last executing test programs:

3.47816151s ago: executing program 3 (id=1010):
r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x3)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x3, 0x8, &(0x7f00000034c0)=ANY=[@ANYRESHEX=r2], &(0x7f0000001300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
io_setup(0xd, &(0x7f00000000c0)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000440)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x2, 0x9, r4, &(0x7f00000002c0), 0x0, 0x1000}])
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r3)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, r6, 0x607, 0x70bd28, 0x25dfdbfc, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8801}, 0x810)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wpan4\x00'})
syz_pidfd_open(r1, 0x0)

3.476222077s ago: executing program 3 (id=1011):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000b80)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "560400", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x0, 0x0, 0x4}}}}}}}, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x14b300)
r2 = fcntl$dupfd(r1, 0x0, r1)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$SG_SET_TIMEOUT(r2, 0x2201, &(0x7f0000000200)=0xffffff80)
syz_emit_ethernet(0x4a, &(0x7f0000000b80)=ANY=[], 0x0)

3.407522876s ago: executing program 3 (id=1012):
r0 = socket(0x1e, 0x1, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x10f, 0x1d, 0x0, &(0x7f0000000640))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x634e9f9427bbb997, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x83, @value}, 0x94)
sendmsg$xdp(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x2c, 0x0, 0x0, 0x5}, 0x10, &(0x7f0000000300)=[{&(0x7f00000002c0)="50974ad9d24fb95861d4b330d33d91bac09837ae80dc09813676b6aaa000", 0x1e}], 0x1, 0x0, 0x0, 0x4800}, 0x24004004)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockname$packet(r0, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000002600)=0x14)
r3 = getuid()
getpeername$packet(r0, &(0x7f0000002640)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000002680)=0x14)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)=@newsa={0x2e0, 0x10, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e}, {@in, 0x0, 0x33}, @in6=@remote, {}, {0xfffffffffffffffe}, {}, 0x0, 0x0, 0xa, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}, @policy={0xa8, 0x7, {{@in6=@local, @in6=@loopback, 0x4e22, 0x3, 0x4e22, 0x7, 0x2, 0x80, 0x0, 0x5e, r2, r3}, {0x4, 0xb471, 0x3, 0x1, 0x9, 0x3, 0x200, 0x7fffffffffffffff}, {0x7, 0x8001, 0x7f, 0x80}, 0x92, 0x6e6bbb, 0x1, 0x1, 0x3, 0x1}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x8}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x5f5}, @policy={0xa8, 0x7, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e24, 0x4b7b, 0x4e21, 0x5, 0xa, 0xa0, 0x40, 0x3b, r4, r3}, {0x200, 0xffffffffffffffff, 0x8, 0x5, 0x6, 0xc, 0x9, 0x75}, {0x0, 0x7375, 0x3, 0x5}, 0x4, 0x6e6bba, 0x1, 0x0, 0x1, 0x1}}]}, 0x2e0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000500)={<r6=>0x0, @remote, @private}, &(0x7f00000025c0)=0xc)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x2000000000000290, &(0x7f0000003040)=ANY=[@ANYBLOB="1800000000000000000000000000000095", @ANYBLOB="5ebb8d2e8201ca7325dc0d9dc8b385bec065fde9f904b466efe22bf383e57639af5fde44145165f7cfd8b374ec3e238c562f9b893fe7beccc6f6605ac8d7d00a8673f2f5f62de711aa2b2221cf4de0eb210ab5a86970974d5017f70997a42365b1fbe598d736d5d744ddc25e58e290bea5140bdf87bb872d6e309a7183cbe774f5e7b94dbdc1f22c4b9ad70368a328e9576eb7aa4089b968b22671a86419eabcbba43649354dc8385f0eca5f2f64eb432cb0880f02e476b7", @ANYRES64=0x0, @ANYRESHEX=r6, @ANYRESDEC=r1, @ANYRES64, @ANYRES16=r0], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r7}, 0x18)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$xdp(0x2c, 0x3, 0x0)
r10 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xac24, 0x10000, 0x2, 0x362}, &(0x7f0000000340)=<r11=>0x0, &(0x7f0000000280)=<r12=>0x0)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x5, r9, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r10, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'tunl0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x4}]}}]}, 0x38}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc08c5332, &(0x7f0000000400)={{0x40, 0x3}, 0x1, 0x4, 0x88, {}, 0x0, 0xffff})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0xc0605345, &(0x7f0000000040)={0x0, 0x0, {0x2, 0x0, 0x100040}})
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x1, 0x0, 0x1, 0x4}, {0x9, 0x5, 0x4, 0x7}]})
socket$kcm(0x21, 0x2, 0xa)
r14 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r15 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r15}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r14}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r16 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
read$FUSE(r16, &(0x7f0000000580)={0x2020}, 0x2020)

