146.092430][ T8417]  dump_stack_lvl+0x16c/0x1f0
[  146.092450][ T8417]  should_fail_ex+0x512/0x640
[  146.092465][ T8417]  _copy_from_user+0x2e/0xd0
[  146.092478][ T8417]  sctp_getsockopt+0x3353/0x6b90
[  146.092491][ T8417]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  146.092509][ T8417]  ? __pfx_sctp_getsockopt+0x10/0x10
[  146.092566][ T8417]  ? get_pid_task+0xfc/0x250
[  146.092586][ T8417]  ? __pfx___might_resched+0x10/0x10
[  146.092605][ T8417]  ? aa_sk_perm+0x2f4/0xb10
[  146.092620][ T8417]  ? __pfx_aa_sk_perm+0x10/0x10
[  146.092631][ T8417]  ? find_held_lock+0x2b/0x80
[  146.092646][ T8417]  ? sock_common_getsockopt+0x21/0xb0
[  146.092660][ T8417]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  146.092675][ T8417]  do_sock_getsockopt+0x3fc/0x800
[  146.092692][ T8417]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  146.092706][ T8417]  ? __fget_files+0x204/0x3c0
[  146.092732][ T8417]  __sys_getsockopt+0x12f/0x260
[  146.092747][ T8417]  __ia32_sys_getsockopt+0xbc/0x160
[  146.092758][ T8417]  ? lockdep_hardirqs_on+0x7c/0x110
[  146.092772][ T8417]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  146.092786][ T8417]  __do_fast_syscall_32+0x73/0x120
[  146.092801][ T8417]  do_fast_syscall_32+0x32/0x80
[  146.092814][ T8417]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  146.092827][ T8417] RIP: 0023:0xf742e579
[  146.092853][ T8417] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  146.092865][ T8417] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[  146.092875][ T8417] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084
[  146.092880][ T8417] RDX: 000000000000006c RSI: 0000000080000180 RDI: 00000000800001c0
[  146.092886][ T8417] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  146.092891][ T8417] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  146.092897][ T8417] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  146.092909][ T8417]  </TASK>
[  146.514612][ T8424] netlink: 7 bytes leftover after parsing attributes in process `syz.3.655'.
[  146.635708][ T8439] netlink: 12 bytes leftover after parsing attributes in process `syz.1.659'.
[  146.649824][ T8439] bridge0: port 4(vlan2) entered blocking state
[  146.651755][ T8439] bridge0: port 4(vlan2) entered disabled state
[  146.653729][ T8439] vlan2: entered allmulticast mode
[  146.655233][ T8439] bridge0: entered allmulticast mode
[  146.687030][ T8439] vlan2: left allmulticast mode
[  146.688400][ T8439] bridge0: left allmulticast mode
[  147.158556][ T8446] FAULT_INJECTION: forcing a failure.
[  147.158556][ T8446] name failslab, interval 1, probability 0, space 0, times 0
[  147.162194][ T8446] CPU: 0 UID: 0 PID: 8446 Comm: syz.0.669 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  147.162208][ T8446] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  147.162215][ T8446] Call Trace:
[  147.162225][ T8446]  <TASK>
[  147.162246][ T8446]  dump_stack_lvl+0x16c/0x1f0
[  147.162279][ T8446]  should_fail_ex+0x512/0x640
[  147.162297][ T8446]  ? fs_reclaim_acquire+0xae/0x150
[  147.162312][ T8446]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  147.162325][ T8446]  should_failslab+0xc2/0x120
[  147.162335][ T8446]  __kmalloc_noprof+0xd2/0x510
[  147.162353][ T8446]  tomoyo_realpath_from_path+0xc2/0x6e0
[  147.162368][ T8446]  ? tomoyo_profile+0x47/0x60
[  147.162384][ T8446]  tomoyo_path_number_perm+0x245/0x580
[  147.162394][ T8446]  ? tomoyo_path_number_perm+0x237/0x580
[  147.162405][ T8446]  ? finish_task_switch.isra.0+0x174/0xc10
[  147.162420][ T8446]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  147.162431][ T8446]  ? rcu_is_watching+0x12/0xc0
[  147.162456][ T8446]  ? find_held_lock+0x2b/0x80
[  147.162468][ T8446]  ? hook_file_ioctl_common+0x145/0x410
[  147.162482][ T8446]  ? __fget_files+0x20e/0x3c0
[  147.162499][ T8446]  security_file_ioctl_compat+0x9b/0x240
[  147.162512][ T8446]  __do_compat_sys_ioctl+0x4e/0x2c0
[  147.162526][ T8446]  __do_fast_syscall_32+0x73/0x120
[  147.162540][ T8446]  do_fast_syscall_32+0x32/0x80
[  147.162554][ T8446]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  147.162566][ T8446] RIP: 0023:0xf742e579
[  147.162574][ T8446] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  147.162584][ T8446] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  147.162593][ T8446] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c05c6104
[  147.162599][ T8446] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  147.162605][ T8446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  147.162610][ T8446] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  147.162616][ T8446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  147.162628][ T8446]  </TASK>
[  147.162674][ T8446] ERROR: Out of memory at tomoyo_realpath_from_path.
[  147.348831][ T8444] __nla_validate_parse: 1 callbacks suppressed
[  147.348882][ T8444] netlink: 36 bytes leftover after parsing attributes in process `syz.3.661'.
[  147.427997][ T8452] lo speed is unknown, defaulting to 1000
[  147.430326][ T8452] lo speed is unknown, defaulting to 1000
[  147.692721][ T8460] FAULT_INJECTION: forcing a failure.
[  147.692721][ T8460] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  147.696575][ T8460] CPU: 1 UID: 0 PID: 8460 Comm: syz.3.666 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  147.696589][ T8460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  147.696596][ T8460] Call Trace:
[  147.696608][ T8460]  <TASK>
[  147.696612][ T8460]  dump_stack_lvl+0x16c/0x1f0
[  147.696642][ T8460]  should_fail_ex+0x512/0x640
[  147.696661][ T8460]  _copy_to_user+0x32/0xd0
[  147.696675][ T8460]  simple_read_from_buffer+0xcb/0x170
[  147.696691][ T8460]  proc_fail_nth_read+0x197/0x270
[  147.696704][ T8460]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  147.696718][ T8460]  ? rw_verify_area+0xcf/0x680
[  147.696730][ T8460]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  147.696743][ T8460]  vfs_read+0x1de/0xc70
[  147.696758][ T8460]  ? __pfx___mutex_lock+0x10/0x10
[  147.696772][ T8460]  ? __pfx_vfs_read+0x10/0x10
[  147.696789][ T8460]  ? __fget_files+0x20e/0x3c0
[  147.696807][ T8460]  ksys_read+0x12a/0x240
[  147.696820][ T8460]  ? __pfx_ksys_read+0x10/0x10
[  147.696834][ T8460]  ? rcu_is_watching+0x12/0xc0
[  147.696849][ T8460]  __do_fast_syscall_32+0x73/0x120
[  147.696863][ T8460]  do_fast_syscall_32+0x32/0x80
[  147.696878][ T8460]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  147.696890][ T8460] RIP: 0023:0xf7f46579
[  147.696898][ T8460] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  147.696908][ T8460] RSP: 002b:00000000f5066590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  147.696918][ T8460] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5066620
[  147.696924][ T8460] RDX: 000000000000000f RSI: 00000000f73ccff4 RDI: 0000000000000000
[  147.696929][ T8460] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  147.696934][ T8460] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  147.696940][ T8460] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  147.696952][ T8460]  </TASK>
[  147.697262][ T8461] netlink: 4 bytes leftover after parsing attributes in process `syz.4.665'.
[  147.759473][ T8464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.665'.
[  148.393854][ T8472] netlink: 60 bytes leftover after parsing attributes in process `syz.0.670'.
[  148.565195][ T8474] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  148.567352][ T8474] IPv6: NLM_F_CREATE should be set when creating new route
[  148.620952][ T8476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.672'.
[  148.624139][ T8476] netlink: 'syz.1.672': attribute type 9 has an invalid length.
[  148.629397][ T8476] macvlan2: entered allmulticast mode
[  148.630946][ T8476] mac80211_hwsim hwsim5 wlan0: entered allmulticast mode
[  148.906647][ T8489] netlink: 'syz.3.677': attribute type 9 has an invalid length.
[  149.115571][ T8494] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  149.273151][ T6724] hid-generic C990:0003:0000.0005: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  149.396602][ T8505] FAULT_INJECTION: forcing a failure.
[  149.396602][ T8505] name failslab, interval 1, probability 0, space 0, times 0
[  149.401531][ T8505] CPU: 3 UID: 0 PID: 8505 Comm: syz.3.682 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  149.401551][ T8505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  149.401560][ T8505] Call Trace:
[  149.401565][ T8505]  <TASK>
[  149.401571][ T8505]  dump_stack_lvl+0x16c/0x1f0
[  149.401594][ T8505]  should_fail_ex+0x512/0x640
[  149.401610][ T8505]  ? __kvmalloc_node_noprof+0x122/0x600
[  149.401633][ T8505]  should_failslab+0xc2/0x120
[  149.401648][ T8505]  __kvmalloc_node_noprof+0x135/0x600
[  149.401669][ T8505]  ? __pfx___mutex_lock+0x10/0x10
[  149.401687][ T8505]  ? traverse.part.0.constprop.0+0x392/0x640
[  149.401713][ T8505]  ? traverse.part.0.constprop.0+0x392/0x640
[  149.401730][ T8505]  traverse.part.0.constprop.0+0x392/0x640
[  149.401756][ T8505]  seq_read_iter+0x932/0x12c0
[  149.401776][ T8505]  ? aa_file_perm+0x4d6/0xfb0
[  149.401801][ T8505]  seq_read+0x39e/0x4e0
[  149.401821][ T8505]  ? __pfx_seq_read+0x10/0x10
[  149.401844][ T8505]  ? get_pid_task+0xfc/0x250
[  149.401867][ T8505]  ? __pfx_seq_read+0x10/0x10
[  149.401903][ T8505]  proc_reg_read+0x23d/0x330
[  149.401919][ T8505]  ? __pfx_proc_reg_read+0x10/0x10
[  149.401936][ T8505]  vfs_read+0x1de/0xc70
[  149.401961][ T8505]  ? __pfx_vfs_read+0x10/0x10
[  149.401979][ T8505]  ? find_held_lock+0x2b/0x80
[  149.402002][ T8505]  ? __fget_files+0x204/0x3c0
[  149.402027][ T8505]  ? __fget_files+0x20e/0x3c0
[  149.402045][ T8505]  ? __fget_files+0x150/0x3c0
[  149.402071][ T8505]  ksys_pread64+0x16e/0x1a0
[  149.402091][ T8505]  ? __pfx_ksys_pread64+0x10/0x10
[  149.402112][ T8505]  ? rcu_is_watching+0x12/0xc0
[  149.402134][ T8505]  __do_fast_syscall_32+0x73/0x120
[  149.402155][ T8505]  do_fast_syscall_32+0x32/0x80
[  149.402176][ T8505]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  149.402194][ T8505] RIP: 0023:0xf7f46579
[  149.402206][ T8505] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  149.402221][ T8505] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  149.402235][ T8505] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  149.402244][ T8505] RDX: 00000000000000d3 RSI: 0000000000000ea6 RDI: 0000000000000000
[  149.402252][ T8505] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  149.402261][ T8505] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  149.402269][ T8505] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  149.402288][ T8505]  </TASK>
[  149.745645][   T40] kauditd_printk_skb: 13 callbacks suppressed
[  149.745654][   T40] audit: type=1326 audit(1743778327.103:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  149.760348][ T8509] Cannot find add_set index 0 as target
[  149.762183][   T40] audit: type=1326 audit(1743778327.113:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  149.826116][   T40] audit: type=1326 audit(1743778327.183:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  149.839945][   T40] audit: type=1326 audit(1743778327.183:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  149.847998][   T40] audit: type=1326 audit(1743778327.183:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  149.861850][   T40] audit: type=1326 audit(1743778327.183:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  149.869599][   T40] audit: type=1326 audit(1743778327.183:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  149.879626][   T40] audit: type=1326 audit(1743778327.183:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  149.893707][   T40] audit: type=1326 audit(1743778327.183:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  149.901508][   T40] audit: type=1326 audit(1743778327.183:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8508 comm="syz.3.684" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7ffc0000
[  150.032981][ T8536] input: syz0 as /devices/virtual/input/input11
[  150.206978][ T8536] /dev/sr0: Can't open blockdev
[  150.653934][ T8547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.698'.
[  150.677083][ T8547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.698'.
[  150.684906][ T8549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.699'.
[  150.701824][ T8549] FAULT_INJECTION: forcing a failure.