2.594702352s ago: executing program 3 (id=1020):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x400080, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x42)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, &(0x7f0000000000)={0x8, 0x1, 0x4})
write$FUSE_INIT(r2, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xff, 0x3ff, 0x8, 0x0, [], [0x2b8, 0x200000], [0x0, 0x9, 0x0, 0x3], [0xc000000000000000, 0x6]})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
capset(0x0, &(0x7f0000000300)={0x1ffffd, 0x8000df, 0x0, 0x2c3, 0x4, 0xfffffffd})
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000000600)=ANY=[], 0x8)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x4, @mcast2, 0x9}, 0x1c)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000140)='batadv0\x00', 0x10)
sendmmsg$inet6(r2, &(0x7f0000000980)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x24, @empty, 0xfffffe00}, 0x0, &(0x7f0000000640)=[{&(0x7f0000000340)="de211eeed49d31e81408f0ebc3dc4a4dee9007b7dcd94a00ad927dc8efbfeaba27f76c88302e29933e75fde19d25def71ae77cd26a5c88bcf02ab45cdb97f878cc46adcd6b2f68e5cc442906badda308b0959b5c5b194ab2ac8b7f60bc5f282b553c43a996e55ab35631fe86d2d33f6d134864dfc4feeb6a69f51eb69194726b03586c76bccdfc370604c0cdfee52b358a86b302db87d5f6d60173757c9349154a85a30b36f511de5f59e12ded0aa39d93bee78f82e2022aa9"}, {&(0x7f00000006c0)="6778ccd234c4d175e7e2d00181adfe10a9dff0bef4934f3eab8ac3ec903d75d9e929bd36500a8fcac1f1f146ed4999e1ee6eafbfeffdae990b55437b51bfec97323ebc404ea50d68eb02a192dca3ebe9493863e5052005f4f440b6af10af4cac9167d2fc96b0c9f84352a1307b0caf3e390126227d71d5f22710ea275e17ed90565e327a9316fc0c628518856d37b7f52fd2050f8ffb26ba4b5cab0e4b4d18bbb53c707e2db925cbb39f9781dc0889178f5cdf6142ac60f95d3039b9cc3b049d99999b"}, {&(0x7f0000001300)="50758307253d97c1e4fffd14040a2c4fc0608ac915ca4bc6c3ab9680599e1568d1595bb11e8c2f59edad650f8ae3f0ad63002973e71cdbc67888a8fbbcf97210f3f6fdc1ce52d286ab6c68790133975e8907d310b3ceb148c8a02314abea6e6c1dffb544f4dc66e14d424d7b967fa708d1148bdad61ec00971bb58d02a5c1d9ee170d3fd1cdd503c52c35946bc50a9c5e0c7d4fa13e827dd2896bd2e13930bbe9d12f789cfcd2eaa787a05bb2b7c8229323149d86823ee5da50ddd715bc467ca7ff04ade62e423919581fdf95dbb95de15e5d40fb7ca9300550c2fef8ce430ade9fb587d45bf173b38dc98ff895f0e357101a5fea0451459d179d779170759ae35902787c4782fc91ca1c27890b68491b6bad10cc416674c1ec096f58cd050d91c2c90f3aee20f75cd7d883a890934b0c42c73a663ca18aeb9aa0d8e3bdf203457f9e584273e4dd94d4a5be869cf42d6efb8f4e92c3848f03c3d00dae4048b04d545d4cf47bad37215c7864e4a3570216ff8878b3bcaddd957c9d69691e1054a1308099cb83578a2375ec6fb6dbe1b042d6353d527c61e7e00b93b2619f0147b3bc8a9a5fb959526eed175adec07275afd499cbb75600ba48461a4c3f27c8711f4f4233b1f566d883f937c8d304bc115648a458e59b3a41029c8bfba3aab60a24700e875a1946e7fea9e4593d5910436a2de3c0e2d556e63e8c9436afb200fd82db553472f1b51c3980a7bfd9c94792fa15da112af228f1c5a7200f5f324cc809e193fea91324d1f414d929b041bcb779368893c02fa2f273083baf9b8b6c3597c78cc0b283fd2a1c64807edf07d8c802eb52a1f3df3795277e6e4f7857eb3924c73c01a27c4f92cf03a5105e511544c65600eea9a9381961eac47dfec5f9d427bcbaaa5176b23cb87bcd9607a828f684b3c7cf0b993fcf02adf5a82f5e0ce0ffa2b252128f94cc9ea68323d59b04f9d820ed85c73addd5ec711e620975b74445ab38e9197dc4258e7d1dd3b43998458267fcef95adf60de439764a7ea4deaa2863787626baaf0f6d3830e7c0be47141691bfafc5ec9719615a7cc5826e050a14899670bdb5c00e7deee856fe77d4a420a778dbc6b1d79f7d1767cd6c1035ff820eb3b03f7d3b3259e576c5db08803e2667228f6b52532a32c713d1e7f35c9b572ece5cefb19366703c8834358c7eb355a21766d503c99a31b9dc21ef44a2cc211553def976dbd96f3395f75ad0a10694c1d7f84308f1018ec862fded535eb7179f553bdcca9084f14a6e7d0e9200f626fee710d6f2f1add76954b14409bb7e66230c0a32f066c493b86c8c35238b6bec7ef15515a70ea8907eb431741e5b424e357dd1f17461ff3254d5f3056087ce43de13eca5b75b59921be686e1c48e498612f1c872ed281973d0a93d16505521806d90daf298a28f1b00fa9276c1f5fac0913c0f691f3ef5f678b54b9604d3b4eebe555dd6ce600844882b177ec6e8f3e362db2ad13d8a5b88b4e03ac228319c382657995b79be3dded5d12a609112b4ae24fe8c98b23a41c41720512b0836b6b93aefa13246a7d1e3147337f64689f19eaae69a688a20031ad969b5eb36d79cd1fb267ec1126891708f42f529a7a8aae828c0811b67eaf52657f2234faa1ac7fda023155b8fbd039d2cea0a087ac7a8cda3cf9994c41d1e0267d823b92cd1be59b8c4ffe97a859e3301f7d4d4205ca023288093c15549ddac358f0282896321985f24177b398dc3da06d2d4b8ff44bf7afe78756357f403d56fa1ee2f0abb02fd4dd20d61b2bc2ac77988d89b133144d442bfb35a875541359e34c02d8bcbde1bae16f33a36f52b6704dacec14d59296017976edb9ae3fe85625bdf51170c7b6be05260c8c73b6e950eff5edfa0c25a0fb09c8e53fa892b760fbd91d8a7a539565dd4b4693fcb9bac30eca2cf30125b405fbbad56f25515b0cb6b71bfdaeaaa990786bd4c30299d1a72a6d5c62126699b85bb65fbfc54b286f7552e0db9d5cf120aa83be36e921dbc3a39ea269c3561f6bc0d12d6fee62d4025612f96772e1d5ae51a949d6e6e5ed7ee89c7785bf902d3ad87ce76c543e4d1d90952b58526f1720b20c39cb266c8961f237c55e1307ab0fd8b00d21bce7f1e4873e166c9f56bae621f4f686505cb6d2a10f5f7ea792126095814fdd8774fd323f5bdfc168f1dc3c597c55a693ff5bfe9dfa8ee88de0a0389801877ac3637804cf7d02f591bacf783f43d1626f4860a6be94da3df60829e6db8d55de0e0bf4f3e3c15af24c252b7908b9f16f689942c60923463dea265ca826d3dd3a835b214518c72b7a2f4f11995ad926bc70a99adebe2ea38a8cede1d642257fac69ba241fabd68fe07cd6e8ff32f16dfaa2a23886811c5bf206e83f4008740ee1db06624ec9b54e26d52feacd65d3f698ec0d941b35d57661078ccc8417f732ebd617938319474fe5ff8cb0dfa2c58d0df66b47414de22fa5e200f1a329c3c3b87a78d209842731670b93e1ae412e6808f1f5babf8527c5c3e72b31f6dfba41385830833455dda22d998c2e9fb09418f8366ba51db08d9de58b6b2364469692aa436ec2b3efc623241aa766937a10b51f570003e5311b0cf6408869b7ff967951a2ad9e5bc5a18486ed25dd0606b2a880a1ba828c806d738d07996957753e6167c37bf326130cfb02facbe13e185a774d8c39cc6ff105dc000cc5508a104893d5fb58ffc09bb33f135243abe7fd4fb2f263520a141599d19c061cd2f2c71731168c5903345f9fa7d6459c4e1d8c4e080b9b95c97118f5a9504c8a35e6873b421be9481a4bd251d2240cb11c44efebbb3485a8bfbdf076aa624b98450b95018452591edabd932dbecd02d4219c26e7f9acd9563c75a72691f5bd2afea1806e9e566bc6f710d27e8f38a5bcd9829f2891271d45ae6bd1cc6361bdc6c7071b97006c37838935b2dbe5f054a28cd5718061b916cdd0b5ebb525372cc6b63f438731710748e58b234888ac4cfb6f8aacf51cc9ae5980406b251f2b1800867387568f30f49eedc2e8602fdb7fe3d6c3d4cbe5f5661e7a9121a2f588e39b0479409fd43ab0043e9cecf3fa6dbadc3d90cee2aa021d5cfebe5475f1361c7b298774522dc0fd5746eed56f8c1ec13196dbabb98799afcf200d57a6dc91fda24574f169888b67bcdbe239436fd99f5d2490bfadf7b2c58426d87975db5f12ee885f6a6e9725eea9c86b9480562639349778fd03fc27f492a45cd9ef1fc5b542152a1035c9d4b33ca4062af64d6625a8f8637576068b64ffe22de649e097c47140f17ad214673fb1c8c8b320b162ee6da66acca9a5f7d87fc5d618e281c8f14546b6993538dc32e9d654dc1c1c31ca0e74f76eab902366c2086ab2e90b70d77df14e45ee2e74fa318ed51d0e52b8b847a036089f4fc59b9abc9d4f8645ba47a2481c596675286329d2695745c60f2f492e7e89f5bf2b3bb4ea6fb8f9ea3af624933d2747334cb0bcb8c45fd9fbde5bfa8130391cd2cf7b80e4c75c48fd93b82b890b190d214a15a3f5331953a8d75cdee05dce68b615c5332ccce715447b9ef0e734d85283f30bc545c28cb9892da2bed585ae1c61fb77f9bedd04651c5c430b265f8f2e198880f8c704fb80c66561035fa1791840656a7cadbdfbd44699f15a8e7f9eb791f0d37e4ab47eb86ded48e0b630dc3606990fff6eb93e5d83fcfa34793c6c51fbfe15b23c5904d6af849d12e26d9e92e111326e5e7e7b6d12da5cc9b0f4660c02fbe95dd3dae84221b02cb1009177d6164cbaa99d5fa28170107f7f4ebcce090c864925cf6f783576995dd478b99cba208cf634debd1f7d7cf3d5e6887105ba67c673203f0eb741a6373665af40334311e1a631fd24e97e0514dfe26e0986c94cc76e6942cc278b247c778eee5dd6fe038869903417d50fdc8c72605721fca3a3671a03d019c0e282fe58dc81b6168255a05009839a387defa6a8cb454ad8dcdd5e52bee8934d9083de8ed9e6d21917c7c958a0051faad811c307a678500a02a3a722455fe6006aade6f615ea4e2d96695775fa56c42a5a177fdbd140209e745bf543d86a03399584bd3192ac763f6878f091b90e1548239b64c6b23df2a26867954dd7748974c8d43782542d256b6d9766fbcb8bb923c9d9e5226ca27b638b3e55fd8271508054e35e7e26ea1a657300e4050efbe751fafe67dfa48a11eed4965275cd88bbda3bae47014adef71d95decd887b8af1f7c3b17db427b3f42e61b80b1334061b323c37bd5b7f1876a8d58fe8612a0792526d466c1fbfaa47c44c2767b13cfa8b5c9c1e0cd6a1dfe117bbcede1b04738813ab1d7822ec1aa8fe4acf065d09cee273345c4ba12afb7f67aaab59de378545dc4a233b0917e500e03a62dd6c4dd41e7253af6ea1e80447b9c11768db4e1147fb44e64cd6de49c2a0b08a751cbabce37db488ba3eb157ee3d006fd3ef01b56e6855f2c7c858f13ca459f1f8e858be0a960e89fd682653b60be3cdd112fb94705dbb62c59211d3ccdcfc5d6ae44580097191b621c6d89d7eb16a254e546c3cb0ae0351dd93f762566b60721596426700be007e9b7ac11129a4d0e6c9c1d34b0428ed160a11b13f45031f91c72b5c5673331874dd2eb5b92bcb44ae72b4b093a99ca34cb73daa3ce67fb45cd80d309a80c7c807a44098794701e4d81e9b90f91908d890f4f35f13e49b7e8242fe5a122bcab9e253ded12c4dec0f2c75375a2db76178483c2d0f338248b47219c22103add001c69bcaf774bbffe4c2cc6da165aa2d4fe022cff90901ea5c28316cab67d2297e433f2958956044f551db7e9f54f4606d5b308583fb2fcb1a5fc292d79502feec3380a1af2a0a536c234999ed7868e2a8d290a4e0775eb8af8aef1671e294db0ba159db7c5f01624654d2643b09ab64891191f306f83bf30d5f6826be6f754532c0826f3f6ea2bfe35003cfa558b0245965444db7b4b4910c6534a0365cc0cdfd24985e3ed7aab29a858c93b715793d0dfd964ad1301cb6099aabf5260113fd7f01cadd27c4a1597f9962e70918eb7ac630e748caaa681c98364eeb244bd454b720923fd156307a7a4c0bbe894c09ee7b36967a92c65baea41b3fa93d7560f49836a4bb4585dc58d79dd344c9b3551a176de65a753e3808274b7308672cc1474c5bb6c4aeda20bdb93a4336df347a7d46f7662b430093aa13fbaee44d82c828bdb8fc5b810362da77733ef9171d714d22283d9886af0b45b64a90976e0ceabc92167379a828301fd018663d28b8ddd9c2587838253e00b1edbb708d211e8760ec434f434af5353c62e14e6adc2dd8cb37fa89da617b13fcb0dc395c8db0eebfad57ce6ba16dc0975edd772f34a6ba7b2fc2b6aa320ab3a70f0569d214c0870bf32ec46ee850e286dc58ee1831d7af174f5d94c2407e3001cc9530a44f0ad6ecf861aaa95af44e390261f822372874c16bc131447e16594f0b41776714fd80216259654c34bd929f5c17d0ef3de71203404f734ef72c0591b5b0ab04de497b1e22bbad7ed4bc401de045e7040281359ad8414e15d793769e3ffc399e480afe335f99d5385790eda3d68932091205e34171f9e50c8e044c174c90365ffdc5ed7213bdf2340d41afef0782b731fc193a3a9cb5e66d82a9138d48028411a5fbe15c1d0181d0ce8583f602c83a10e2157ff4bb1cc9d33e7ac0509b257326ffdf2bc4ffb89b39056ccf8020fa7626d4f69396913dfbaee2ff266f224ef4e911c982c61c899e330a336dfafbe26aa4dcbf24111c8522ca6623"}]}}, {{&(0x7f00000007c0)={0xa, 0x4e22, 0xffff, @private0, 0xc228}, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000840)="78293cd8"}, {&(0x7f0000000880)="310b4fd6d6ecba6a80206b080ef0eb4bbbc2ea51f9796af61367feb23f91bf1633707f73f97c7815b52b916a5c24b4"}, {&(0x7f0000000800)="012e7ef7f571e6031f6f1b29c9f4d598d52e7d8e3a8d1ff8a4367d51749c39080df7f050e591050b2d9b139986852a1797b41ccac341"}]}}, {{0x0, 0x0, &(0x7f0000000900), 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="10000000290000000b00000000000005f2b1ad8792ab3e3cacb8784ad6a15437c4d91f8b43702c4ded3c5021e810b185cab092e532bfb225ad05b7a3d7131ef688888b1da1efa3441e94c2c3720ae45ab56c708bc3631f11546cc86cbf9c60a6d134ae5bdb607254dc61ab2e5045dfeef18b2cf286ebbfdb8738166536d5397225349dae517aced1d9f93f6ae9ef45992e00000000000000ee9ace6d19449a521a5abce7bef3b6bca3f9b25e6c7775db3a4c516833c49841aeecaeff37c4581a3262b3cfbf6a735bd2cf43472591529ca990057058917739cbeb64ad5897fb12d45f24b44a8d7202c08d79ec24b4632a1b227f8ca0945739c8e4685128be42a6c90029806e4353d8c129bc8455be06062024bbbf8c76ecaf3692c4064f22b8a1c8fb381c5031e3400bdf715d639800b80782e28efe6df94fda4deaa066f90d993118834bc0459f659048f500e722f07c52a14358db2e1e3f07e680edfbcb455aad3a0625"]}}], 0x1, 0x6400c000)
sendto$inet6(r4, &(0x7f0000000b80)="9267a11f215e2817f15693cbdf26f68cf111c68a6cac35ee7e5a3ea8370c05961cd032bf4e265ac23bfc1aab8e86f0fb108e756d12a0726fe945a0ca93fdcb76541b2f3788d0dace487687cb2f02e1313cb4aa160ddd291ef3be31c26e04203e7ca9a21f306cd34388d1ee62ae78f787d06ca98aba8db87019377cb5b9cd09b76621d33021fded40518dfb5e7d6785a2ff9ccc6c74d9330b444d46294f51cf5a007ef8814c6dff7f23a180ad9ef4139c98496d168141b336d501da48696c5c19ca67d2764d4816b030048ab6cbc29c2f5a161fbea3ce83bf59db160340cb2630c556842a19a523848ea1cc876efac4e4cd3de85b067594cd5f7ba998bf55b338014696dcd75e24657a88d85b8ec8456045778cab9cd619855aedf38dad10ebcee75d5ed443cc281ec74e22f76cad5592cd7cb9f705006d3c272d8d22ff00722eea9d8220b4d449c02e60099fbad7683840ddc747370d89c23dd118713efe68a41bda2e3d000000000000000000000000000000ddaecdb0ca50be9573d6a9e5eb823f05bb6eff505658ed227f30b9e7ed2408f9525b1014113c7bd05f29367f44ce5cc92900b82db2ea91305efaf793547706c098992d8ca5b687f6c13d237c45f9877746de1c26296c14407e0ecfc10bc505a229fd8db75a4c2ecf", 0x1db, 0x0, 0x0, 0x0)
syz_open_dev$usbmon(0x0, 0xdca2, 0x620722)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f086766c744240012e93bf96766c7442402010000006766c744240600000000670f011c2466b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019f09000f01c2", 0x6b}], 0x1, 0x7d, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
syz_clone(0x44000, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000600)={'syzkaller0\x00', 0x1})
r6 = socket(0x10, 0x803, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xc00}}}]}, 0x38}}, 0x0)