[  150.701824][ T8549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  150.706068][ T8549] CPU: 1 UID: 0 PID: 8549 Comm: syz.3.699 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  150.706083][ T8549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  150.706089][ T8549] Call Trace:
[  150.706094][ T8549]  <TASK>
[  150.706098][ T8549]  dump_stack_lvl+0x16c/0x1f0
[  150.706117][ T8549]  should_fail_ex+0x512/0x640
[  150.706131][ T8549]  _copy_from_user+0x2e/0xd0
[  150.706145][ T8549]  get_compat_msghdr+0xa7/0x170
[  150.706158][ T8549]  ? __pfx_get_compat_msghdr+0x10/0x10
[  150.706172][ T8549]  ? irqentry_exit+0x3b/0x90
[  150.706187][ T8549]  ___sys_sendmsg+0x1ae/0x1d0
[  150.706202][ T8549]  ? __pfx____sys_sendmsg+0x10/0x10
[  150.706231][ T8549]  __sys_sendmsg+0x16d/0x220
[  150.706244][ T8549]  ? __pfx___sys_sendmsg+0x10/0x10
[  150.706256][ T8549]  ? __pfx_bpf_trace_run2+0x10/0x10
[  150.706270][ T8549]  ? syscall_trace_enter+0x1cb/0x260
[  150.706283][ T8549]  ? rcu_is_watching+0x12/0xc0
[  150.706297][ T8549]  __do_fast_syscall_32+0x73/0x120
[  150.706312][ T8549]  do_fast_syscall_32+0x32/0x80
[  150.706327][ T8549]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  150.706340][ T8549] RIP: 0023:0xf7f46579
[  150.706349][ T8549] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  150.706359][ T8549] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  150.706369][ T8549] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  150.706375][ T8549] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  150.706381][ T8549] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  150.706387][ T8549] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  150.706393][ T8549] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  150.706405][ T8549]  </TASK>
[  150.807119][ T8552] netlink: 8 bytes leftover after parsing attributes in process `syz.1.700'.
[  150.822561][ T8552] netlink: 4 bytes leftover after parsing attributes in process `syz.1.700'.
[  150.823421][ T8553] FAULT_INJECTION: forcing a failure.
[  150.823421][ T8553] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  150.831441][ T8553] CPU: 0 UID: 0 PID: 8553 Comm: syz.3.701 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  150.831463][ T8553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  150.831472][ T8553] Call Trace:
[  150.831478][ T8553]  <TASK>
[  150.831485][ T8553]  dump_stack_lvl+0x16c/0x1f0
[  150.831509][ T8553]  should_fail_ex+0x512/0x640
[  150.831530][ T8553]  _copy_to_user+0x32/0xd0
[  150.831551][ T8553]  simple_read_from_buffer+0xcb/0x170
[  150.831575][ T8553]  proc_fail_nth_read+0x197/0x270
[  150.831597][ T8553]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  150.831621][ T8553]  ? rw_verify_area+0xcf/0x680
[  150.831640][ T8553]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  150.831662][ T8553]  vfs_read+0x1de/0xc70
[  150.831693][ T8553]  ? __pfx___mutex_lock+0x10/0x10
[  150.831714][ T8553]  ? __pfx_vfs_read+0x10/0x10
[  150.831740][ T8553]  ? __fget_files+0x20e/0x3c0
[  150.831766][ T8553]  ksys_read+0x12a/0x240
[  150.831786][ T8553]  ? __pfx_ksys_read+0x10/0x10
[  150.831808][ T8553]  ? rcu_is_watching+0x12/0xc0
[  150.831831][ T8553]  __do_fast_syscall_32+0x73/0x120
[  150.831853][ T8553]  do_fast_syscall_32+0x32/0x80
[  150.831874][ T8553]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  150.831891][ T8553] RIP: 0023:0xf7f46579
[  150.831903][ T8553] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  150.831918][ T8553] RSP: 002b:00000000f5066590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  150.831933][ T8553] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5066620
[  150.831943][ T8553] RDX: 000000000000000f RSI: 00000000f73ccff4 RDI: 0000000000000000
[  150.831953][ T8553] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  150.831962][ T8553] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  150.831971][ T8553] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  150.831993][ T8553]  </TASK>
[  150.900704][ T6014] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  150.919626][ T8555] tls_set_device_offload: netdev not found
[  151.063591][ T6014] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  151.067423][ T6014] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  151.070764][ T6014] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  151.075941][ T6014] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.078880][ T6014] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  151.081352][ T6014] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  151.084407][ T6014] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.086986][ T6014] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  151.089621][ T6014] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  151.092723][ T6014] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.095649][ T6014] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  151.098128][ T6014] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  151.101062][ T6014] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.103837][ T6014] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  151.106228][ T6014] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  151.109570][ T6014] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.114656][ T6014] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  151.117694][ T6014] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  151.121473][ T6014] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.127213][ T6014] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  151.130429][ T6014] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  151.134394][ T6014] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.137695][ T6014] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  151.141141][ T6014] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  151.146697][ T6014] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.150144][ T6014] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  151.152741][ T6014] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  151.155276][ T6014] usb 5-1: Product: syz
[  151.156564][ T6014] usb 5-1: Manufacturer: syz
[  151.157999][ T6014] usb 5-1: SerialNumber: syz
[  151.162038][ T6014] usb 5-1: config 0 descriptor??
[  151.168830][ T6014] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  151.376360][ T3228] usb 5-1: USB disconnect, device number 5
[  151.382638][ T3228] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  151.403425][ T1116] sr 2:0:0:0: [sr0] tag#28 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  151.406293][ T1116] sr 2:0:0:0: [sr0] tag#28 Sense Key : Illegal Request [current] 
[  151.408445][ T1116] sr 2:0:0:0: [sr0] tag#28 Add. Sense: Invalid command operation code
[  151.410795][ T1116] sr 2:0:0:0: [sr0] tag#28 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00
[  151.413418][ T1116] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  151.416968][ T1116] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  151.492900][ T6014] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  151.572996][  T835] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  151.662885][ T6014] usb 9-1: Using ep0 maxpacket: 32
[  151.666102][ T6014] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.669767][ T6014] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  151.672538][ T6014] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  151.675318][ T6014] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.679168][ T6014] usb 9-1: config 0 descriptor??
[  151.702960][  T835] usb 6-1: device descriptor read/64, error -71
[  151.942968][  T835] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  152.072916][  T835] usb 6-1: device descriptor read/64, error -71
[  152.093334][ T6014] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  152.185696][  T835] usb usb6-port1: attempt power cycle
[  152.344863][ T6724] usb 9-1: USB disconnect, device number 2
[  152.480306][ T8581] FAULT_INJECTION: forcing a failure.
[  152.480306][ T8581] name failslab, interval 1, probability 0, space 0, times 0
[  152.483886][ T8581] CPU: 0 UID: 0 PID: 8581 Comm: syz.3.710 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  152.483900][ T8581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  152.483906][ T8581] Call Trace:
[  152.483910][ T8581]  <TASK>
[  152.483914][ T8581]  dump_stack_lvl+0x16c/0x1f0
[  152.483953][ T8581]  should_fail_ex+0x512/0x640
[  152.483993][ T8581]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  152.484009][ T8581]  should_failslab+0xc2/0x120
[  152.484019][ T8581]  __kmalloc_cache_noprof+0x6a/0x3e0
[  152.484032][ T8581]  ? fput+0x70/0xf0
[  152.484041][ T8581]  ? fsnotify_alloc_group+0x92/0x330
[  152.484056][ T8581]  fsnotify_alloc_group+0x92/0x330
[  152.484070][ T8581]  do_inotify_init+0x49/0x5f0
[  152.484080][ T8581]  __do_sys_inotify_init+0x10/0x20
[  152.484090][ T8581]  __do_fast_syscall_32+0x73/0x120
[  152.484104][ T8581]  do_fast_syscall_32+0x32/0x80
[  152.484117][ T8581]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  152.484130][ T8581] RIP: 0023:0xf7f46579
[  152.484141][ T8581] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  152.484151][ T8581] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000123
[  152.484163][ T8581] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  152.484169][ T8581] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  152.484174][ T8581] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  152.484179][ T8581] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  152.484184][ T8581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  152.484196][ T8581]  </TASK>
[  152.543157][  T835] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  152.573415][  T835] usb 6-1: device descriptor read/8, error -71
[  152.822965][  T835] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  152.860282][  T835] usb 6-1: device descriptor read/8, error -71
[  152.963057][  T835] usb usb6-port1: unable to enumerate USB device
[  152.964422][ T8586] netlink: 72 bytes leftover after parsing attributes in process `syz.4.712'.
[  153.217425][ T8591] FAULT_INJECTION: forcing a failure.
[  153.217425][ T8591] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  153.220973][ T8591] CPU: 2 UID: 0 PID: 8591 Comm: syz.3.713 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  153.220987][ T8591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  153.220994][ T8591] Call Trace:
[  153.220998][ T8591]  <TASK>
[  153.221002][ T8591]  dump_stack_lvl+0x16c/0x1f0
[  153.221020][ T8591]  should_fail_ex+0x512/0x640
[  153.221033][ T8591]  _copy_from_user+0x2e/0xd0
[  153.221046][ T8591]  get_compat_msghdr+0xa7/0x170
[  153.221059][ T8591]  ? __pfx_get_compat_msghdr+0x10/0x10
[  153.221075][ T8591]  ___sys_sendmsg+0x1ae/0x1d0
[  153.221089][ T8591]  ? __pfx____sys_sendmsg+0x10/0x10
[  153.221116][ T8591]  __sys_sendmsg+0x16d/0x220
[  153.221128][ T8591]  ? __pfx___sys_sendmsg+0x10/0x10
[  153.221144][ T8591]  ? rcu_is_watching+0x12/0xc0
[  153.221158][ T8591]  ? rcu_is_watching+0x12/0xc0
[  153.221171][ T8591]  __do_fast_syscall_32+0x73/0x120
[  153.221186][ T8591]  do_fast_syscall_32+0x32/0x80
[  153.221200][ T8591]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  153.221212][ T8591] RIP: 0023:0xf7f46579
[  153.221220][ T8591] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  153.221229][ T8591] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  153.221238][ T8591] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  153.221244][ T8591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  153.221249][ T8591] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  153.221255][ T8591] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  153.221260][ T8591] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  153.221272][ T8591]  </TASK>
[  153.270190][    C2] vkms_vblank_simulate: vblank timer overrun
[  153.298251][ T8593] input: syz0 as /devices/virtual/input/input12
[  154.140340][ T8606] netlink: 72 bytes leftover after parsing attributes in process `syz.3.717'.
[  154.815668][ T8624] FAULT_INJECTION: forcing a failure.
[  154.815668][ T8624] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.819350][ T8624] CPU: 0 UID: 0 PID: 8624 Comm: syz.1.724 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  154.819363][ T8624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  154.819369][ T8624] Call Trace:
[  154.819373][ T8624]  <TASK>
[  154.819377][ T8624]  dump_stack_lvl+0x16c/0x1f0
[  154.819394][ T8624]  should_fail_ex+0x512/0x640
[  154.819408][ T8624]  _copy_from_user+0x2e/0xd0
[  154.819422][ T8624]  get_compat_msghdr+0xa7/0x170
[  154.819434][ T8624]  ? __pfx_get_compat_msghdr+0x10/0x10
[  154.819450][ T8624]  ___sys_sendmsg+0x1ae/0x1d0
[  154.819464][ T8624]  ? __pfx____sys_sendmsg+0x10/0x10
[  154.819491][ T8624]  __sys_sendmsg+0x16d/0x220
[  154.819503][ T8624]  ? __pfx___sys_sendmsg+0x10/0x10
[  154.819519][ T8624]  ? rcu_is_watching+0x12/0xc0
[  154.819532][ T8624]  ? rcu_is_watching+0x12/0xc0
[  154.819545][ T8624]  __do_fast_syscall_32+0x73/0x120
[  154.819560][ T8624]  do_fast_syscall_32+0x32/0x80
[  154.819573][ T8624]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  154.819586][ T8624] RIP: 0023:0xf73fe579
[  154.819594][ T8624] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  154.819604][ T8624] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  154.819613][ T8624] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800005c0
[  154.819619][ T8624] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  154.819625][ T8624] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  154.819630][ T8624] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  154.819635][ T8624] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  154.819647][ T8624]  </TASK>
[  155.064750][ T8637] FAULT_INJECTION: forcing a failure.