2.538174041s ago: executing program 0 (id=1021):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe2(0x0, 0x80800)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x4, 0x9, 0x41495043, 0x9, 0x5, [{0x1, 0xb}, {0x3, 0x9}, {0x3, 0x3ff}, {0x8, 0x7a25}, {}, {0xffff, 0xffff8000}, {0x7, 0x4}, {0x4, 0x10000}], 0xa, 0x7f, 0x4, 0x0, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ftruncate(r2, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000034c0)=[{{0x0, 0x40000, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r3, r2, 0x0, 0x578410eb)

2.488228402s ago: executing program 1 (id=1023):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setresuid(0x0, 0xee00, 0x0)
ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000000)={0x0, 0x1, '\x00X('})
socket(0x2, 0x80805, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000400))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000084ffffffff0000000002000000060000000000000000000009030000000000000000000006"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000180)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, &(0x7f0000000340)=<r6=>0x0, 0x0)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r7, 0x26, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r8 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00')
read$char_usb(r8, &(0x7f0000000000)=""/178, 0xb2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)

2.207982202s ago: executing program 3 (id=1024):
r0 = socket(0x10, 0x803, 0x0)
getsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, &(0x7f00000003c0), &(0x7f0000000480)=0x4)
getsockopt$IP_SET_OP_GET_BYNAME(r0, 0x1, 0x53, &(0x7f0000000780)={0x6, 0x7, 'syz0\x00'}, &(0x7f0000000a00)=0x28)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000700)=0x8, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000000380)=@v3={0x3000000, [{0x5, 0x82}, {0x80000000, 0xffffaf0a}]}, 0x18, 0x0)
socket$kcm(0x2, 0x5, 0x84)
io_uring_setup(0x79bb, &(0x7f0000000400)={0x0, 0x0, 0x100})
socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x4})
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00')
preadv(r5, &(0x7f0000000200)=[{&(0x7f0000000380)=""/106, 0xbe}], 0x1, 0x40fb, 0x9)

1.768246295s ago: executing program 2 (id=1026):
openat$random(0xffffff9c, &(0x7f0000001180), 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x7079, 0x10, 0x4, 0x85}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x3516, 0x0, 0x3d, 0x0, 0x0)

1.56821497s ago: executing program 2 (id=1027):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, 0x0, 0x80000003}, 0x18)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
symlink(&(0x7f0000000000)='./file0\x00', 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f00000000c0)="db7cac0066baf80cb8c0090e84ef66bafc0c66ed0f221e66bad104ed660f6ab608000000b9800000c00f3235000400000f300fc79fd6d1413cc744240003310000c744240200000000c7442406000000000f0114240f01c90f01df"}], 0x30, 0x21, 0x0, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x2000200)

1.47799623s ago: executing program 1 (id=1028):
r0 = socket(0x1e, 0x1, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x10f, 0x1d, 0x0, &(0x7f0000000640))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x634e9f9427bbb997, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x83, @value}, 0x94)
sendmsg$xdp(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x2c, 0x0, 0x0, 0x5}, 0x10, &(0x7f0000000300)=[{&(0x7f00000002c0)="50974ad9d24fb95861d4b330d33d91bac09837ae80dc09813676b6aaa000", 0x1e}], 0x1, 0x0, 0x0, 0x4800}, 0x24004004)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockname$packet(r0, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000002600)=0x14)
r3 = getuid()
getpeername$packet(r0, &(0x7f0000002640)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000002680)=0x14)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)=@newsa={0x2e0, 0x10, 0x1, 0x0, 0x0, {{@in6=@private0, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e}, {@in, 0x0, 0x33}, @in6=@remote, {}, {0xfffffffffffffffe}, {}, 0x0, 0x0, 0xa, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}, @policy={0xa8, 0x7, {{@in6=@local, @in6=@loopback, 0x4e22, 0x3, 0x4e22, 0x7, 0x2, 0x80, 0x0, 0x5e, r2, r3}, {0x4, 0xb471, 0x3, 0x1, 0x9, 0x3, 0x200, 0x7fffffffffffffff}, {0x7, 0x8001, 0x7f, 0x80}, 0x92, 0x6e6bbb, 0x1, 0x1, 0x3, 0x1}}, @XFRMA_SET_MARK={0x8, 0x1d, 0x8}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x5f5}, @policy={0xa8, 0x7, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e24, 0x4b7b, 0x4e21, 0x5, 0xa, 0xa0, 0x40, 0x3b, r4, r3}, {0x200, 0xffffffffffffffff, 0x8, 0x5, 0x6, 0xc, 0x9, 0x75}, {0x0, 0x7375, 0x3, 0x5}, 0x4, 0x6e6bba, 0x1, 0x0, 0x1, 0x1}}]}, 0x2e0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000500)={<r6=>0x0, @remote, @private}, &(0x7f00000025c0)=0xc)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x2000000000000290, &(0x7f0000003040)=ANY=[@ANYBLOB="1800000000000000000000000000000095", @ANYBLOB="5ebb8d2e8201ca7325dc0d9dc8b385bec065fde9f904b466efe22bf383e57639af5fde44145165f7cfd8b374ec3e238c562f9b893fe7beccc6f6605ac8d7d00a8673f2f5f62de711aa2b2221cf4de0eb210ab5a86970974d5017f70997a42365b1fbe598d736d5d744ddc25e58e290bea5140bdf87bb872d6e309a7183cbe774f5e7b94dbdc1f22c4b9ad70368a328e9576eb7aa4089b968b22671a86419eabcbba43649354dc8385f0eca5f2f64eb432cb0880f02e476b7", @ANYRES64=0x0, @ANYRESHEX=r6, @ANYRESDEC=r1, @ANYRES64, @ANYRES16=r0], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r7}, 0x18)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$xdp(0x2c, 0x3, 0x0)
r10 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xac24, 0x10000, 0x2, 0x362}, &(0x7f0000000340)=<r11=>0x0, &(0x7f0000000280)=<r12=>0x0)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x5, r9, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r10, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'tunl0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x4}]}}]}, 0x38}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc08c5332, &(0x7f0000000400)={{0x40, 0x3}, 0x1, 0x4, 0x88, {}, 0x0, 0xffff})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0xc0605345, &(0x7f0000000040)={0x0, 0x0, {0x2, 0x0, 0x100040}})
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x1, 0x0, 0x1, 0x4}, {0x9, 0x5, 0x4, 0x7}]})
socket$kcm(0x21, 0x2, 0xa)
r14 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r15 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r15}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r14}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r16 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
read$FUSE(r16, &(0x7f0000000580)={0x2020}, 0x2020)

1.357538475s ago: executing program 2 (id=1029):
r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x3)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x3, 0x8, &(0x7f00000034c0)=ANY=[@ANYRESHEX=r2], &(0x7f0000001300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
io_setup(0xd, &(0x7f00000000c0)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000440)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x2, 0x9, r4, &(0x7f00000002c0), 0x0, 0x1000}])
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r3)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, r6, 0x607, 0x70bd28, 0x25dfdbfc, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8801}, 0x810)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x28, r6, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc}]}, 0xfffffe92}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
syz_pidfd_open(r1, 0x0)

1.288199903s ago: executing program 2 (id=1030):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000380)={@val={0x1c, 0xf5}, @void, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0x0, @mcast2, @local, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0xf, 0x8, 0x3, 0x9}}}}}, 0x3c)

1.233658931s ago: executing program 0 (id=1031):
r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
writev(r0, &(0x7f0000000040), 0x0)
read$msr(r0, 0x0, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000280)={{0x1009, 0xfffd, 0x0, 0xffff}, 'syz0\x00', 0x26})
ioctl$UI_DEV_CREATE(r1, 0x5501)
syz_open_dev$evdev(&(0x7f0000000340), 0xaa54, 0x0)
unshare(0x500)
r2 = getpgrp(0xffffffffffffffff)
ptrace(0x4208, r2)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x109001, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$TUNSETIFF(r3, 0x400454da, &(0x7f0000000080)={'batadv0\x00'})
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
write$rfkill(r5, &(0x7f0000000100)={0x1, 0x1, 0x0, 0x0, 0x1}, 0x8)
write$rfkill(r5, 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x2403, 0x0)
ioctl$TUNSETIFF(r6, 0x400454da, &(0x7f0000000140)={'batadv0\x00'})
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x2000})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'bond0\x00', 0x52d35ce30131f272})
syz_clone(0x100b300, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$UI_DEV_DESTROY(r1, 0x5502)
r7 = syz_open_dev$radio(&(0x7f0000000140), 0x0, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r7, 0xc0405665, &(0x7f00000000c0)={0xe7ff, 0x1, 0x1, 0x1000, 0x5, 0x100059a, 0xbfc4bb97dfede4bd})

1.210432515s ago: executing program 2 (id=1032):
syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff)
symlinkat(&(0x7f0000000140)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b40510000000faff7112660000000000bf9b0000000000009500000000000000e8836f0fc754e1aa09c41f6c3cad707155754900000000"], 0x0, 0xa, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x800, 0x0, 0x0, 0x0, 0xa5, 0xbd, 0x9, 0xa9, 0x4, 0x0, 0x0, 0x40000000}, {0x8, 0x4005, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x6, 0xff, 0x0, 0x2, 0x6}, {0x3fe, 0x9, 0x0, 0xfd, 0x0, 0x0, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0x7}], 0x5})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x14, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x7, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0x5, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
recvmmsg$unix(r6, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000180)="67f30faef7360f904b5f0f01d5d0492b36d9fd660f86098000000f9bca66b9800000c00f326635004000000f30660f72e2f4660fdf8f4500", 0x38}], 0x1, 0x0, 0x0, 0x0)

1.137333665s ago: executing program 3 (id=1033):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180100001c00170000000000120000f1850000007d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r1, 0x7ac, &(0x7f0000000040)={&(0x7f0000000bc0)={{@local, 0x40}, {@hyper, 0x1}, 0x400, "459b419012de9ffdf1e95d18844800bdca31b3c9241204d506a740f7052f2c20c7f89ea5ad146c3fb2bf3e4ed7097b5927f8fd40ae6605694b5588f26e9fdbb5d121a82338c914f9e8e011cfdaddf57ebdfbb6a116333c5386dade1634a415c3603e82be73a2a1d0ef918e5f58deaaa1a73c41126e7b0ee6ca844f0027d79d1526b6014babdcb7d82eb38370a36f2eff5206686e28e3da159cda3aaa16cd43a387e9d7c575b406a831417517c7aaff8504603b8a343c6db8266cadf949443340362c9b0bdda40794fe1508abedae0630cc927c32cb2f0d127685ef19f9a3c2443830dd929815ba821d44c664562c871f3520a6afb10a0a57f01e315342bf7c49ab1acd840d60b2a2ac7c66149f7c3e08a881c3f877878386962e507432f3b98d2d49f9055a1917f43dd72f8fd62b69f0e4c31697e66a369f5270d739365a7caef38b97fdfac7d0514a69f19c4daf38ea6c870b12b7ca36b400da6d93205f745fd255ab8f7ddc595e4d785ece8f18b1172c24b77c9bcdc0cc99fe0098dda3d54be779b767e2a030088d600a10fb25e7ce66b0fc0aa3f99ead000227ee1badd7d67130c3bf3d0ec5dfcc14e3d35c670df7f6f8861e55f6d9befeee1085633a6bb9688e417d476f3cb6e0aab46beb7f89ac5a1470e338edf1ddc1fabc6a1a6b37c65a8ae7835c45a8ea82b593a749fdbed9c0cb290fc857fd322b484327b8ac5cb4f593509c0c26c0e77f6f276c534f44e0d1ea593b3702fc15f8f4487aeebc695d9a2bb643715b1f56c410bcef9d5098001c857f44b933282cefbbd86c6b0b6bf3e7b22241a06bbf9cb6d8f39dcd08fa902403dc011a23133f2205ce67dc635e7d86ad171df157c8289d5ef2f1dc201c3f91851ed0a181b260058e7063febb39780fcaca6590080d738cd84cd7a258fcfc43e5ba66cee80a7b5e165378afd7dab9ef0fd335d4b8f3878d11d201cb102b94d228d1d9f279624bbaaa2b1778712b6d3579b7f9c1f6c7c84f8d4e69640ddc13f5aaa0aff85655063a2faadb428894af635c5f1bc0f0c51f90456a5fd9496b89ccc3f91066365a45c5bd5faa758ca145c298919fc4cfff2e74a0600bd2b7326015301d85d879dfe6532d6870b187907b0d6df636df3f96fa2b009f3628f4ed36ef165d81727f6e95dbb429b6926095d031fa18175974b64671b5202f99f22aa0148e62d34babc2b0bbe72b365d4a52a5aaf287e961ccc6c0bb88196ee41b6c06fe49a68ea474dd5e56eed325e595ae49888a8b78eab975f037341d468f68ac1e3b2562b0cfc7a85fe4631183321e07f088dae2b52d9e3a55e550b3a127e8c14740fa218bff0b6cf361faa4f3603f70fdea7eb74eb64cd7b0c41878ba3029895792edf553c781c260c64f262b0c3958c38dad118350285fe367443fa6002956fb605f6703155f9dc522b733850cb120dd"}, 0x418, 0x9})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='btrfs\x00', 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x200}}}}}]}}]}}, 0x0)
syz_usb_control_io$printer(r3, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r4, 0x604, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0x8, &(0x7f0000000280)=0x5, 0x4)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f0000000340)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x8, 0x0, 0xd66}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x4, 0x0, 0x42, 0x4038a09, 0x4, @remote, @mcast2={0xff, 0x5}}})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000003000000000000000000000903000000000000000000000105000000080000000100000000000007000000000000000000000003000000000000006100"/91], 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0xffffffffffffffff, 0x3, &(0x7f0000000240))
writev(r6, &(0x7f0000000980)=[{&(0x7f0000000740)="ff", 0x1}], 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r6, 0x0)