[  155.064750][ T8637] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  155.071014][ T8637] CPU: 0 UID: 0 PID: 8637 Comm: syz.0.729 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  155.071029][ T8637] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  155.071036][ T8637] Call Trace:
[  155.071040][ T8637]  <TASK>
[  155.071043][ T8637]  dump_stack_lvl+0x16c/0x1f0
[  155.071061][ T8637]  should_fail_ex+0x512/0x640
[  155.071075][ T8637]  should_fail_alloc_page+0xe7/0x130
[  155.071086][ T8637]  prepare_alloc_pages+0x3c2/0x610
[  155.071101][ T8637]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  155.071116][ T8637]  ? __lock_acquire+0x5ca/0x1ba0
[  155.071129][ T8637]  ? __lock_acquire+0x5ca/0x1ba0
[  155.071138][ T8637]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  155.071158][ T8637]  ? find_held_lock+0x2b/0x80
[  155.071171][ T8637]  ? is_bpf_text_address+0x8a/0x1a0
[  155.071181][ T8637]  ? bpf_ksym_find+0x124/0x1c0
[  155.071192][ T8637]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  155.071204][ T8637]  ? policy_nodemask+0xea/0x4e0
[  155.071215][ T8637]  alloc_pages_mpol+0x1fb/0x550
[  155.071224][ T8637]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  155.071235][ T8637]  ? __lock_acquire+0x5ca/0x1ba0
[  155.071245][ T8637]  alloc_pages_noprof+0x131/0x390
[  155.071254][ T8637]  pte_alloc_one+0x19/0x380
[  155.071267][ T8637]  __pte_alloc+0x6d/0x3c0
[  155.071278][ T8637]  ? __pfx___pte_alloc+0x10/0x10
[  155.071291][ T8637]  do_pte_missing+0x2925/0x3fb0
[  155.071307][ T8637]  ? find_held_lock+0x2b/0x80
[  155.071323][ T8637]  __handle_mm_fault+0x103d/0x2a40
[  155.071340][ T8637]  ? __pfx___handle_mm_fault+0x10/0x10
[  155.071360][ T8637]  ? find_vma+0xbf/0x140
[  155.071370][ T8637]  ? __pfx_find_vma+0x10/0x10
[  155.071381][ T8637]  handle_mm_fault+0x3fe/0xad0
[  155.071397][ T8637]  do_user_addr_fault+0x7a6/0x1370
[  155.071409][ T8637]  ? rcu_is_watching+0x12/0xc0
[  155.071423][ T8637]  exc_page_fault+0x5c/0xc0
[  155.071435][ T8637]  asm_exc_page_fault+0x26/0x30
[  155.071445][ T8637] RIP: 0010:rep_stos_alternative+0x40/0x80
[  155.071455][ T8637] Code: c9 75 f6 c3 cc cc cc cc 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47
[  155.071464][ T8637] RSP: 0018:ffffc900048e7948 EFLAGS: 00050202
[  155.071472][ T8637] RAX: 0000000000000000 RBX: 00000000001fffe0 RCX: 0000000000000160
[  155.071478][ T8637] RDX: ffff888021f80000 RSI: ffffffff84cb655d RDI: 0000000080200000
[  155.071484][ T8637] RBP: ffffc900048e7d20 R08: 1525ca5b0a5321be R09: 0000000000000001
[  155.071490][ T8637] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000200000
[  155.071495][ T8637] R13: 0000000080000180 R14: 0000000000000000 R15: 00000000001fffe0
[  155.071505][ T8637]  ? iov_iter_zero+0x3dd/0x13c0
[  155.071519][ T8637]  iov_iter_zero+0x3ed/0x13c0
[  155.071534][ T8637]  ? __pfx_iov_iter_zero+0x10/0x10
[  155.071546][ T8637]  ? aa_file_perm+0x4c7/0xfb0
[  155.071560][ T8637]  ? __filemap_get_folio+0x333/0xc10
[  155.071575][ T8637]  hugetlbfs_read_iter+0x6d1/0x8f0
[  155.071593][ T8637]  do_iter_readv_writev+0x735/0x950
[  155.071607][ T8637]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  155.071622][ T8637]  ? rw_verify_area+0xcf/0x680
[  155.071636][ T8637]  vfs_readv+0x4c5/0x8a0
[  155.071653][ T8637]  ? __pfx_vfs_readv+0x10/0x10
[  155.071664][ T8637]  ? find_held_lock+0x2b/0x80
[  155.071684][ T8637]  ? __fget_files+0x20e/0x3c0
[  155.071701][ T8637]  ? do_preadv+0x1af/0x270
[  155.071712][ T8637]  do_preadv+0x1af/0x270
[  155.071725][ T8637]  ? __pfx_do_preadv+0x10/0x10
[  155.071736][ T8637]  ? fput+0x70/0xf0
[  155.071745][ T8637]  ? ksys_write+0x1b9/0x240
[  155.071758][ T8637]  ? __pfx_ksys_write+0x10/0x10
[  155.071772][ T8637]  __ia32_compat_sys_preadv2+0x121/0x1b0
[  155.071787][ T8637]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  155.071802][ T8637]  __do_fast_syscall_32+0x73/0x120
[  155.071816][ T8637]  do_fast_syscall_32+0x32/0x80
[  155.071830][ T8637]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  155.071841][ T8637] RIP: 0023:0xf742e579
[  155.071848][ T8637] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  155.071857][ T8637] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 000000000000017a
[  155.071865][ T8637] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  155.071871][ T8637] RDX: 0000000000000002 RSI: 0000000000000020 RDI: 0000000000000000
[  155.071876][ T8637] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  155.071881][ T8637] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  155.071891][ T8637] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  155.071902][ T8637]  </TASK>
[  155.593082][  T835] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  155.742934][  T835] usb 5-1: Using ep0 maxpacket: 8
[  155.746728][  T835] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  155.749998][  T835] usb 5-1: config 0 has no interfaces?
[  155.751725][  T835] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  155.755004][  T835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.759729][  T835] usb 5-1: config 0 descriptor??
[  157.034445][ T8669] FAULT_INJECTION: forcing a failure.
[  157.034445][ T8669] name failslab, interval 1, probability 0, space 0, times 0
[  157.038290][ T8669] CPU: 0 UID: 0 PID: 8669 Comm: syz.4.738 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  157.038304][ T8669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  157.038310][ T8669] Call Trace:
[  157.038314][ T8669]  <TASK>
[  157.038318][ T8669]  dump_stack_lvl+0x16c/0x1f0
[  157.038336][ T8669]  should_fail_ex+0x512/0x640
[  157.038347][ T8669]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  157.038364][ T8669]  should_failslab+0xc2/0x120
[  157.038373][ T8669]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  157.038388][ T8669]  ? locks_get_lock_context+0x243/0x410
[  157.038401][ T8669]  locks_get_lock_context+0x243/0x410
[  157.038412][ T8669]  flock_lock_inode+0xb1/0x1030
[  157.038427][ T8669]  ? __pfx_flock_lock_inode+0x10/0x10
[  157.038439][ T8669]  ? __pfx___might_resched+0x10/0x10
[  157.038453][ T8669]  ? find_held_lock+0x2b/0x80
[  157.038468][ T8669]  locks_lock_inode_wait+0x1da/0x490
[  157.038481][ T8669]  ? __pfx_locks_lock_inode_wait+0x10/0x10
[  157.038493][ T8669]  ? __fget_files+0x204/0x3c0
[  157.038512][ T8669]  fuse_file_flock+0xf1/0x1d0
[  157.038528][ T8669]  ? __pfx_fuse_file_flock+0x10/0x10
[  157.038542][ T8669]  __do_sys_flock+0x334/0x520
[  157.038555][ T8669]  ? __pfx___do_sys_flock+0x10/0x10
[  157.038566][ T8669]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  157.038587][ T8669]  ? ksys_write+0x1b9/0x240
[  157.038601][ T8669]  ? __pfx_ksys_write+0x10/0x10
[  157.038615][ T8669]  ? rcu_is_watching+0x12/0xc0
[  157.038628][ T8669]  __do_fast_syscall_32+0x73/0x120
[  157.038642][ T8669]  do_fast_syscall_32+0x32/0x80
[  157.038656][ T8669]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  157.038668][ T8669] RIP: 0023:0xf739e579
[  157.038676][ T8669] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  157.038685][ T8669] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 000000000000008f
[  157.038694][ T8669] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000005
[  157.038700][ T8669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  157.038705][ T8669] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  157.038710][ T8669] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  157.038716][ T8669] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  157.038727][ T8669]  </TASK>
[  158.358008][   T29] usb 5-1: USB disconnect, device number 6
[  159.094131][ T8680] fuse: Bad value for 'fd'
[  160.356283][ T8720] FAULT_INJECTION: forcing a failure.
[  160.356283][ T8720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  160.359922][ T8720] CPU: 3 UID: 0 PID: 8720 Comm: syz.4.752 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  160.359935][ T8720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  160.359942][ T8720] Call Trace:
[  160.359946][ T8720]  <TASK>
[  160.359950][ T8720]  dump_stack_lvl+0x16c/0x1f0
[  160.359968][ T8720]  should_fail_ex+0x512/0x640
[  160.359981][ T8720]  _copy_to_user+0x32/0xd0
[  160.359995][ T8720]  simple_read_from_buffer+0xcb/0x170
[  160.360010][ T8720]  proc_fail_nth_read+0x197/0x270
[  160.360024][ T8720]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  160.360038][ T8720]  ? rw_verify_area+0xcf/0x680
[  160.360049][ T8720]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  160.360063][ T8720]  vfs_read+0x1de/0xc70
[  160.360077][ T8720]  ? __pfx___mutex_lock+0x10/0x10
[  160.360091][ T8720]  ? __pfx_vfs_read+0x10/0x10
[  160.360107][ T8720]  ? __fget_files+0x20e/0x3c0
[  160.360125][ T8720]  ksys_read+0x12a/0x240
[  160.360137][ T8720]  ? __pfx_ksys_read+0x10/0x10
[  160.360149][ T8720]  ? rcu_is_watching+0x12/0xc0
[  160.360163][ T8720]  ? rcu_is_watching+0x12/0xc0
[  160.360176][ T8720]  __do_fast_syscall_32+0x73/0x120
[  160.360190][ T8720]  do_fast_syscall_32+0x32/0x80
[  160.360204][ T8720]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  160.360216][ T8720] RIP: 0023:0xf739e579
[  160.360224][ T8720] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  160.360233][ T8720] RSP: 002b:00000000f5026590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  160.360242][ T8720] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5026620
[  160.360248][ T8720] RDX: 000000000000000f RSI: 00000000f738cff4 RDI: 0000000000000000
[  160.360254][ T8720] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  160.360259][ T8720] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  160.360264][ T8720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  160.360276][ T8720]  </TASK>
[  160.820362][ T8739] x_tables: duplicate underflow at hook 1
[  160.901688][ T8744] hub 6-0:1.0: USB hub found
[  160.903716][ T8744] hub 6-0:1.0: 1 port detected
[  161.034558][  T835] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  161.138875][ T8749] FAULT_INJECTION: forcing a failure.
[  161.138875][ T8749] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.143619][ T8749] CPU: 2 UID: 0 PID: 8749 Comm: syz.1.761 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  161.143641][ T8749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  161.143651][ T8749] Call Trace:
[  161.143657][ T8749]  <TASK>
[  161.143664][ T8749]  dump_stack_lvl+0x16c/0x1f0
[  161.143697][ T8749]  should_fail_ex+0x512/0x640
[  161.143719][ T8749]  _copy_from_user+0x2e/0xd0
[  161.143740][ T8749]  compat_i2cdev_ioctl+0x148/0x530
[  161.143756][ T8749]  ? hook_file_ioctl_common+0x145/0x410
[  161.143776][ T8749]  ? __pfx_compat_i2cdev_ioctl+0x10/0x10
[  161.143792][ T8749]  ? __fget_files+0x20e/0x3c0
[  161.143820][ T8749]  ? __pfx_compat_i2cdev_ioctl+0x10/0x10
[  161.143836][ T8749]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  161.143858][ T8749]  __do_fast_syscall_32+0x73/0x120
[  161.143882][ T8749]  do_fast_syscall_32+0x32/0x80
[  161.143905][ T8749]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  161.143925][ T8749] RIP: 0023:0xf73fe579
[  161.143937][ T8749] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  161.143952][ T8749] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  161.143967][ T8749] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000707
[  161.143978][ T8749] RDX: 00000000800004c0 RSI: 0000000000000000 RDI: 0000000000000000
[  161.143987][ T8749] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  161.143996][ T8749] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  161.144006][ T8749] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.144027][ T8749]  </TASK>
[  161.208499][    C2] vkms_vblank_simulate: vblank timer overrun
[  161.210995][    C2] hpet_rtc_timer_reinit: 11 callbacks suppressed
[  161.211008][    C2] hpet: Lost 2 RTC interrupts
[  161.233705][  T835] usb 8-1: Using ep0 maxpacket: 16
[  161.240009][  T835] usb 8-1: config 0 has no interfaces?
[  161.244887][  T835] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  161.248184][  T835] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.251357][  T835] usb 8-1: Product: syz
[  161.255881][  T835] usb 8-1: Manufacturer: syz
[  161.257529][  T835] usb 8-1: SerialNumber: syz
[  161.261917][  T835] usb 8-1: config 0 descriptor??
[  161.466970][ T8735] FAULT_INJECTION: forcing a failure.
[  161.466970][ T8735] name failslab, interval 1, probability 0, space 0, times 0
[  161.470603][ T8735] CPU: 3 UID: 0 PID: 8735 Comm: syz.3.756 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  161.470617][ T8735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  161.470624][ T8735] Call Trace:
[  161.470629][ T8735]  <TASK>
[  161.470633][ T8735]  dump_stack_lvl+0x16c/0x1f0
[  161.470650][ T8735]  should_fail_ex+0x512/0x640
[  161.470662][ T8735]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  161.470676][ T8735]  should_failslab+0xc2/0x120
[  161.470686][ T8735]  __kmalloc_cache_noprof+0x6a/0x3e0
[  161.470698][ T8735]  ? ww_mutex_lock_interruptible+0x37/0x160
[  161.470712][ T8735]  ? drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[  161.470732][ T8735]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[  161.470748][ T8735]  drm_atomic_get_crtc_state+0x16e/0x450
[  161.470759][ T8735]  drm_atomic_get_plane_state+0x436/0x590
[  161.470770][ T8735]  drm_atomic_set_property+0xa29/0x34e0
[  161.470784][ T8735]  ? __pfx_drm_atomic_set_property+0x10/0x10
[  161.470795][ T8735]  ? __might_fault+0xe3/0x190
[  161.470809][ T8735]  ? __might_fault+0xe3/0x190
[  161.470822][ T8735]  ? __might_fault+0x13b/0x190
[  161.470841][ T8735]  drm_mode_atomic_ioctl+0x66f/0x25f0
[  161.470860][ T8735]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  161.470875][ T8735]  ? __lock_acquire+0xaa4/0x1ba0
[  161.470893][ T8735]  ? drm_is_current_master+0x2c/0x40
[  161.470905][ T8735]  ? do_raw_spin_unlock+0x172/0x230
[  161.470918][ T8735]  drm_ioctl_kernel+0x1f1/0x3e0
[  161.470931][ T8735]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  161.470943][ T8735]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  161.470960][ T8735]  drm_ioctl+0x5c9/0xc30
[  161.470975][ T8735]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  161.470988][ T8735]  ? __pfx_drm_ioctl+0x10/0x10
[  161.471011][ T8735]  drm_compat_ioctl+0x327/0x460
[  161.471022][ T8735]  ? __pfx_drm_compat_ioctl+0x10/0x10
[  161.471032][ T8735]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  161.471045][ T8735]  __do_fast_syscall_32+0x73/0x120
[  161.471060][ T8735]  do_fast_syscall_32+0x32/0x80
[  161.471073][ T8735]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  161.471085][ T8735] RIP: 0023:0xf7f46579
[  161.471094][ T8735] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  161.471103][ T8735] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  161.471112][ T8735] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000c03864bc
[  161.471118][ T8735] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  161.471124][ T8735] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  161.471129][ T8735] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  161.471134][ T8735] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.471146][ T8735]  </TASK>
[  161.472807][   T34] usb 8-1: USB disconnect, device number 10
[  161.552234][ T7080] usb 6-1: new low-speed USB device number 14 using dummy_hcd
[  161.704672][ T7080] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  161.707144][ T7080] usb 6-1: config 0 has no interface number 0
[  161.708953][ T7080] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  161.711931][ T7080] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  161.714808][ T7080] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  161.717319][ T7080] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.722158][ T7080] usb 6-1: config 0 descriptor??