597.264687ms ago: executing program 1 (id=1034):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
syz_emit_ethernet(0x4e, &(0x7f0000000180)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "a24b9f", 0x18, 0x2b, 0x0, @remote, @local, {[], {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r6, 0x0, 0x0)

596.964019ms ago: executing program 1 (id=1035):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f0000008080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x160)
r2 = getpgid(0x0)
r3 = syz_pidfd_open(r2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {}, [@FRA_FLOW={0x8, 0xb, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
pidfd_send_signal(r3, 0x21, 0x0, 0x4)
r6 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r6)
getsockname$packet(r6, &(0x7f00000002c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001380)=@delchain={0x48, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0xfff2}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'dvmrp0\x00'}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000)

508.04362ms ago: executing program 1 (id=1036):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
openat$sysctl(0xffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000a827eb6de18af7ebefbe7a7f299ec70800813a5ecee5d13ca84dae9b336445ca6843efb8c095d12889d4a0ba362751d8b8bf1e8c0f9200"/92], 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYBLOB], 0x10)
close(r2)
r3 = userfaultfd(0x80001)
mkdir(0x0, 0x0)
rename(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000800)='./file0\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\b\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000040000000200"/21, @ANYRES32, @ANYBLOB], 0x50)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140))
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
listxattr(&(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000300)=""/62, 0x3e)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mlockall(0x7)
shutdown(r4, 0x2)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="020d000018000000000000000000000005000600000000000a00000000000000fc010000000000000000000000000000000000000000000005000500000000000a000000000000000000000000000000000000000000000000000000000000000200120002040000000000000000000006003200000000000000000000000000fe880000000000000000000000000001fc010000000000000000000000000000040004"], 0xc0}}, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

288.053164ms ago: executing program 1 (id=1037):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES16], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, &(0x7f00000000c0)=0x8004, 0x4)
sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="1800000056000106210000000000000007"], 0x18}], 0x1}, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x1a93, &(0x7f0000000140), &(0x7f0000000340)=<r5=>0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRESOCT=r5, @ANYRES16=r3, @ANYRESOCT=0x0, @ANYBLOB], 0x48)
connect$unix(r3, &(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r6 = syz_open_procfs(0x0, 0x0)
preadv(r6, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x6)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="010000000e1f7cb57f600200"/22, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
r8 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000300)='source', &(0x7f00000000c0)='%(,:', 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)

87.828527ms ago: executing program 0 (id=1038):
r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x3)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x3, 0x8, &(0x7f00000034c0)=ANY=[@ANYRESHEX=r2], &(0x7f0000001300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
io_setup(0xd, &(0x7f00000000c0)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000440)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x2, 0x9, r4, &(0x7f00000002c0), 0x0, 0x1000}])
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r3)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, r6, 0x607, 0x70bd28, 0x25dfdbfc, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8801}, 0x810)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x28, r6, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc}]}, 0xfffffe92}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
syz_pidfd_open(r1, 0x0)

87.495479ms ago: executing program 0 (id=1039):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x4}}}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_MPLS={0x4}]}]}, 0x3c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x4}}}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_MPLS={0x4}]}]}, 0x3c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[], 0x6c}}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="140001000040"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) (async)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7ff, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x9}, r4, 0xb}}, 0x48)
write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {&(0x7f0000000300), r4}}, 0x18) (async)
write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {&(0x7f0000000300), r4}}, 0x18)

39.00828ms ago: executing program 0 (id=1040):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@ipv4_newaddr={0x28, 0x14, 0x1, 0x0, 0x25dfdbfd, {0x2, 0x1f, 0x0, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @local}, @IFA_FLAGS={0x8, 0x8, 0x558}]}, 0x28}}, 0x800)

2.632585ms ago: executing program 2 (id=1041):
r0 = socket(0x10, 0x803, 0x0)
getsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, &(0x7f00000003c0), &(0x7f0000000480)=0x4)
getsockopt$IP_SET_OP_GET_BYNAME(r0, 0x1, 0x53, &(0x7f0000000780)={0x6, 0x7, 'syz0\x00'}, &(0x7f0000000a00)=0x28)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000700)=0x8, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000000380)=@v3={0x3000000, [{0x5, 0x82}, {0x80000000, 0xffffaf0a}]}, 0x18, 0x0)
socket$kcm(0x2, 0x5, 0x84)
io_uring_setup(0x79bb, &(0x7f0000000400)={0x0, 0x0, 0x100})
socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x4})
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00')
preadv(r5, &(0x7f0000000200)=[{&(0x7f0000000380)=""/106, 0xbe}], 0x1, 0x40fb, 0x9)

0s ago: executing program 0 (id=1042):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0xa}, 0x8)
shutdown(r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r1 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000040)={0x3, 0x93})
r2 = openat$kvm(0x0, &(0x7f0000000dc0), 0x90981, 0x0)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
mmap$KVM_VCPU(&(0x7f0000000000/0x3000)=nil, r3, 0xd, 0x11, r6, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000c40)='/proc/consoles\x00', 0x0, 0x0)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
sendfile(r8, r7, &(0x7f00000000c0)=0x8e, 0x180000504)
mmap$KVM_VCPU(&(0x7f00006bc000/0x2000)=nil, r3, 0x1000004, 0x110, r7, 0x0)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000f80)=ANY=[@ANYBLOB="e88baa1826bd5cb0e9681dc795012b4df20196f4d63d944163d73ec3866ab7619d8e7dafc08664836de0a4e50ec551304bafdc023e2b00a10ffe4aa866acf9b0d603bba59b279f7f6506c7bd0bbb730e3b7571624d2f029917f24a007c0b864e18105443649a9d60bcc15288dd5ddb7645ca872edeb215abb5bf6a829dfe7ab6a88144e364f7e7fb31ef44b0bff2cc727a1be1ebe9c1dda26009395cccd2768436aeeaf164de74bc382eeafbad5a4053d04fdd98e1d44167cde72555b65314a7ffc72795ecc2c205d7134e6adeb16a37b92516360e888d0a6fb63064feb28c7ebe8686482104558eace2eef9f26e27b2a9c5"], 0x38}}, 0x8890)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r11 = accept4(r10, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r11, &(0x7f0000000e00)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba4e5965a99476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ec1828630741ef0163f97069bfec9ec30214f28c5e16fd3f50f604f20232c534589e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8d1645af5e811dfa0fa7da9d441b92ce2a7f9fc3a79d94aaece13ebf810264fda056685f9fa2fe2a8eabc6284de06ca2dec38df1ba6e3c57744b7b51acbc2365ca34a6ebde5bd2778dce7870ffffffffffffff3b52000000d6bb7c731c49d593bfee379e0f97dee2a218e6994bb7a0bed32e174710be7e7a4cb733b259fe81adf24161c429892f43f6feece82677209a", 0x17d, 0x4000, 0x0, 0x0)
recvfrom(r11, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5)
sendmsg$802154_raw(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)="eb", 0x1}, 0x1, 0x0, 0x0, 0x8008040}, 0x30008080)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000002a40), 0x0, 0x200260e4)
memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\f\xa9\xee\x8a\xa3\xdbhe\x06q\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1/\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f-\xd2-\x8e3\x9e\xe9\x87\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\\\xa7\xf6O\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43B\b\xd5\x84\xdf\x94\xe8\'$\'~\x81\xe2\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\x00\x00\x00\x00\x00', 0x9)

kernel console output (not intermixed with test programs):

][ T5300] Bluetooth: hci2: connection err: -111
[   95.276769][ T7169] FAULT_INJECTION: forcing a failure.
[   95.276769][ T7169] name failslab, interval 1, probability 0, space 0, times 0
[   95.282774][ T7169] CPU: 3 UID: 0 PID: 7169 Comm: syz.1.340 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[   95.282800][ T7169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   95.282809][ T7169] Call Trace:
[   95.282815][ T7169]  <TASK>
[   95.282821][ T7169]  dump_stack_lvl+0x16c/0x1f0
[   95.282849][ T7169]  should_fail_ex+0x512/0x640
[   95.282870][ T7169]  ? __kmalloc_cache_noprof+0x57/0x3e0
[   95.282905][ T7169]  should_failslab+0xc2/0x120
[   95.282925][ T7169]  __kmalloc_cache_noprof+0x6a/0x3e0
[   95.282950][ T7169]  ? __asan_memcpy+0x3c/0x60
[   95.282962][ T7169]  ? sctp_association_new+0xbb/0x2a00
[   95.282987][ T7169]  ? sctp_add_bind_addr+0x2a1/0x3f0
[   95.283009][ T7169]  sctp_association_new+0xbb/0x2a00
[   95.283039][ T7169]  sctp_connect_new_asoc+0x1b6/0x790
[   95.283060][ T7169]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[   95.283082][ T7169]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[   95.283110][ T7169]  sctp_sendmsg+0x15f9/0x1ee0
[   95.283124][ T7169]  ? __pfx_get_page_from_freelist+0x10/0x10
[   95.283140][ T7169]  ? should_fail_alloc_page+0xee/0x130
[   95.283166][ T7169]  ? __pfx_sctp_sendmsg+0x10/0x10
[   95.283184][ T7169]  ? __pfx___might_resched+0x10/0x10
[   95.283209][ T7169]  ? find_held_lock+0x2b/0x80
[   95.283226][ T7169]  ? __pfx_aa_sk_perm+0x10/0x10
[   95.283247][ T7169]  ? __import_iovec+0x1c8/0x660
[   95.283269][ T7169]  ? __pfx_sctp_sendmsg+0x10/0x10
[   95.283287][ T7169]  inet_sendmsg+0x119/0x140
[   95.283309][ T7169]  ____sys_sendmsg+0x973/0xc70
[   95.283335][ T7169]  ? __pfx_____sys_sendmsg+0x10/0x10
[   95.283354][ T7169]  ? get_compat_msghdr+0x11a/0x170
[   95.283375][ T7169]  ? __pfx__kstrtoull+0x10/0x10
[   95.283397][ T7169]  ___sys_sendmsg+0x134/0x1d0
[   95.283417][ T7169]  ? __pfx____sys_sendmsg+0x10/0x10
[   95.283446][ T7169]  ? find_held_lock+0x2b/0x80
[   95.283475][ T7169]  __sys_sendmmsg+0x2f9/0x420
[   95.283496][ T7169]  ? __pfx___sys_sendmmsg+0x10/0x10
[   95.283520][ T7169]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   95.283552][ T7169]  ? fput+0x70/0xf0
[   95.283572][ T7169]  ? ksys_write+0x1b9/0x240
[   95.283587][ T7169]  ? __pfx_ksys_write+0x10/0x10
[   95.283607][ T7169]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[   95.283624][ T7169]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   95.283647][ T7169]  __do_fast_syscall_32+0x73/0x120
[   95.283670][ T7169]  do_fast_syscall_32+0x32/0x80
[   95.283693][ T7169]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   95.283714][ T7169] RIP: 0023:0xf7f75579
[   95.283728][ T7169] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   95.283743][ T7169] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[   95.283758][ T7169] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080003400
[   95.283767][ T7169] RDX: 0000000000000002 RSI: 0000000000040801 RDI: 0000000000000000
[   95.283777][ T7169] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   95.283787][ T7169] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   95.283797][ T7169] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   95.283817][ T7169]  </TASK>
[   95.407991][ T7172] syz_tun: entered allmulticast mode
[   95.470888][ T7172] syz_tun: left allmulticast mode
[   95.731862][   T64] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   95.891160][   T64] usb 7-1: Using ep0 maxpacket: 8
[   95.894154][   T64] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   95.897112][   T64] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   95.900182][   T64] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   95.903518][   T64] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   95.907478][   T64] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   95.910189][   T64] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.121330][   T64] usb 7-1: GET_CAPABILITIES returned 0
[   96.123102][   T64] usbtmc 7-1:16.0: can't read capabilities
[   96.410938][ T7201] netlink: 'syz.0.350': attribute type 1 has an invalid length.
[   96.442625][ T7201] 8021q: adding VLAN 0 to HW filter on device bond3
[   96.606046][ T7206] fuse: Unknown parameter 'fd0x0000000000000003'
[   96.931722][ T7215] syz_tun: entered allmulticast mode
[   96.941141][   T29] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   97.091121][   T29] usb 5-1: Using ep0 maxpacket: 16
[   97.097481][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[   97.100285][ T7213] syz_tun: left allmulticast mode
[   97.103216][ T5300] Bluetooth: unknown link type 108
[   97.104158][   T29] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[   97.104955][ T5300] Bluetooth: hci1: connection err: -111
[   97.107810][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.116310][   T29] usb 5-1: Product: syz
[   97.117703][   T29] usb 5-1: Manufacturer: syz
[   97.119315][   T29] usb 5-1: SerialNumber: syz
[   97.141352][   T29] usb 5-1: config 0 descriptor??
[   97.654043][   T29] hub 5-1:0.0: bad descriptor, ignoring hub
[   97.659267][   T29] hub 5-1:0.0: probe with driver hub failed with error -5
[   97.667443][   T29] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input9
[   97.682252][   T29] input: failed to attach handler mousedev to device input9, error: -5
[   97.863627][ T7225] netlink: 24 bytes leftover after parsing attributes in process `syz.0.353'.
[   97.869111][ T7208] usb 5-1: USB disconnect, device number 4
[   97.939623][ T7221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   97.951786][ T7221] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   97.975626][ T5300] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[   98.260775][ T7231] netlink: 'syz.1.358': attribute type 11 has an invalid length.
[   98.264381][ T7231] netlink: 224 bytes leftover after parsing attributes in process `syz.1.358'.
[   98.565328][ T7237] netlink: 'syz.0.360': attribute type 1 has an invalid length.
[   98.597371][ T7237] 8021q: adding VLAN 0 to HW filter on device bond4
[   98.767199][   T76] usb 7-1: USB disconnect, device number 6
[   99.093451][ T5300] Bluetooth: unknown link type 108
[   99.095282][ T5300] Bluetooth: hci2: connection err: -111
[  100.082330][ T7259] FAULT_INJECTION: forcing a failure.
[  100.082330][ T7259] name failslab, interval 1, probability 0, space 0, times 0
[  100.091107][ T7259] CPU: 3 UID: 0 PID: 7259 Comm: syz.0.367 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  100.091129][ T7259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  100.091136][ T7259] Call Trace:
[  100.091140][ T7259]  <TASK>
[  100.091145][ T7259]  dump_stack_lvl+0x16c/0x1f0
[  100.091162][ T7259]  should_fail_ex+0x512/0x640
[  100.091175][ T7259]  ? __kmalloc_noprof+0xbf/0x510
[  100.091187][ T7259]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  100.091202][ T7259]  should_failslab+0xc2/0x120
[  100.091214][ T7259]  __kmalloc_noprof+0xd2/0x510
[  100.091224][ T7259]  ? __pfx___mutex_trylock_common+0x10/0x10
[  100.091241][ T7259]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  100.091258][ T7259]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  100.091272][ T7259]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  100.091285][ T7259]  ? genl_get_cmd+0x194/0x580
[  100.091300][ T7259]  ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  100.091310][ T7259]  ? kmalloc_reserve+0x18b/0x2c0
[  100.091322][ T7259]  ? __radix_tree_lookup+0x21f/0x2c0
[  100.091336][ T7259]  genl_rcv_msg+0x55c/0x800
[  100.091350][ T7259]  ? __pfx_genl_rcv_msg+0x10/0x10
[  100.091363][ T7259]  ? __pfx_nbd_genl_connect+0x10/0x10
[  100.091375][ T7259]  ? __lock_acquire+0xaa4/0x1ba0
[  100.091390][ T7259]  netlink_rcv_skb+0x16a/0x440
[  100.091401][ T7259]  ? __pfx_genl_rcv_msg+0x10/0x10
[  100.091414][ T7259]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  100.091432][ T7259]  ? __pfx_down_read+0x10/0x10
[  100.091446][ T7259]  ? netlink_deliver_tap+0x1ae/0xd30
[  100.091459][ T7259]  genl_rcv+0x28/0x40
[  100.091470][ T7259]  netlink_unicast+0x53a/0x7f0
[  100.091483][ T7259]  ? __pfx_netlink_unicast+0x10/0x10
[  100.091497][ T7259]  netlink_sendmsg+0x8d1/0xdd0
[  100.091511][ T7259]  ? __pfx_netlink_sendmsg+0x10/0x10
[  100.091523][ T7259]  ? __import_iovec+0x1c8/0x660
[  100.091541][ T7259]  ____sys_sendmsg+0xa95/0xc70
[  100.091555][ T7259]  ? __pfx_____sys_sendmsg+0x10/0x10
[  100.091568][ T7259]  ? get_compat_msghdr+0x11a/0x170
[  100.091583][ T7259]  ___sys_sendmsg+0x134/0x1d0
[  100.091594][ T7259]  ? __pfx____sys_sendmsg+0x10/0x10
[  100.091620][ T7259]  __sys_sendmsg+0x16d/0x220
[  100.091630][ T7259]  ? __pfx___sys_sendmsg+0x10/0x10
[  100.091644][ T7259]  ? rcu_is_watching+0x12/0xc0
[  100.091654][ T7259]  ? rcu_is_watching+0x12/0xc0
[  100.091665][ T7259]  __do_fast_syscall_32+0x73/0x120
[  100.091679][ T7259]  do_fast_syscall_32+0x32/0x80
[  100.091692][ T7259]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  100.091704][ T7259] RIP: 0023:0xf704e579
[  100.091713][ T7259] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  100.091722][ T7259] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  100.091731][ T7259] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280
[  100.091737][ T7259] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  100.091742][ T7259] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  100.091748][ T7259] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  100.091753][ T7259] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  100.091765][ T7259]  </TASK>
[  100.260554][ T7264] syz_tun: entered allmulticast mode
[  100.329389][ T7264] syz_tun: left allmulticast mode
[  100.365819][ T5300] Bluetooth: hci2: Unable to find connection with handle 0x00c8
[  100.368175][ T7267] netlink: 'syz.0.370': attribute type 6 has an invalid length.
[  100.372150][   T40] kauditd_printk_skb: 14 callbacks suppressed