[  161.727138][ T7080] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  161.926025][ T8751] iowarrior 6-1:0.1: Error -90 while submitting URB
[  162.011063][ T8768] futex_wake_op: syz.4.763 tries to shift op by -1; fix this program
[  162.188845][ T6724] usb 6-1: USB disconnect, device number 14
[  162.480887][ T8778] netlink: 72 bytes leftover after parsing attributes in process `syz.0.768'.
[  163.182715][ T8793] 9p: Unknown Cache mode or invalid value fscAEcachetag=overlay
[  163.952680][ T8816] netlink: 72 bytes leftover after parsing attributes in process `syz.4.782'.
[  164.887713][ T8842] netlink: 'syz.1.791': attribute type 3 has an invalid length.
[  165.429226][ T8848] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[  165.433196][ T8848] netlink: 'syz.3.793': attribute type 4 has an invalid length.
[  165.445966][ T8848] netlink: 'syz.3.793': attribute type 4 has an invalid length.
[  165.655807][ T8857] netlink: 'syz.0.798': attribute type 28 has an invalid length.
[  165.707299][ T8865] 9pnet_fd: Insufficient options for proto=fd
[  165.726009][ T8868] lo speed is unknown, defaulting to 1000
[  165.729614][ T8868] lo speed is unknown, defaulting to 1000
[  165.806333][ T8872] 9pnet_fd: Insufficient options for proto=fd
[  165.946384][ T8880] futex_wake_op: syz.4.801 tries to shift op by -1; fix this program
[  166.541478][ T8890] netlink: 124 bytes leftover after parsing attributes in process `syz.4.806'.
[  166.619175][ T8896] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  166.914727][ T8914] lo speed is unknown, defaulting to 1000
[  166.917457][ T8914] lo speed is unknown, defaulting to 1000
[  167.004982][ T8917] futex_wake_op: syz.1.813 tries to shift op by -1; fix this program
[  167.050483][ T8915] netlink: 8 bytes leftover after parsing attributes in process `syz.4.816'.
[  167.484299][ T8922] dccp_invalid_packet: pskb_may_pull failed
[  167.550461][ T8923] lo speed is unknown, defaulting to 1000
[  167.553220][ T8923] lo speed is unknown, defaulting to 1000
[  170.387927][ T8995] netlink: 224 bytes leftover after parsing attributes in process `syz.3.840'.
[  171.029128][ T9015] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[  171.063299][   T10] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  171.229329][   T10] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  171.231743][   T10] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  171.254009][   T10] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  171.257495][   T10] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  171.281202][   T10] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  171.312723][   T10] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  171.317153][   T10] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  171.319689][   T10] usb 9-1: Product: syz
[  171.321055][   T10] usb 9-1: Manufacturer: syz
[  171.344145][   T10] cdc_wdm 9-1:1.0: skipping garbage
[  171.348540][   T10] cdc_wdm 9-1:1.0: skipping garbage
[  171.354830][   T10] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[  171.359209][   T10] cdc_wdm 9-1:1.0: Unknown control protocol
[  171.814947][ T9037] netlink: 72 bytes leftover after parsing attributes in process `syz.0.857'.
[  171.843156][   T34] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  172.002956][   T34] usb 6-1: Using ep0 maxpacket: 8
[  172.006433][   T34] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[  172.009795][   T34] usb 6-1: config 0 has no interface number 0
[  172.011704][   T34] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  172.015764][   T34] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  172.020761][   T34] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  172.024340][   T34] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  172.030349][   T34] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  172.033767][   T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.036346][   T34] usb 6-1: Product: syz
[  172.037938][   T34] usb 6-1: Manufacturer: syz
[  172.039675][   T34] usb 6-1: SerialNumber: syz
[  172.054232][   T34] usb 6-1: config 0 descriptor??
[  172.189403][   T29] usb 9-1: USB disconnect, device number 3
[  172.275174][   T34] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  172.483928][   T34] usb 6-1: USB disconnect, device number 15
[  172.536058][   T29] libceph: connect (1)[c::]:6789 error -101
[  172.538041][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  172.682912][ T9042] ceph: No mds server is up or the cluster is laggy
[  173.534489][ T9068] fuse: Unknown parameter 'ÿÿÿÿ0x000000000000000c'
[  173.913236][ T9074] netlink: 72 bytes leftover after parsing attributes in process `syz.4.868'.
[  174.438519][ T9079] lo speed is unknown, defaulting to 1000
[  174.449274][ T9079] lo speed is unknown, defaulting to 1000
[  174.653017][   T40] audit: type=1800 audit(2000000013.817:126): pid=9081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.872" name="file1" dev="overlay" ino=1136 res=0 errno=0
[  174.744602][ T9088] netlink: 4 bytes leftover after parsing attributes in process `syz.1.873'.
[  174.948782][ T9088] bridge_slave_1 (unregistering): left allmulticast mode
[  174.956486][ T9088] bridge_slave_1 (unregistering): left promiscuous mode
[  174.966077][ T9088] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.273590][ T9083] netlink: 8 bytes leftover after parsing attributes in process `syz.4.870'.
[  175.477946][ T3228] IPVS: starting estimator thread 0...
[  175.553388][ T9097] FAULT_INJECTION: forcing a failure.
[  175.553388][ T9097] name failslab, interval 1, probability 0, space 0, times 0
[  175.557134][ T9097] CPU: 2 UID: 0 PID: 9097 Comm: syz.1.876 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  175.557148][ T9097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  175.557154][ T9097] Call Trace:
[  175.557158][ T9097]  <TASK>
[  175.557162][ T9097]  dump_stack_lvl+0x16c/0x1f0
[  175.557196][ T9097]  should_fail_ex+0x512/0x640
[  175.557213][ T9097]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  175.557229][ T9097]  should_failslab+0xc2/0x120
[  175.557239][ T9097]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  175.557253][ T9097]  ? __pfx___might_resched+0x10/0x10
[  175.557270][ T9097]  ? alloc_vmap_area+0x613/0x2970
[  175.557291][ T9097]  alloc_vmap_area+0x613/0x2970
[  175.557310][ T9097]  ? __pfx_alloc_vmap_area+0x10/0x10
[  175.557325][ T9097]  __get_vm_area_node+0x1a7/0x300
[  175.557339][ T9097]  __vmalloc_node_range_noprof+0x277/0x1540
[  175.557351][ T9097]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  175.557366][ T9097]  ? find_held_lock+0x2b/0x80
[  175.557380][ T9097]  ? bpf_ksym_find+0x124/0x1c0
[  175.557393][ T9097]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  175.557410][ T9097]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  175.557424][ T9097]  ? __pfx_aa_get_newest_label+0x10/0x10
[  175.557435][ T9097]  ? rcu_is_watching+0x12/0xc0
[  175.557448][ T9097]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  175.557463][ T9097]  __vmalloc_noprof+0x6d/0x90
[  175.557475][ T9097]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  175.557494][ T9097]  bpf_prog_alloc_no_stats+0x54/0x630
[  175.557508][ T9097]  ? security_capable+0x7e/0x260
[  175.557519][ T9097]  bpf_prog_alloc+0x3b/0x230
[  175.557532][ T9097]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  175.557543][ T9097]  bpf_prog_load+0x160e/0x2490
[  175.557556][ T9097]  ? __pfx_bpf_prog_load+0x10/0x10
[  175.557576][ T9097]  ? bpf_lsm_bpf+0x9/0x10
[  175.557591][ T9097]  __sys_bpf+0x433c/0x4d80
[  175.557601][ T9097]  ? irq_work_queue+0xce/0x100
[  175.557612][ T9097]  ? __pfx___sys_bpf+0x10/0x10
[  175.557623][ T9097]  ? __pfx_bpf_send_signal_common+0x10/0x10
[  175.557669][ T9097]  ? __might_fault+0xe3/0x190
[  175.557685][ T9097]  ? __might_fault+0x13b/0x190
[  175.557700][ T9097]  ? find_held_lock+0x2b/0x80
[  175.557713][ T9097]  ? syscall_trace_enter+0x1cb/0x260
[  175.557726][ T9097]  __ia32_sys_bpf+0x76/0xe0
[  175.557740][ T9097]  __do_fast_syscall_32+0x73/0x120
[  175.557755][ T9097]  do_fast_syscall_32+0x32/0x80
[  175.557769][ T9097]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  175.557781][ T9097] RIP: 0023:0xf73fe579
[  175.557790][ T9097] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  175.557800][ T9097] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  175.557809][ T9097] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000480
[  175.557815][ T9097] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  175.557821][ T9097] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  175.557826][ T9097] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  175.557832][ T9097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  175.557844][ T9097]  </TASK>
[  175.557856][ T9097] syz.1.876: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  175.692974][ T9097] CPU: 2 UID: 0 PID: 9097 Comm: syz.1.876 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  175.692988][ T9097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  175.692995][ T9097] Call Trace:
[  175.692998][ T9097]  <TASK>
[  175.693003][ T9097]  dump_stack_lvl+0x16c/0x1f0
[  175.693025][ T9097]  warn_alloc+0x248/0x3a0
[  175.693049][ T9097]  ? __pfx_warn_alloc+0x10/0x10
[  175.693064][ T9097]  ? kfree+0x2b6/0x4d0
[  175.693079][ T9097]  ? __get_vm_area_node+0x1e5/0x300
[  175.693095][ T9097]  __vmalloc_node_range_noprof+0xd31/0x1540
[  175.693107][ T9097]  ? find_held_lock+0x2b/0x80
[  175.693121][ T9097]  ? bpf_ksym_find+0x124/0x1c0
[  175.693135][ T9097]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  175.693153][ T9097]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  175.693166][ T9097]  ? __pfx_aa_get_newest_label+0x10/0x10
[  175.693177][ T9097]  ? rcu_is_watching+0x12/0xc0
[  175.693190][ T9097]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  175.693205][ T9097]  __vmalloc_noprof+0x6d/0x90
[  175.693217][ T9097]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  175.693232][ T9097]  bpf_prog_alloc_no_stats+0x54/0x630
[  175.693246][ T9097]  ? security_capable+0x7e/0x260
[  175.693257][ T9097]  bpf_prog_alloc+0x3b/0x230
[  175.693270][ T9097]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  175.693282][ T9097]  bpf_prog_load+0x160e/0x2490
[  175.693295][ T9097]  ? __pfx_bpf_prog_load+0x10/0x10
[  175.693315][ T9097]  ? bpf_lsm_bpf+0x9/0x10
[  175.693330][ T9097]  __sys_bpf+0x433c/0x4d80
[  175.693340][ T9097]  ? irq_work_queue+0xce/0x100
[  175.693351][ T9097]  ? __pfx___sys_bpf+0x10/0x10
[  175.693362][ T9097]  ? __pfx_bpf_send_signal_common+0x10/0x10
[  175.693386][ T9097]  ? __might_fault+0xe3/0x190
[  175.693400][ T9097]  ? __might_fault+0x13b/0x190
[  175.693414][ T9097]  ? find_held_lock+0x2b/0x80
[  175.693426][ T9097]  ? syscall_trace_enter+0x1cb/0x260
[  175.693439][ T9097]  __ia32_sys_bpf+0x76/0xe0
[  175.693450][ T9097]  __do_fast_syscall_32+0x73/0x120
[  175.693466][ T9097]  do_fast_syscall_32+0x32/0x80
[  175.693483][ T9097]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  175.693495][ T9097] RIP: 0023:0xf73fe579
[  175.693503][ T9097] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  175.693512][ T9097] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  175.693521][ T9097] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000480
[  175.693528][ T9097] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  175.693533][ T9097] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  175.693538][ T9097] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  175.693543][ T9097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  175.693555][ T9097]  </TASK>
[  175.693559][ T9097] Mem-Info:
[  175.812929][ T9093] IPVS: using max 48 ests per chain, 115200 per kthread
[  175.814959][ T9097] active_anon:8518 inactive_anon:71 isolated_anon:0
[  175.814959][ T9097]  active_file:3996 inactive_file:40219 isolated_file:0
[  175.814959][ T9097]  unevictable:1780 dirty:21 writeback:0
[  175.814959][ T9097]  slab_reclaimable:7298 slab_unreclaimable:65007
[  175.814959][ T9097]  mapped:26192 shmem:5090 pagetables:925
[  175.814959][ T9097]  sec_pagetables:310 bounce:0
[  175.814959][ T9097]  kernel_misc_reclaimable:0
[  175.814959][ T9097]  free:42800 free_pcp:2103 free_cma:0
[  175.863057][ T9097] Node 0 active_anon:0kB inactive_anon:80kB active_file:28kB inactive_file:0kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8764kB pagetables:912kB sec_pagetables:1144kB all_unreclaimable? yes Balloon:0kB
[  175.890465][ T9097] Node 1 active_anon:33980kB inactive_anon:204kB active_file:15956kB inactive_file:160876kB unevictable:3584kB isolated(anon):0kB isolated(file):0kB mapped:104644kB dirty:84kB writeback:0kB shmem:16820kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4116kB pagetables:2888kB sec_pagetables:96kB all_unreclaimable? no Balloon:0kB
[  175.932964][ T9097] Node 0 DMA free:2108kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:316kB local_pcp:96kB free_cma:0kB
[  175.973020][ T9097] lowmem_reserve[]: 0 290 290 290 290
[  175.975129][ T9097] Node 0 DMA32 free:19428kB boost:0kB min:13336kB low:16668kB high:20000kB reserved_highatomic:4096KB active_anon:152kB inactive_anon:272kB active_file:28kB inactive_file:0kB unevictable:3536kB writepending:0kB present:1032196kB managed:297508kB mlocked:0kB bounce:0kB free_pcp:1768kB local_pcp:1388kB free_cma:0kB
[  176.012943][ T9097] lowmem_reserve[]: 0 0 0 0 0
[  176.015031][ T9097] Node 1 DMA32 free:149168kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:2048KB active_anon:33980kB inactive_anon:204kB active_file:15956kB inactive_file:160876kB unevictable:3584kB writepending:84kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:6744kB local_pcp:1284kB free_cma:0kB
[  176.043026][ T9097] lowmem_reserve[]: 0 0 0 0 0
[  176.048839][ T9097] Node 0 DMA: 3*4kB (M) 7*8kB (UM) 14*16kB (UM) 6*32kB (UM) 1*64kB (M) 0*128kB 2*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2084kB
[  176.062269][ T9108] FAULT_INJECTION: forcing a failure.