[  100.372159][   T40] audit: type=1326 audit(1746087113.543:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7266 comm="syz.0.370" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0
[  101.091825][ T5300] Bluetooth: hci0: Unable to find connection with handle 0x00c8
[  101.098269][ T7275] netlink: 'syz.3.373': attribute type 6 has an invalid length.
[  101.104980][   T40] audit: type=1326 audit(1746087114.273:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7274 comm="syz.3.373" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70ee579 code=0x0
[  101.180496][   T40] audit: type=1326 audit(1746087114.343:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7272 comm="syz.2.372" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7fc00000
[  101.180618][ T7276] FAULT_INJECTION: forcing a failure.
[  101.180618][ T7276] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  101.191272][ T7276] CPU: 2 UID: 0 PID: 7276 Comm: syz.2.372 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  101.191296][ T7276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.191306][ T7276] Call Trace:
[  101.191327][ T7276]  <TASK>
[  101.191334][ T7276]  dump_stack_lvl+0x16c/0x1f0
[  101.191361][ T7276]  should_fail_ex+0x512/0x640
[  101.191388][ T7276]  _copy_to_user+0x32/0xd0
[  101.191415][ T7276]  simple_read_from_buffer+0xcb/0x170
[  101.191442][ T7276]  proc_fail_nth_read+0x197/0x270
[  101.191465][ T7276]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  101.191490][ T7276]  ? rw_verify_area+0xcf/0x680
[  101.191513][ T7276]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  101.191536][ T7276]  vfs_read+0x1de/0xc70
[  101.191555][ T7276]  ? __pfx___mutex_lock+0x10/0x10
[  101.191577][ T7276]  ? __pfx_vfs_read+0x10/0x10
[  101.191600][ T7276]  ? __fget_files+0x20e/0x3c0
[  101.191633][ T7276]  ksys_read+0x12a/0x240
[  101.191648][ T7276]  ? __pfx_ksys_read+0x10/0x10
[  101.191662][ T7276]  ? rcu_is_watching+0x12/0xc0
[  101.191680][ T7276]  ? rcu_is_watching+0x12/0xc0
[  101.191698][ T7276]  __do_fast_syscall_32+0x73/0x120
[  101.191722][ T7276]  do_fast_syscall_32+0x32/0x80
[  101.191744][ T7276]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  101.191764][ T7276] RIP: 0023:0xf710e579
[  101.191777][ T7276] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  101.191792][ T7276] RSP: 002b:00000000f50dd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  101.191808][ T7276] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50dd620
[  101.191819][ T7276] RDX: 000000000000000f RSI: 00000000f7472ff4 RDI: 0000000000000000
[  101.191828][ T7276] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  101.191837][ T7276] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  101.191846][ T7276] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.191872][ T7276]  </TASK>
[  101.192260][   T40] audit: type=1326 audit(1746087114.363:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7272 comm="syz.2.372" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf710e579 code=0x7fc00000
[  101.256880][ T7283] Invalid logical block size (19)
[  101.292331][ T7287] netlink: 'syz.2.376': attribute type 1 has an invalid length.
[  101.314651][ T7287] 8021q: adding VLAN 0 to HW filter on device bond5
[  101.318583][ T7290] netlink: 'syz.0.378': attribute type 1 has an invalid length.
[  101.343111][ T7290] 8021q: adding VLAN 0 to HW filter on device bond5
[  101.621077][   T29] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  101.904786][   T29] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  101.907988][   T29] usb 6-1: config 0 interface 0 has no altsetting 0
[  101.915400][   T29] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  101.918212][   T29] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  101.920815][   T29] usb 6-1: Product: syz
[  101.921911][ T5300] Bluetooth: unknown link type 108
[  101.923759][ T5300] Bluetooth: hci2: connection err: -111
[  101.924079][   T29] usb 6-1: Manufacturer: syz
[  101.927107][   T29] usb 6-1: SerialNumber: syz
[  101.936479][   T29] usb 6-1: config 0 descriptor??
[  101.950025][   T29] usb 6-1: selecting invalid altsetting 0
[  102.508404][   T76] usb 6-1: USB disconnect, device number 5
[  102.698783][ T5300] Bluetooth: unknown link type 108
[  102.700452][ T5300] Bluetooth: hci3: connection err: -111
[  103.498503][ T7323] ubi31: attaching mtd0
[  103.503079][ T7323] ubi31: scanning is finished
[  103.504732][ T7323] ubi31: empty MTD device detected
[  103.632888][ T7323] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  103.635210][ T7323] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  103.638448][ T7323] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  103.641324][ T7323] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  103.646661][ T7323] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  103.654231][ T7323] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  103.658914][ T7323] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1214927071
[  103.666257][ T7323] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  103.680226][ T7329] ubi31: background thread "ubi_bgt31d" started, PID 7329
[  104.091406][   T76] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  104.252533][   T76] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  104.256205][   T76] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  104.259510][   T76] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  104.263198][   T76] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  104.267190][   T76] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  104.269969][   T76] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.277526][   T76] usb 7-1: config 0 descriptor??
[  104.686512][   T76] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  104.718187][   T76] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  105.320555][ T7353] netlink: 72 bytes leftover after parsing attributes in process `syz.3.395'.
[  105.353709][ T7355] netlink: 44 bytes leftover after parsing attributes in process `syz.3.396'.
[  105.687316][ T7363] netlink: 4 bytes leftover after parsing attributes in process `syz.1.398'.
[  106.501454][ T1330] usb 7-1: reset high-speed USB device number 7 using dummy_hcd
[  108.185001][ T5984] usb 7-1: USB disconnect, device number 7
[  108.787077][ T7412] wireguard1: entered promiscuous mode
[  108.788798][ T7412] wireguard1: entered allmulticast mode
[  108.854653][ T7415] loop6: detected capacity change from 0 to 524287999
[  109.444059][   T40] audit: type=1326 audit(1746087122.613:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7407 comm="syz.2.411" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7fc00000
[  109.520169][ T7424] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  109.525718][ T7424] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  109.622481][ T1036] Bluetooth: Error in BCSP hdr checksum
[  109.892128][ T1036] Bluetooth: Error in BCSP hdr checksum
[  110.802344][   T12] Bluetooth: Error in BCSP hdr checksum
[  111.349127][ T7451] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  111.352861][ T7451] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  111.441157][ T5300] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  111.441236][ T5947] Bluetooth: hci4: command 0x1003 tx timeout
[  111.791210][ T1017] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  111.943060][ T1017] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  111.946424][ T1017] usb 6-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  111.949104][ T1017] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.953056][ T1017] usb 6-1: config 0 descriptor??
[  112.165163][   T34] usb 6-1: USB disconnect, device number 6
[  112.561173][ T5954] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  112.562841][ T5300] Bluetooth: hci5: command 0x1003 tx timeout
[  112.611482][ T7466] 9pnet_virtio: no channels available for device syz
[  113.890593][ T7490] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  113.892920][ T7490] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  114.757559][ T7511] xt_CT: You must specify a L4 protocol and not use inversions on it
[  114.921140][ T5986] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  115.101101][ T5986] usb 6-1: Using ep0 maxpacket: 8
[  115.103099][   T40] audit: type=1326 audit(1746087128.273:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7502 comm="syz.2.440" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7fc00000
[  115.105694][ T5986] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  115.113528][ T5986] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  115.117602][ T5986] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  115.121630][ T5986] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  115.125634][ T5986] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  115.131725][ T5986] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  115.137706][ T5986] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.699439][ T5954] Bluetooth: unknown link type 108
[  115.701463][ T5954] Bluetooth: hci0: connection err: -111
[  116.036254][ T7529] binder: 7528:7529 ioctl c0306201 80000c00 returned -14
[  116.958477][ T5986] usb 6-1: usb_control_msg returned -71
[  116.960270][ T5986] usbtmc 6-1:16.0: can't read capabilities
[  116.983302][ T5986] usb 6-1: USB disconnect, device number 7
[  117.190826][ T7555] netlink: 148 bytes leftover after parsing attributes in process `syz.0.456'.
[  117.977443][ T5954] Bluetooth: unknown link type 108
[  117.979143][ T5954] Bluetooth: hci2: connection err: -111
[  118.236377][ T7577] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2147485184 (4294970368 ns) > initial count (62 ns). Using initial count to start timer.
[  118.924818][ T7594] ip6t_srh: unknown srh match flags  E506
[  118.925374][ T7596] netlink: 4 bytes leftover after parsing attributes in process `syz.1.469'.
[  120.130696][ T7639] FAULT_INJECTION: forcing a failure.
[  120.130696][ T7639] name failslab, interval 1, probability 0, space 0, times 0