[  176.062269][ T9108] name failslab, interval 1, probability 0, space 0, times 0
[  176.062952][ T9097] Node 0 DMA32: 48*4kB (UMEH) 117*8kB (UMEH) 77*16kB (UMEH) 131*32kB (UMEH) 60*64kB (UMEH) 20*128kB (UMEH) 14*256kB (MEH) 2*512kB (MH) 0*1024kB 0*2048kB 0*4096kB = 17560kB
[  176.092949][ T9108] CPU: 0 UID: 0 PID: 9108 Comm: syz.4.880 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  176.092966][ T9108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  176.092972][ T9108] Call Trace:
[  176.092976][ T9108]  <TASK>
[  176.092980][ T9108]  dump_stack_lvl+0x16c/0x1f0
[  176.092997][ T9108]  should_fail_ex+0x512/0x640
[  176.093009][ T9108]  ? fs_reclaim_acquire+0xae/0x150
[  176.093022][ T9108]  ? tomoyo_encode2+0x100/0x3e0
[  176.093035][ T9108]  should_failslab+0xc2/0x120
[  176.093044][ T9108]  __kmalloc_noprof+0xd2/0x510
[  176.093059][ T9108]  ? d_absolute_path+0x136/0x1a0
[  176.093072][ T9108]  tomoyo_encode2+0x100/0x3e0
[  176.093088][ T9108]  tomoyo_encode+0x29/0x50
[  176.093100][ T9108]  tomoyo_realpath_from_path+0x18f/0x6e0
[  176.093117][ T9108]  tomoyo_path_perm+0x274/0x460
[  176.093127][ T9108]  ? tomoyo_path_perm+0x260/0x460
[  176.093138][ T9108]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  176.093163][ T9108]  ? find_held_lock+0x2b/0x80
[  176.093175][ T9108]  ? __might_fault+0xe3/0x190
[  176.093190][ T9108]  ? __might_fault+0xe3/0x190
[  176.093203][ T9108]  ? __might_fault+0x13b/0x190
[  176.093219][ T9108]  security_inode_getattr+0x116/0x290
[  176.093231][ T9108]  vfs_statx+0x114/0x210
[  176.093242][ T9108]  ? __pfx_vfs_statx+0x10/0x10
[  176.093252][ T9108]  ? getname_flags.part.0+0x1c2/0x540
[  176.093266][ T9108]  vfs_fstatat+0x7b/0xf0
[  176.093276][ T9108]  __do_compat_sys_ia32_stat64+0x98/0x110
[  176.093287][ T9108]  ? __pfx___do_compat_sys_ia32_stat64+0x10/0x10
[  176.093304][ T9108]  ? syscall_trace_enter+0x1cb/0x260
[  176.093316][ T9108]  ? rcu_is_watching+0x12/0xc0
[  176.093330][ T9108]  __do_fast_syscall_32+0x73/0x120
[  176.093345][ T9108]  do_fast_syscall_32+0x32/0x80
[  176.093358][ T9108]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  176.093371][ T9108] RIP: 0023:0xf739e579
[  176.093379][ T9108] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  176.093389][ T9108] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 00000000000000c3
[  176.093399][ T9108] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000080000040
[  176.093405][ T9108] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  176.093410][ T9108] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  176.093415][ T9108] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  176.093421][ T9108] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  176.093433][ T9108]  </TASK>
[  176.093433][ T9097] Node 1 
[  176.093444][ T9108] ERROR: Out of memory at tomoyo_realpath_from_path.
[  176.113895][ T9097] DMA32: 
[  176.196970][ T9109] openvswitch: netlink: Actions may not be safe on all matching packets
[  176.202904][ T9097] 445*4kB (UMEH) 620*8kB (MEH) 217*16kB (UMEH) 134*32kB (UMEH) 541*64kB (UMEH) 91*128kB (UME) 54*256kB (UME) 45*512kB (UME) 19*1024kB (UM) 10*2048kB (UM) 0*4096kB = 137572kB
[  176.232886][ T9097] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  176.235629][ T9097] Node 0 hugepages_total=14 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  176.238170][ T9097] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  176.240753][ T9097] Node 1 hugepages_total=4294967286 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  176.276602][ T9097] 49357 total pagecache pages
[  176.277972][ T9097] 99 pages in swap cache
[  176.279218][ T9097] Free swap  = 121588kB
[  176.280410][ T9097] Total swap = 124996kB
[  176.281613][ T9097] 524155 pages RAM
[  176.282712][ T9097] 0 pages HighMem/MovableOnly
[  176.314391][ T9097] 208867 pages reserved
[  176.325974][ T9097] 0 pages cma reserved
[  176.533349][ T9117] 9pnet: Could not find request transport: fI
[  176.878548][ T9119] netlink: 72 bytes leftover after parsing attributes in process `syz.0.885'.
[  177.114719][ T9134] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[  177.527538][ T9155] netlink: 'syz.0.895': attribute type 4 has an invalid length.
[  177.530774][ T9155] netlink: 60 bytes leftover after parsing attributes in process `syz.0.895'.
[  177.712249][ T9164] 9pnet: Could not find request transport: fI
[  177.842928][   T29] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  177.942050][ T9173] 9pnet: Could not find request transport: fI
[  178.064996][   T29] usb 8-1: Using ep0 maxpacket: 32
[  178.127456][   T29] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  178.131052][   T29] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  178.133944][   T29] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  178.382991][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  178.393865][   T29] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  178.415298][   T29] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  178.419245][   T29] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  178.421833][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.449933][   T29] usb 8-1: config 0 descriptor??
[  178.790286][   T29] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  178.892422][   T29] usb 8-1: USB disconnect, device number 11
[  178.923810][   T29] usblp0: removed
[  179.286795][ T5995] libceph: connect (1)[c::]:6789 error -101
[  179.288584][ T5995] libceph: mon0 (1)[c::]:6789 connect error
[  179.294356][ T9192] snd_dummy snd_dummy.0: control 5:65279:0:syz0:4 is already present
[  179.307955][   T40] audit: type=1326 audit(2000000018.477:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9191 comm="syz.1.907" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x0
[  179.326362][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.905'.
[  179.328997][ T9187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.905'.
[  179.440426][ T9201] netlink: 24 bytes leftover after parsing attributes in process `syz.1.907'.
[  179.553661][ T5995] libceph: connect (1)[c::]:6789 error -101
[  179.555507][ T5995] libceph: mon0 (1)[c::]:6789 connect error
[  179.798271][ T9196] ceph: No mds server is up or the cluster is laggy
[  180.156115][ T9210] 9pnet: Could not find request transport: fI
[  180.532963][ T7080] IPVS: starting estimator thread 0...
[  180.623712][ T9220] IPVS: using max 48 ests per chain, 115200 per kthread
[  180.761452][ T9219] netlink: 32 bytes leftover after parsing attributes in process `syz.0.914'.
[  181.011143][   T40] audit: type=1326 audit(2000000020.177:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.032916][   T40] audit: type=1326 audit(2000000020.177:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.038738][   T40] audit: type=1326 audit(2000000020.177:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.072900][   T40] audit: type=1326 audit(2000000020.187:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=293 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.089728][   T40] audit: type=1326 audit(2000000020.187:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.110031][   T40] audit: type=1326 audit(2000000020.187:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=376 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.140445][   T40] audit: type=1326 audit(2000000020.187:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.147262][   T40] audit: type=1326 audit(2000000020.187:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.172883][   T40] audit: type=1326 audit(2000000020.187:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.192933][   T40] audit: type=1326 audit(2000000020.187:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9229 comm="syz.0.917" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf742e579 code=0x7ffc0000
[  181.508780][ T9238] FAULT_INJECTION: forcing a failure.
[  181.508780][ T9238] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  181.538743][ T9238] CPU: 1 UID: 0 PID: 9238 Comm: syz.4.920 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  181.538777][ T9238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  181.538786][ T9238] Call Trace:
[  181.538792][ T9238]  <TASK>
[  181.538798][ T9238]  dump_stack_lvl+0x16c/0x1f0
[  181.538822][ T9238]  should_fail_ex+0x512/0x640
[  181.538844][ T9238]  _copy_from_user+0x2e/0xd0
[  181.538863][ T9238]  bpf_test_init.isra.0+0xe2/0x140
[  181.538884][ T9238]  bpf_prog_test_run_xdp+0x4f0/0x1540
[  181.538912][ T9238]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  181.538932][ T9238]  ? __might_fault+0x70/0x190
[  181.538958][ T9238]  ? fput+0x70/0xf0
[  181.538973][ T9238]  ? __bpf_prog_get+0xa0/0x290
[  181.538995][ T9238]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  181.539014][ T9238]  __sys_bpf+0x1485/0x4d80
[  181.539029][ T9238]  ? irq_work_queue+0xce/0x100
[  181.539047][ T9238]  ? __pfx___sys_bpf+0x10/0x10
[  181.539063][ T9238]  ? __pfx_bpf_send_signal_common+0x10/0x10
[  181.539103][ T9238]  ? __might_fault+0xe3/0x190
[  181.539121][ T9238]  ? __might_fault+0x13b/0x190
[  181.539135][ T9238]  ? find_held_lock+0x2b/0x80
[  181.539148][ T9238]  ? syscall_trace_enter+0x1cb/0x260
[  181.539167][ T9238]  __ia32_sys_bpf+0x76/0xe0
[  181.539185][ T9238]  __do_fast_syscall_32+0x73/0x120
[  181.539207][ T9238]  do_fast_syscall_32+0x32/0x80
[  181.539227][ T9238]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  181.539245][ T9238] RIP: 0023:0xf739e579
[  181.539256][ T9238] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  181.539271][ T9238] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  181.539286][ T9238] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000200
[  181.539296][ T9238] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  181.539305][ T9238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  181.539314][ T9238] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  181.539323][ T9238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  181.539343][ T9238]  </TASK>
[  181.658230][ T9228] futex_wake_op: syz.3.918 tries to shift op by -1; fix this program
[  181.986053][ T9252] netlink: 72 bytes leftover after parsing attributes in process `syz.3.924'.
[  182.136763][ T9254] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  183.135392][ T9272] tmpfs: Unknown parameter 'grpquota…'
[  183.181914][ T9272] lo speed is unknown, defaulting to 1000
[  183.185733][ T9272] lo speed is unknown, defaulting to 1000
[  183.795501][ T9279] FAULT_INJECTION: forcing a failure.
[  183.795501][ T9279] name fail_futex, interval 1, probability 0, space 0, times 1
[  183.802522][ T9279] CPU: 0 UID: 0 PID: 9279 Comm: syz.3.933 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  183.802563][ T9279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  183.802572][ T9279] Call Trace:
[  183.802577][ T9279]  <TASK>
[  183.802582][ T9279]  dump_stack_lvl+0x16c/0x1f0
[  183.802606][ T9279]  should_fail_ex+0x512/0x640
[  183.802628][ T9279]  get_futex_key+0x49e/0x1000
[  183.802651][ T9279]  ? __pfx_get_futex_key+0x10/0x10
[  183.802672][ T9279]  ? irqentry_exit+0x3b/0x90
[  183.802691][ T9279]  ? lockdep_hardirqs_on+0x7c/0x110
[  183.802714][ T9279]  futex_wake_op+0x129/0xd40
[  183.802732][ T9279]  ? native_apic_msr_write+0x28/0x40
[  183.802753][ T9279]  ? __pfx_futex_wake_op+0x10/0x10
[  183.802769][ T9279]  ? __irq_work_queue_local+0xf4/0x450
[  183.802787][ T9279]  ? irq_work_queue+0xce/0x100
[  183.802807][ T9279]  ? __pfx_bpf_send_signal_common+0x10/0x10
[  183.802841][ T9279]  do_futex+0x2e9/0x350
[  183.802865][ T9279]  ? __pfx_do_futex+0x10/0x10
[  183.802892][ T9279]  __ia32_sys_futex_time32+0x1d9/0x460
[  183.802920][ T9279]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  183.802944][ T9279]  ? syscall_trace_enter+0x1cb/0x260
[  183.802963][ T9279]  ? rcu_is_watching+0x12/0xc0
[  183.802986][ T9279]  __do_fast_syscall_32+0x73/0x120
[  183.803008][ T9279]  do_fast_syscall_32+0x32/0x80
[  183.803030][ T9279]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  183.803050][ T9279] RIP: 0023:0xf7f46579
[  183.803062][ T9279] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  183.803075][ T9279] RSP: 002b:00000000f506655c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0
[  183.803089][ T9279] RAX: ffffffffffffffda RBX: 0000000080000180 RCX: 0000000000000005
[  183.803098][ T9279] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000080000000
[  183.803106][ T9279] RBP: 00000000affffffa R08: 0000000000000000 R09: 0000000000000000
[  183.803115][ T9279] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  183.803123][ T9279] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  183.803142][ T9279]  </TASK>
[  184.177396][ T9284] futex_wake_op: syz.0.932 tries to shift op by -1; fix this program
[  184.259963][ T9286] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  185.093876][ T9288] futex_wake_op: syz.3.935 tries to shift op by -1; fix this program
[  185.187339][ T9288] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.307184][ T9290] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  185.310710][ T9290] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  185.331060][ T9290] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  185.335299][ T9288] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.463266][ T5962] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  185.463790][ T9288] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.468585][ T9295] netlink: 32 bytes leftover after parsing attributes in process `syz.4.937'.
[  185.613712][ T9288] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.891618][ T9288] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  185.969436][ T9288] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.006910][ T9288] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.052983][ T9288] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  186.233281][ T9307] dlm: no local IP address has been set
[  186.240605][ T9307] dlm: cannot start dlm midcomms -107
[  186.307908][ T9303] wireguard0: entered promiscuous mode
[  186.309523][ T9303] wireguard0: entered allmulticast mode
[  186.933446][ T9331] netlink: 'syz.3.949': attribute type 29 has an invalid length.
[  186.949453][ T9331] netlink: 'syz.3.949': attribute type 29 has an invalid length.
[  187.162668][ T9342] netlink: 40 bytes leftover after parsing attributes in process `syz.0.952'.
[  187.323196][ T5962] Bluetooth: hci1: command 0x0c1a tx timeout
[  187.331040][ T9348] netlink: 28 bytes leftover after parsing attributes in process `syz.1.955'.
[  187.680170][ T9347] netlink: 'syz.3.954': attribute type 4 has an invalid length.
[  187.690301][ T9347] netlink: 8 bytes leftover after parsing attributes in process `syz.3.954'.
[  187.733052][ T9347] netlink: 8 bytes leftover after parsing attributes in process `syz.3.954'.
[  188.006742][ T9350] netlink: 'syz.0.957': attribute type 4 has an invalid length.
[  188.027623][ T9350] netlink: 8 bytes leftover after parsing attributes in process `syz.0.957'.
[  188.205277][ T9358] FAULT_INJECTION: forcing a failure.
[  188.205277][ T9358] name failslab, interval 1, probability 0, space 0, times 0
[  188.208840][ T9358] CPU: 1 UID: 0 PID: 9358 Comm: syz.1.959 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  188.208854][ T9358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  188.208860][ T9358] Call Trace:
[  188.208864][ T9358]  <TASK>
[  188.208868][ T9358]  dump_stack_lvl+0x16c/0x1f0
[  188.208885][ T9358]  should_fail_ex+0x512/0x640
[  188.208897][ T9358]  ? fs_reclaim_acquire+0xae/0x150
[  188.208911][ T9358]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  188.208924][ T9358]  should_failslab+0xc2/0x120
[  188.208934][ T9358]  __kmalloc_noprof+0xd2/0x510
[  188.208953][ T9358]  tomoyo_realpath_from_path+0xc2/0x6e0
[  188.208968][ T9358]  ? tomoyo_profile+0x47/0x60
[  188.208984][ T9358]  tomoyo_path_number_perm+0x245/0x580
[  188.208995][ T9358]  ? tomoyo_path_number_perm+0x237/0x580
[  188.209008][ T9358]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  188.209020][ T9358]  ? arch_irq_work_raise+0x4f/0x70
[  188.209048][ T9358]  ? find_held_lock+0x2b/0x80
[  188.209061][ T9358]  ? hook_file_ioctl_common+0x145/0x410
[  188.209075][ T9358]  ? __fget_files+0x20e/0x3c0
[  188.209091][ T9358]  security_file_ioctl_compat+0x9b/0x240
[  188.209105][ T9358]  __do_compat_sys_ioctl+0x4e/0x2c0
[  188.209119][ T9358]  __do_fast_syscall_32+0x73/0x120
[  188.209134][ T9358]  do_fast_syscall_32+0x32/0x80
[  188.209148][ T9358]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  188.209160][ T9358] RIP: 0023:0xf73fe579
[  188.209168][ T9358] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  188.209178][ T9358] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  188.209187][ T9358] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000707
[  188.209193][ T9358] RDX: 00000000800004c0 RSI: 0000000000000000 RDI: 0000000000000000
[  188.209199][ T9358] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  188.209204][ T9358] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  188.209209][ T9358] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  188.209222][ T9358]  </TASK>
[  188.209226][ T9358] ERROR: Out of memory at tomoyo_realpath_from_path.
[  189.392991][ T5962] Bluetooth: hci1: command 0x0c1a tx timeout
[  189.763153][ T9397] netlink: 16 bytes leftover after parsing attributes in process `syz.1.972'.
[  190.576908][ T9416] ptrace attach of "/syz-executor exec"[5963] was attempted by ""[9416]
[  190.712621][   T40] kauditd_printk_skb: 19 callbacks suppressed
[  190.712632][   T40] audit: type=1804 audit(2000000029.877:157): pid=9409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.974" name="/newroot/232/file0" dev="tmpfs" ino=1250 res=1 errno=0
[  190.722546][   T40] audit: type=1326 audit(2000000029.887:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9404 comm="syz.3.974" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x0
[  191.261852][ T9419] netlink: 'syz.1.977': attribute type 1 has an invalid length.
[  191.326983][ T9419] 8021q: adding VLAN 0 to HW filter on device bond2
[  191.473357][ T5962] Bluetooth: hci1: command 0x0c1a tx timeout
[  191.512058][ T9426] netlink: 72 bytes leftover after parsing attributes in process `syz.0.979'.
[  191.527551][ T9423] bond2: (slave veth3): Enslaving as an active interface with a down link
[  191.537365][ T9419] ip6erspan0: entered promiscuous mode
[  191.539011][ T9419] ip6erspan0: entered allmulticast mode
[  193.110838][ T9478] netlink: 'syz.0.997': attribute type 1 has an invalid length.
[  193.140286][ T9478] 8021q: adding VLAN 0 to HW filter on device bond1
[  193.233072][ T9478] netlink: 28 bytes leftover after parsing attributes in process `syz.0.997'.
[  193.247117][ T9478] netlink: 20 bytes leftover after parsing attributes in process `syz.0.997'.
[  193.260235][ T9476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.996'.
[  193.263814][ T9476] netlink: 12 bytes leftover after parsing attributes in process `syz.1.996'.
[  193.423904][ T9488] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1000'.
[  193.494982][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1000'.
[  193.636736][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  193.641909][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  194.780384][   T40] audit: type=1326 audit(2000000033.947:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9511 comm="syz.3.1010" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f46579 code=0x7f7c0000
[  195.794922][ T9533] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1017'.
[  195.954066][ T9533] vlan2: entered promiscuous mode
[  195.993222][ T9533] vlan2: entered allmulticast mode
[  195.994778][ T9533] hsr_slave_1: entered allmulticast mode
[  196.002979][ T6014] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  196.153095][ T6014] usb 6-1: Using ep0 maxpacket: 16
[  196.156204][ T6014] usb 6-1: config 0 has no interfaces?
[  196.159762][ T6014] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  196.162354][ T6014] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.173661][ T6014] usb 6-1: Product: syz
[  196.182914][ T6014] usb 6-1: Manufacturer: syz
[  196.184321][ T6014] usb 6-1: SerialNumber: syz
[  196.203576][ T6014] usb 6-1: config 0 descriptor??
[  196.421009][ T5995] usb 6-1: USB disconnect, device number 16
[  197.458562][ T9556] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  197.538530][ T9557] netlink: 'syz.1.1023': attribute type 10 has an invalid length.
[  197.539008][ T9556] bridge_slave_0: left allmulticast mode
[  197.588528][ T9556] bridge_slave_0: left promiscuous mode
[  197.590519][ T9556] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.642384][ T9556] bond0: (slave bond_slave_0): Releasing backup interface
[  197.725181][ T9556] bond0: (slave bond_slave_1): Releasing backup interface
[  197.765996][ T9556] team0: Port device team_slave_0 removed
[  197.780875][ T9556] team0: Port device team_slave_1 removed
[  197.784695][ T9556] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  197.792604][ T9556] batman_adv: batadv0: Removing interface: batadv_slave_0
[  197.841761][ T9556] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  197.888971][ T9556] batman_adv: batadv0: Removing interface: batadv_slave_1
[  197.947462][ T9556] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[  197.950395][ T9556] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  197.987380][ T9556] bridge0: port 3(netdevsim0) entered disabled state
[  198.073982][ T9556] bond2: (slave veth3): Releasing active interface
[  198.095881][ T7080] lo speed is unknown, defaulting to 1000
[  198.202919][ T9557] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  198.209978][ T9557] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  198.784651][ T9594] futex_wake_op: syz.0.1029 tries to shift op by -1; fix this program
[  199.455356][ T9600] delete_channel: no stack
[  199.710496][ T9606] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1034'.
[  199.743616][ T9599] delete_channel: no stack
[  199.966304][ T9614] Invalid logical block size (48858)
[  200.710060][ T9630] futex_wake_op: syz.4.1042 tries to shift op by -1; fix this program
[  200.990546][ T9647] jfs: Unknown parameter 'grpquotaon_end'
[  201.566633][ T9656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1052'.
[  201.588363][ T9656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1052'.
[  201.683413][ T9663] FAULT_INJECTION: forcing a failure.
[  201.683413][ T9663] name failslab, interval 1, probability 0, space 0, times 0
[  201.697074][ T9663] CPU: 3 UID: 0 PID: 9663 Comm: syz.4.1054 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  201.697090][ T9663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  201.697096][ T9663] Call Trace:
[  201.697100][ T9663]  <TASK>
[  201.697104][ T9663]  dump_stack_lvl+0x16c/0x1f0
[  201.697122][ T9663]  should_fail_ex+0x512/0x640
[  201.697134][ T9663]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  201.697151][ T9663]  should_failslab+0xc2/0x120
[  201.697161][ T9663]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  201.697175][ T9663]  ? __pfx___might_resched+0x10/0x10
[  201.697188][ T9663]  ? alloc_vmap_area+0x613/0x2970
[  201.697202][ T9663]  alloc_vmap_area+0x613/0x2970
[  201.697218][ T9663]  ? __pfx_alloc_vmap_area+0x10/0x10
[  201.697233][ T9663]  __get_vm_area_node+0x1a7/0x300
[  201.697252][ T9663]  __vmalloc_node_range_noprof+0x277/0x1540
[  201.697265][ T9663]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  201.697284][ T9663]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  201.697299][ T9663]  ? __might_fault+0x13b/0x190
[  201.697315][ T9663]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  201.697330][ T9663]  ? _copy_from_user+0x59/0xd0
[  201.697343][ T9663]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  201.697357][ T9663]  __vmalloc_noprof+0x6d/0x90
[  201.697370][ T9663]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  201.697385][ T9663]  bpf_prog_alloc_no_stats+0x54/0x630
[  201.697415][ T9663]  ? __asan_memset+0x23/0x50
[  201.697431][ T9663]  bpf_prog_alloc+0x3b/0x230
[  201.697444][ T9663]  ? __pfx_copy_bpf_fprog_from_user+0x10/0x10
[  201.697461][ T9663]  __get_filter+0x112/0x2d0
[  201.697475][ T9663]  sk_attach_filter+0x1e/0x180
[  201.697489][ T9663]  sk_setsockopt+0x25f3/0x3810
[  201.697506][ T9663]  ? __pfx_sk_setsockopt+0x10/0x10
[  201.697521][ T9663]  ? aa_sk_perm+0x2f4/0xb10
[  201.697534][ T9663]  ? __lock_acquire+0x5ca/0x1ba0
[  201.697543][ T9663]  ? __pfx_aa_sk_perm+0x10/0x10
[  201.697559][ T9663]  do_sock_setsockopt+0x3f2/0x470
[  201.697573][ T9663]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  201.697595][ T9663]  __sys_setsockopt+0x1a0/0x230
[  201.697609][ T9663]  __ia32_sys_setsockopt+0xbc/0x160
[  201.697620][ T9663]  ? syscall_trace_enter+0xee/0x260
[  201.697631][ T9663]  __do_fast_syscall_32+0x73/0x120
[  201.697646][ T9663]  do_fast_syscall_32+0x32/0x80
[  201.697659][ T9663]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  201.697672][ T9663] RIP: 0023:0xf739e579
[  201.697680][ T9663] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  201.697690][ T9663] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  201.697700][ T9663] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[  201.697706][ T9663] RDX: 000000000000001a RSI: 0000000080000040 RDI: 0000000000000008
[  201.697712][ T9663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  201.697717][ T9663] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  201.697722][ T9663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  201.697734][ T9663]  </TASK>
[  201.697748][ T9663] syz.4.1054: vmalloc error: size 4096, vm_struct allocation failed, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null)
[  201.813494][ T9662] futex_wake_op: syz.0.1055 tries to shift op by -1; fix this program
[  201.832932][ T9663] ,cpuset=/,mems_allowed=0-1
[  201.842903][ T9663] CPU: 3 UID: 0 PID: 9663 Comm: syz.4.1054 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  201.842918][ T9663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  201.842926][ T9663] Call Trace:
[  201.842929][ T9663]  <TASK>
[  201.842934][ T9663]  dump_stack_lvl+0x16c/0x1f0
[  201.842954][ T9663]  warn_alloc+0x248/0x3a0
[  201.842972][ T9663]  ? __pfx_warn_alloc+0x10/0x10
[  201.842987][ T9663]  ? kfree+0x2b6/0x4d0
[  201.843003][ T9663]  ? __get_vm_area_node+0x1e5/0x300
[  201.843019][ T9663]  __vmalloc_node_range_noprof+0xd31/0x1540
[  201.843037][ T9663]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  201.843055][ T9663]  ? __might_fault+0x13b/0x190
[  201.843081][ T9663]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  201.843095][ T9663]  ? _copy_from_user+0x59/0xd0
[  201.843110][ T9663]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  201.843126][ T9663]  __vmalloc_noprof+0x6d/0x90
[  201.843138][ T9663]  ? bpf_prog_alloc_no_stats+0x54/0x630
[  201.843153][ T9663]  bpf_prog_alloc_no_stats+0x54/0x630
[  201.843167][ T9663]  ? __asan_memset+0x23/0x50
[  201.843182][ T9663]  bpf_prog_alloc+0x3b/0x230
[  201.843195][ T9663]  ? __pfx_copy_bpf_fprog_from_user+0x10/0x10
[  201.843214][ T9663]  __get_filter+0x112/0x2d0
[  201.843228][ T9663]  sk_attach_filter+0x1e/0x180
[  201.843244][ T9663]  sk_setsockopt+0x25f3/0x3810
[  201.843261][ T9663]  ? __pfx_sk_setsockopt+0x10/0x10
[  201.843277][ T9663]  ? aa_sk_perm+0x2f4/0xb10
[  201.843291][ T9663]  ? __lock_acquire+0x5ca/0x1ba0
[  201.843301][ T9663]  ? __pfx_aa_sk_perm+0x10/0x10
[  201.843317][ T9663]  do_sock_setsockopt+0x3f2/0x470
[  201.843333][ T9663]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  201.843355][ T9663]  __sys_setsockopt+0x1a0/0x230
[  201.843369][ T9663]  __ia32_sys_setsockopt+0xbc/0x160
[  201.843380][ T9663]  ? syscall_trace_enter+0xee/0x260
[  201.843393][ T9663]  __do_fast_syscall_32+0x73/0x120
[  201.843409][ T9663]  do_fast_syscall_32+0x32/0x80
[  201.843422][ T9663]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  201.843436][ T9663] RIP: 0023:0xf739e579
[  201.843444][ T9663] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  201.843454][ T9663] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  201.843464][ T9663] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[  201.843469][ T9663] RDX: 000000000000001a RSI: 0000000080000040 RDI: 0000000000000008
[  201.843475][ T9663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  201.843480][ T9663] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  201.843485][ T9663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  201.843497][ T9663]  </TASK>
[  201.843501][ T9663] Mem-Info:
[  201.957664][ T9663] active_anon:6859 inactive_anon:45 isolated_anon:0
[  201.957664][ T9663]  active_file:4181 inactive_file:36961 isolated_file:0
[  201.957664][ T9663]  unevictable:1780 dirty:338 writeback:0
[  201.957664][ T9663]  slab_reclaimable:7336 slab_unreclaimable:66746
[  201.957664][ T9663]  mapped:23706 shmem:3315 pagetables:975
[  201.957664][ T9663]  sec_pagetables:311 bounce:0
[  201.957664][ T9663]  kernel_misc_reclaimable:0
[  201.957664][ T9663]  free:43467 free_pcp:3568 free_cma:0
[  202.002930][ T9663] Node 0 active_anon:2108kB inactive_anon:0kB active_file:96kB inactive_file:0kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:172kB dirty:0kB writeback:0kB shmem:4756kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8764kB pagetables:860kB sec_pagetables:1148kB all_unreclaimable? yes Balloon:0kB
[  202.042909][ T9663] Node 1 active_anon:22996kB inactive_anon:180kB active_file:16628kB inactive_file:147844kB unevictable:3584kB isolated(anon):0kB isolated(file):0kB mapped:94652kB dirty:1352kB writeback:0kB shmem:6096kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4344kB pagetables:2940kB sec_pagetables:96kB all_unreclaimable? no Balloon:0kB
[  202.073443][ T9663] Node 0 DMA free:2108kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:48kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:504kB local_pcp:24kB free_cma:0kB
[  202.093171][ T9663] lowmem_reserve[]: 0 290 290 290 290
[  202.095002][ T9663] Node 0 DMA32 free:21180kB boost:2048kB min:15384kB low:18716kB high:22048kB reserved_highatomic:4096KB active_anon:816kB inactive_anon:0kB active_file:48kB inactive_file:0kB unevictable:3536kB writepending:0kB present:1032196kB managed:297508kB mlocked:0kB bounce:0kB free_pcp:4800kB local_pcp:276kB free_cma:0kB
[  202.113240][ T9663] lowmem_reserve[]: 0 0 0 0 0
[  202.123160][ T9663] Node 1 DMA32 free:161620kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:2048KB active_anon:23096kB inactive_anon:180kB active_file:16628kB inactive_file:147844kB unevictable:3584kB writepending:1352kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:2364kB local_pcp:1132kB free_cma:0kB
[  202.145102][ T9663] lowmem_reserve[]: 0 0 0 0 0
[  202.146576][ T9663] Node 0 DMA: 12*4kB (UM) 9*8kB (M) 14*16kB (UM) 5*32kB (UM) 5*64kB (UM) 0*128kB 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2104kB
[  202.150893][ T9663] Node 0 DMA32: 43*4kB (MEH) 197*8kB (UMEH) 65*16kB (UMEH) 135*32kB (UMEH) 71*64kB (UEH) 21*128kB (UMEH) 20*256kB (UMEH) 3*512kB (UMH) 0*1024kB 0*2048kB 0*4096kB = 20996kB
[  202.165913][ T9663] Node 1 DMA32: 22*4kB (UEH) 655*8kB (UMEH) 576*16kB (UMEH) 383*32kB (UMEH) 160*64kB (UMEH) 84*128kB (UME) 53*256kB (UME) 46*512kB (UME) 22*1024kB (UM) 12*2048kB (UM) 6*4096kB (UM) = 156592kB
[  202.182951][ T9663] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  202.185901][ T9663] Node 0 hugepages_total=22 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  202.192965][ T9663] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  202.206719][ T9663] Node 1 hugepages_total=4294967278 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  202.220081][ T9663] 46557 total pagecache pages
[  202.224888][ T9663] 139 pages in swap cache
[  202.229518][ T9663] Free swap  = 121780kB
[  202.235255][ T9663] Total swap = 124996kB
[  202.240983][ T9663] 524155 pages RAM
[  202.245490][ T9663] 0 pages HighMem/MovableOnly
[  202.251292][ T9663] 208867 pages reserved
[  202.255909][ T9663] 0 pages cma reserved
[  202.496693][ T9679] fuse: Unknown parameter '	'
[  203.043202][ T3228] libceph: connect (1)[c::]:6789 error -101
[  203.044950][ T3228] libceph: mon0 (1)[c::]:6789 connect error
[  203.303125][ T3228] libceph: connect (1)[c::]:6789 error -101
[  203.305169][ T3228] libceph: mon0 (1)[c::]:6789 connect error
[  203.377548][ T9684] ceph: No mds server is up or the cluster is laggy
[  203.515562][ T9695] futex_wake_op: syz.0.1065 tries to shift op by -1; fix this program
[  203.809742][ T9703] wireguard0: entered promiscuous mode
[  203.811874][ T9703] wireguard0: entered allmulticast mode
[  203.906716][ T9708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1068'.
[  203.941251][ T9708] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1068'.
[  204.594816][ T9728] futex_wake_op: syz.4.1076 tries to shift op by -1; fix this program
[  204.915990][ T9741] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1082'.
[  205.438961][ T9749] bridge2: entered promiscuous mode
[  206.287017][ T9757] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.289479][ T9757] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.325185][ T9757] bond0: left promiscuous mode
[  206.326605][ T9757] bond_slave_0: left promiscuous mode
[  206.328211][ T9757] bond_slave_1: left promiscuous mode
[  206.408824][ T9767] netlink: 'syz.0.1091': attribute type 7 has an invalid length.
[  207.218948][ T9769] futex_wake_op: syz.4.1090 tries to shift op by -1; fix this program
[  207.762166][ T9757] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  207.794443][ T9757] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  208.147670][ T9757] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.162911][ T9757] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.167820][ T9757] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.170417][ T9757] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  208.213388][ T9757] ip6erspan0: left promiscuous mode
[  208.215107][ T9757] ip6erspan0: left allmulticast mode
[  208.216841][ T9757] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  208.974872][ T6096] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  209.143752][ T6096] usb 6-1: Using ep0 maxpacket: 16
[  209.150192][ T6096] usb 6-1: config 0 has no interfaces?
[  209.184835][ T6096] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  209.187365][ T6096] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.189823][ T6096] usb 6-1: Product: syz
[  209.191378][ T6096] usb 6-1: Manufacturer: syz
[  209.193348][ T6096] usb 6-1: SerialNumber: syz
[  209.197703][ T6096] usb 6-1: config 0 descriptor??
[  209.231415][ T9808] overlayfs: failed to clone upperpath
[  209.353584][ T9810] netlink: 'syz.0.1104': attribute type 21 has an invalid length.
[  209.355812][ T9810] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1104'.
[  209.416051][ T6096] usb 6-1: USB disconnect, device number 17
[  209.420167][ T1140] ==================================================================
[  209.422419][ T1140] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[  209.425184][ T1140] Read of size 1 at addr ffff888026599809 by task kworker/u32:7/1140
[  209.428682][ T1140] 
[  209.430417][ T1140] CPU: 3 UID: 0 PID: 1140 Comm: kworker/u32:7 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  209.430438][ T1140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  209.430449][ T1140] Workqueue: events_unbound commit_work
[  209.430475][ T1140] Call Trace:
[  209.430480][ T1140]  <TASK>
[  209.430487][ T1140]  dump_stack_lvl+0x116/0x1f0
[  209.430509][ T1140]  print_report+0xc3/0x670
[  209.430524][ T1140]  ? __virt_addr_valid+0x5e/0x590
[  209.430546][ T1140]  ? __phys_addr+0xc6/0x150
[  209.430567][ T1140]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[  209.430591][ T1140]  kasan_report+0xe0/0x110
[  209.430605][ T1140]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[  209.430628][ T1140]  drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[  209.430645][ T1140]  ? preempt_schedule_thunk+0x16/0x30
[  209.430656][ T1140]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  209.430673][ T1140]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  209.431105][ T1140]  ? drm_atomic_helper_commit_hw_done+0x330/0x490
[  209.431130][ T1140]  drm_atomic_helper_commit_tail+0xcb/0xf0
[  209.431156][ T1140]  commit_tail+0x35b/0x400
[  209.431179][ T1140]  process_one_work+0x9cc/0x1b70
[  209.431201][ T1140]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  209.431216][ T1140]  ? __pfx_process_one_work+0x10/0x10
[  209.431228][ T1140]  ? assign_work+0x1a0/0x250
[  209.431238][ T1140]  worker_thread+0x6c8/0xf10
[  209.431255][ T1140]  ? __pfx_worker_thread+0x10/0x10
[  209.431271][ T1140]  kthread+0x3c2/0x780
[  209.431288][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.431301][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.431315][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.431329][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.431342][ T1140]  ? rcu_is_watching+0x12/0xc0
[  209.431361][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.431375][ T1140]  ret_from_fork+0x45/0x80
[  209.431390][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.431403][ T1140]  ret_from_fork_asm+0x1a/0x30
[  209.431430][ T1140]  </TASK>
[  209.431435][ T1140] 
[  209.490724][ T1140] Allocated by task 9792:
[  209.491949][ T1140]  kasan_save_stack+0x33/0x60
[  209.493345][ T1140]  kasan_save_track+0x14/0x30
[  209.494732][ T1140]  __kasan_kmalloc+0xaa/0xb0
[  209.496103][ T1140]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[  209.498026][ T1140]  drm_atomic_get_crtc_state+0x16e/0x450
[  209.499664][ T1140]  drm_atomic_get_plane_state+0x436/0x590
[  209.501470][ T1140]  drm_atomic_set_property+0xa29/0x34e0
[  209.503360][ T1140]  drm_mode_atomic_ioctl+0x66f/0x25f0
[  209.504889][ T1140]  drm_ioctl_kernel+0x1f1/0x3e0
[  209.506327][ T1140]  drm_ioctl+0x5c9/0xc30
[  209.507574][ T1140]  drm_compat_ioctl+0x327/0x460
[  209.509053][ T1140]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  209.510692][ T1140]  __do_fast_syscall_32+0x73/0x120
[  209.512248][ T1140]  do_fast_syscall_32+0x32/0x80
[  209.513729][ T1140]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  209.515501][ T1140] 
[  209.516168][ T1140] Freed by task 9790:
[  209.517323][ T1140]  kasan_save_stack+0x33/0x60
[  209.518780][ T1140]  kasan_save_track+0x14/0x30
[  209.520214][ T1140]  kasan_save_free_info+0x3b/0x60
[  209.521690][ T1140]  __kasan_slab_free+0x51/0x70
[  209.523069][ T1140]  kfree+0x2b6/0x4d0
[  209.524216][ T1140]  drm_atomic_state_default_clear+0x455/0xe40
[  209.525918][ T1140]  __drm_atomic_state_free+0x185/0x2b0
[  209.527439][ T1140]  drm_client_modeset_commit_atomic+0x6b2/0x7e0
[  209.529211][ T1140]  drm_client_modeset_commit_locked+0x14d/0x580
[  209.531042][ T1140]  drm_client_modeset_commit+0x4f/0x80
[  209.532708][ T1140]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200
[  209.534770][ T1140]  drm_fbdev_client_restore+0x2c/0x40
[  209.536282][ T1140]  drm_client_dev_restore+0x1f3/0x2a0
[  209.537830][ T1140]  drm_release+0x2c4/0x360
[  209.539147][ T1140]  __fput+0x3ff/0xb70
[  209.540420][ T1140]  task_work_run+0x14d/0x240
[  209.541800][ T1140]  syscall_exit_to_user_mode+0x27b/0x2a0
[  209.543422][ T1140]  __do_fast_syscall_32+0x80/0x120
[  209.544850][ T1140]  do_fast_syscall_32+0x32/0x80
[  209.546154][ T1140]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  209.547903][ T1140] 
[  209.548665][ T1140] The buggy address belongs to the object at ffff888026599800
[  209.548665][ T1140]  which belongs to the cache kmalloc-512 of size 512
[  209.552778][ T1140] The buggy address is located 9 bytes inside of
[  209.552778][ T1140]  freed 512-byte region [ffff888026599800, ffff888026599a00)
[  209.556977][ T1140] 
[  209.557693][ T1140] The buggy address belongs to the physical page:
[  209.559493][ T1140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26598
[  209.562184][ T1140] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  209.565171][ T1140] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  209.567624][ T1140] page_type: f5(slab)
[  209.568888][ T1140] raw: 00fff00000000040 ffff88801b442c80 dead000000000100 dead000000000122
[  209.571472][ T1140] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  209.574012][ T1140] head: 00fff00000000040 ffff88801b442c80 dead000000000100 dead000000000122
[  209.576507][ T1140] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  209.579060][ T1140] head: 00fff00000000002 ffffea0000996601 00000000ffffffff 00000000ffffffff
[  209.581376][ T1140] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  209.583758][ T1140] page dumped because: kasan: bad access detected
[  209.585512][ T1140] page_owner tracks the page as allocated
[  209.587150][ T1140] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 6749, tgid 6749 (udevd), ts 168868581566, free_ts 166891018623
[  209.592532][ T1140]  post_alloc_hook+0x181/0x1b0
[  209.593864][ T1140]  get_page_from_freelist+0x1193/0x39b0
[  209.595377][ T1140]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  209.597050][ T1140]  new_slab+0x94/0x330
[  209.598204][ T1140]  ___slab_alloc+0xd9c/0x1940
[  209.599525][ T1140]  __slab_alloc.constprop.0+0x56/0xb0
[  209.600870][ T1140]  __kmalloc_node_noprof+0x2ed/0x500
[  209.602383][ T1140]  alloc_slab_obj_exts+0x41/0xa0
[  209.603836][ T1140]  new_slab+0x284/0x330
[  209.605227][ T1140]  ___slab_alloc+0xd9c/0x1940
[  209.606659][ T1140]  __slab_alloc.constprop.0+0x56/0xb0
[  209.608269][ T1140]  kmem_cache_alloc_noprof+0xef/0x3b0
[  209.609896][ T1140]  __send_signal_locked+0x159/0x12c0
[  209.611489][ T1140]  group_send_sig_info+0x2a4/0x300
[  209.613014][ T1140]  do_bpf_send_signal+0xe1/0x210
[  209.614620][ T1140]  irq_work_single+0x1bc/0x260
[  209.616056][ T1140] page last free pid 5952 tgid 5952 stack trace:
[  209.617998][ T1140]  __free_frozen_pages+0x69d/0xff0
[  209.619519][ T1140]  __put_partials+0x16d/0x1c0
[  209.620973][ T1140]  qlist_free_all+0x4e/0x120
[  209.622292][ T1140]  kasan_quarantine_reduce+0x195/0x1e0
[  209.623826][ T1140]  __kasan_slab_alloc+0x69/0x90
[  209.625350][ T1140]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  209.627038][ T1140]  copy_process+0x4bd/0x91a0
[  209.628360][ T1140]  kernel_clone+0xfc/0x960
[  209.629679][ T1140]  __do_compat_sys_ia32_clone+0xcb/0x110
[  209.631331][ T1140]  __do_fast_syscall_32+0x73/0x120
[  209.632798][ T1140]  do_fast_syscall_32+0x32/0x80
[  209.634229][ T1140]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  209.635975][ T1140] 
[  209.636661][ T1140] Memory state around the buggy address:
[  209.638273][ T1140]  ffff888026599700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  209.640790][ T1140]  ffff888026599780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  209.643196][ T1140] >ffff888026599800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  209.645540][ T1140]                       ^
[  209.646838][ T1140]  ffff888026599880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  209.649262][ T1140]  ffff888026599900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  209.651652][ T1140] ==================================================================
[  209.741693][ T1140] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  209.744552][ T1140] CPU: 0 UID: 0 PID: 1140 Comm: kworker/u32:7 Not tainted 6.14.0-syzkaller-13183-g06a22366d6a1 #0 PREEMPT(full) 
[  209.748342][ T1140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  209.752004][ T1140] Workqueue: events_unbound commit_work
[  209.754147][ T1140] Call Trace:
[  209.755428][ T1140]  <TASK>
[  209.756596][ T1140]  dump_stack_lvl+0x3d/0x1f0
[  209.758807][ T1140]  panic+0x71c/0x800
[  209.760387][ T1140]  ? __pfx_panic+0x10/0x10
[  209.762192][ T1140]  ? irqentry_exit+0x3b/0x90
[  209.764010][ T1140]  ? lockdep_hardirqs_on+0x7c/0x110
[  209.766074][ T1140]  ? preempt_schedule_thunk+0x16/0x30
[  209.768129][ T1140]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[  209.770797][ T1140]  ? preempt_schedule_common+0x44/0xc0
[  209.772940][ T1140]  ? check_panic_on_warn+0x1f/0xb0
[  209.775019][ T1140]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[  209.777670][ T1140]  check_panic_on_warn+0xab/0xb0
[  209.779605][ T1140]  end_report+0x107/0x170
[  209.781476][ T1140]  kasan_report+0xee/0x110
[  209.783274][ T1140]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[  209.786176][ T1140]  drm_atomic_helper_wait_for_vblanks.part.0+0x8c0/0x9b0
[  209.788762][ T1140]  ? preempt_schedule_thunk+0x16/0x30
[  209.790850][ T1140]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  209.793785][ T1140]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  209.796212][ T1140]  ? drm_atomic_helper_commit_hw_done+0x330/0x490
[  209.798817][ T1140]  drm_atomic_helper_commit_tail+0xcb/0xf0
[  209.801056][ T1140]  commit_tail+0x35b/0x400
[  209.802816][ T1140]  process_one_work+0x9cc/0x1b70
[  209.804790][ T1140]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  209.807222][ T1140]  ? __pfx_process_one_work+0x10/0x10
[  209.809370][ T1140]  ? assign_work+0x1a0/0x250
[  209.811298][ T1140]  worker_thread+0x6c8/0xf10
[  209.813195][ T1140]  ? __pfx_worker_thread+0x10/0x10
[  209.815197][ T1140]  kthread+0x3c2/0x780
[  209.816748][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.818667][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.820550][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.822563][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.824413][ T1140]  ? rcu_is_watching+0x12/0xc0
[  209.826195][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.827842][ T1140]  ret_from_fork+0x45/0x80
[  209.829364][ T1140]  ? __pfx_kthread+0x10/0x10
[  209.831005][ T1140]  ret_from_fork_asm+0x1a/0x30
[  209.832942][ T1140]  </TASK>
[  209.834757][ T1140] Kernel Offset: disabled
[  209.836622][ T1140] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:53:06  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff911a0a15 RBX=0000000000000001 RCX=ffffffff911a0a10 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000004 RBP=ffffc90000007a90 RSP=ffffc900000079d8
R8 =ffffffff911a0a14 R9 =0000000000000000 R10=0000000000000003 R11=000000000000689d
R12=ffffc90000007a98 R13=ffffc90000007a48 R14=ffffc9002504fca8 R15=ffffc90000007a7c
RIP=ffffffff8169e56f RFL=00000097 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977bc000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f5045da4 CR3=000000005aee8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffff8880225aaf80 RBX=ffff8880225aafa8 RCX=0000000000000040 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000003 RBP=ffff8880225aaf30 RSP=ffffc90000590890
R8 =0000000000080000 R9 =0000000000000001 R10=0000000000000000 R11=ffffffff8e3c1580
R12=0000000000000001 R13=0000000000000002 R14=ffff8880225aa440 R15=0000000000000000
RIP=ffffffff8197fd20 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff355098280 ffffffff 00c00000
GS =0000 ffff8880978bc000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f504efe6 CR3=000000006574e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fee0ff00 Opmask01=000000000000007f Opmask02=00000000fffeff7f Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055969031e030 000000524f4e494d
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcc336e5e0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a2a2a2a2a2a2a 2a2a2a2a2a2a2a2a
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff00000000 ff0000ff00000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 722f766564752f62 696c2f7273752f00 534b4e494c564544 00454d414e564544
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d003d454d 414e564544003d58 45444e494649003d 4550595456454400
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f4a414d0018454d 414e564544001858 45444e4946490018 4550595456454400
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 02da66083f83595c 0000000559690326 0000000000000171 00000000302e7465
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6574616470756372 0000559690327541 0000000000000041 0000000000000033
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2d7630f2e51f2e65 2f647be0ac34b117 2f7630f2e51d4d99 6c2f55e0ac34b116
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f767bfffd5f6eff 7f777bf7fc77b77f 6f7f75f7f55f6fbb 6e7f7df6bc3ff39f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 26483b3a3a264b3b 3a0a00307f617930 382433273f397b27 697a787c69303b7e
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000030 0000000000587244 022d66083f762d5c 000055746158702f
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000030 0000000000587244 000055083f321e5c 000055746158702f
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff888025e41b78 RCX=ffffffff817ecd82 RDX=ffff888025928000
RSI=ffffffff817ecd91 RDI=0000000000000007 RBP=000000000000001c RSP=ffffc900079a7a78
R8 =0000000000000007 R9 =000000000000003f R10=000000000000001b R11=0000000000000000
R12=000000000000001b R13=ffff88805bb65380 R14=ffff888025e41b78 R15=000000000000001c
RIP=ffffffff817ecd91 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff355098280 ffffffff 00c00000
GS =0000 ffff8880979bc000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002fb20220 CR3=000000006ac14000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000feffffd0 Opmask01=0000000000004211 Opmask02=000000000000ffdf Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcc33722c0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a2a2a2a2a2a2a 2a2a2a2a2a2a2a2a
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff00ff000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff00000000 ffffffffff000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff00ff000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 71a9157b4cf02a2f 737326e0ba2b83f0
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737373e2 7373737373737373
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 656c696620732520 6465746165726300 0a73253a47000a73 253d73253a45000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40494c4305560005 4140514440574600 0a56001f47000a56 001856001f45000a
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000a5 00000000000000e6 00000000000000e1 0000312d362f3600
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2d002a5d392d305b 7466717761726e00 2a5d392d305b7466 717761720000312d
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4943213f395b2249 5a6e786b6e646b7e 59647a305f474f5b 647c79303a243a78
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 26483b3a3a264b3b 3a0a00307f617930 382433273f397b27 697a787c69303b7e
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffffc90006e276ad RCX=ffffffff8b6c548c RDX=ffff8880256c0000
RSI=ffffffff8b6c5430 RDI=0000000000000001 RBP=ffffc90006e27051 RSP=ffffc90006e26fe0
R8 =0000000000000001 R9 =0000000000000000 R10=000000000000006e R11=000000000004702f
R12=000000000000006e R13=0000000000000008 R14=dffffc0000000000 R15=ffffc90006e276a5
RIP=ffffffff8b6c5430 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097abc000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002fefcffc CR3=0000000021d82000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000