[  120.139081][ T7639] CPU: 0 UID: 0 PID: 7639 Comm: syz.0.480 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  120.139104][ T7639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.139115][ T7639] Call Trace:
[  120.139121][ T7639]  <TASK>
[  120.139127][ T7639]  dump_stack_lvl+0x16c/0x1f0
[  120.139152][ T7639]  should_fail_ex+0x512/0x640
[  120.139174][ T7639]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  120.139194][ T7639]  should_failslab+0xc2/0x120
[  120.139214][ T7639]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  120.139232][ T7639]  ? dup_fd+0x4e/0xb90
[  120.139259][ T7639]  dup_fd+0x4e/0xb90
[  120.139281][ T7639]  ? __pfx_audit_alloc+0x10/0x10
[  120.139307][ T7639]  ? apparmor_task_alloc+0x2c2/0x3b0
[  120.139327][ T7639]  copy_process+0x25c1/0x91a0
[  120.139347][ T7639]  ? __lock_acquire+0x5ca/0x1ba0
[  120.139384][ T7639]  ? __pfx_copy_process+0x10/0x10
[  120.139408][ T7639]  ? find_held_lock+0x2b/0x80
[  120.139422][ T7639]  ? __might_fault+0xe3/0x190
[  120.139439][ T7639]  ? __might_fault+0xe3/0x190
[  120.139455][ T7639]  ? __might_fault+0x13b/0x190
[  120.139478][ T7639]  ? _copy_from_user+0x59/0xd0
[  120.139504][ T7639]  kernel_clone+0xfc/0x960
[  120.139523][ T7639]  ? get_pid_task+0xfc/0x250
[  120.139547][ T7639]  ? __pfx_kernel_clone+0x10/0x10
[  120.139580][ T7639]  __do_sys_clone3+0x212/0x290
[  120.139600][ T7639]  ? __pfx___do_sys_clone3+0x10/0x10
[  120.139632][ T7639]  ? __fget_files+0x20e/0x3c0
[  120.139669][ T7639]  ? rcu_is_watching+0x12/0xc0
[  120.139688][ T7639]  __do_fast_syscall_32+0x73/0x120
[  120.139712][ T7639]  do_fast_syscall_32+0x32/0x80
[  120.139733][ T7639]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  120.139753][ T7639] RIP: 0023:0xf704e579
[  120.139766][ T7639] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  120.139781][ T7639] RSP: 002b:00000000f503e42c EFLAGS: 00000286 ORIG_RAX: 00000000000001b3
[  120.139797][ T7639] RAX: ffffffffffffffda RBX: 00000000f503e460 RCX: 0000000000000058
[  120.139806][ T7639] RDX: 0000000000000000 RSI: 0000000002140000 RDI: 0000000000000000
[  120.139816][ T7639] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  120.139825][ T7639] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  120.139834][ T7639] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  120.139861][ T7639]  </TASK>
[  120.142190][   T40] audit: type=1326 audit(1746087133.313:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7614 comm="syz.3.475" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[  120.205332][ T7643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.481'.
[  121.245328][ T5954] Bluetooth: unknown link type 108
[  121.247007][ T5954] Bluetooth: hci1: connection err: -111
[  121.667883][ T7687] FAULT_INJECTION: forcing a failure.
[  121.667883][ T7687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  121.672038][ T7687] CPU: 3 UID: 0 PID: 7687 Comm: syz.2.492 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  121.672052][ T7687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  121.672058][ T7687] Call Trace:
[  121.672062][ T7687]  <TASK>
[  121.672066][ T7687]  dump_stack_lvl+0x16c/0x1f0
[  121.672084][ T7687]  should_fail_ex+0x512/0x640
[  121.672112][ T7687]  _copy_from_user+0x2e/0xd0
[  121.672128][ T7687]  generic_map_update_batch+0x380/0x610
[  121.672146][ T7687]  ? __pfx_generic_map_update_batch+0x10/0x10
[  121.672162][ T7687]  ? __pfx_generic_map_update_batch+0x10/0x10
[  121.672176][ T7687]  bpf_map_do_batch+0x5a8/0x670
[  121.672188][ T7687]  __sys_bpf+0x15f3/0x4d80
[  121.672201][ T7687]  ? rcu_is_watching+0x12/0xc0
[  121.672212][ T7687]  ? __pfx___sys_bpf+0x10/0x10
[  121.672224][ T7687]  ? __schedule+0x1186/0x5de0
[  121.672235][ T7687]  ? ksys_write+0x190/0x240
[  121.672255][ T7687]  ? fput+0x70/0xf0
[  121.672266][ T7687]  ? ksys_write+0x1b9/0x240
[  121.672278][ T7687]  __ia32_sys_bpf+0x76/0xe0
[  121.672292][ T7687]  __do_fast_syscall_32+0x73/0x120
[  121.672306][ T7687]  do_fast_syscall_32+0x32/0x80
[  121.672323][ T7687]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  121.672342][ T7687] RIP: 0023:0xf710e579
[  121.672352][ T7687] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  121.672365][ T7687] RSP: 002b:00000000f50dd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  121.672379][ T7687] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000080000300
[  121.672388][ T7687] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[  121.672393][ T7687] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  121.672399][ T7687] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  121.672404][ T7687] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  121.672416][ T7687]  </TASK>
[  121.674927][ T7687] =======================================================
[  121.674927][ T7687] WARNING: The mand mount option has been deprecated and
[  121.674927][ T7687]          and is ignored by this kernel. Remove the mand
[  121.674927][ T7687]          option from the mount to silence this warning.
[  121.674927][ T7687] =======================================================
[  123.833247][ T5954] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  123.982197][ T7746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.507'.
[  124.125256][ T5954] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[  124.127738][ T7752] netlink: 'syz.1.509': attribute type 6 has an invalid length.
[  124.134028][   T40] audit: type=1326 audit(2000000001.479:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7751 comm="syz.1.509" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f75579 code=0x0
[  124.212075][   T40] audit: type=1400 audit(2000000001.559:67): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#" pid=7748 comm="syz.3.508"
[  124.694614][ T7756] vivid-005: disconnect
[  124.696917][ T7755] vivid-005: reconnect
[  124.748335][ T7758] syz.2.511: attempt to access beyond end of device
[  124.748335][ T7758] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  124.752832][ T7758] syz.2.511: attempt to access beyond end of device
[  124.752832][ T7758] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  124.756760][ T7758] Mount JFS Failure: -5
[  124.762466][ T7758] netlink: 8 bytes leftover after parsing attributes in process `syz.2.511'.
[  125.980216][ T7780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.517'.
[  126.684424][ T5954] Bluetooth: unknown link type 108
[  126.686141][ T5954] Bluetooth: hci2: connection err: -111
[  126.881108][ T5984] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  127.051224][ T5984] usb 8-1: Using ep0 maxpacket: 8
[  127.062015][ T5984] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  127.066200][ T5984] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  127.070109][ T5984] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.104189][ T5954] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  127.107545][ T5984] usb 8-1: config 0 descriptor??
[  127.115197][ T7796] netlink: 'syz.2.523': attribute type 6 has an invalid length.
[  127.122630][   T40] audit: type=1326 audit(2000000004.469:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7795 comm="syz.2.523" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0
[  127.342503][ T5984] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  127.411074][   T34] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  127.561079][   T34] usb 6-1: Using ep0 maxpacket: 8
[  127.564498][   T34] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  127.567706][   T34] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  127.571767][   T34] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  127.575581][   T34] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  127.579469][   T34] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  127.584659][   T34] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  127.588196][   T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.675588][ T7804] netlink: 12 bytes leftover after parsing attributes in process `syz.0.524'.
[  127.803356][   T24] usb 8-1: USB disconnect, device number 7
[  127.833315][   T34] usb 6-1: usb_control_msg returned -32
[  127.835096][   T34] usbtmc 6-1:16.0: can't read capabilities
[  127.989578][ T7809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.526'.
[  128.157797][ T7813] usbtmc 6-1:16.0: INITIATE_ABORT_BULK_OUT returned 0
[  128.359737][   T34] usb 6-1: USB disconnect, device number 8
[  128.449820][ T7816] FAULT_INJECTION: forcing a failure.
[  128.449820][ T7816] name failslab, interval 1, probability 0, space 0, times 0
[  128.454067][ T7816] CPU: 3 UID: 0 PID: 7816 Comm: syz.3.528 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  128.454081][ T7816] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  128.454087][ T7816] Call Trace:
[  128.454091][ T7816]  <TASK>
[  128.454096][ T7816]  dump_stack_lvl+0x16c/0x1f0
[  128.454113][ T7816]  should_fail_ex+0x512/0x640
[  128.454127][ T7816]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  128.454144][ T7816]  should_failslab+0xc2/0x120
[  128.454156][ T7816]  __kmalloc_cache_noprof+0x6a/0x3e0
[  128.454172][ T7816]  ? kasan_save_stack+0x42/0x60
[  128.454181][ T7816]  ? fuse_io_alloc+0x47/0x150
[  128.454196][ T7816]  ? fuse_direct_IO+0x262/0xf40
[  128.454218][ T7816]  fuse_io_alloc+0x47/0x150
[  128.454234][ T7816]  fuse_direct_io+0x312/0x2560
[  128.454260][ T7816]  ? __pfx_fuse_direct_io+0x10/0x10
[  128.454278][ T7816]  ? lockdep_init_map_type+0x5c/0x280
[  128.454294][ T7816]  fuse_direct_IO+0x624/0xf40
[  128.454306][ T7816]  ? __pfx_aio_complete_rw+0x10/0x10
[  128.454322][ T7816]  ? __pfx_fuse_direct_IO+0x10/0x10
[  128.454360][ T7816]  generic_file_direct_write+0x197/0x410
[  128.454381][ T7816]  ? kiocb_modified+0x134/0x2c0
[  128.454393][ T7816]  fuse_file_write_iter+0x6d3/0x950
[  128.454405][ T7816]  aio_write+0x3b6/0x910
[  128.454419][ T7816]  ? __pfx_aio_write+0x10/0x10
[  128.454432][ T7816]  ? __lock_acquire+0xaa4/0x1ba0
[  128.454452][ T7816]  ? __might_fault+0xe3/0x190
[  128.454463][ T7816]  ? __might_fault+0x13b/0x190
[  128.454476][ T7816]  ? io_submit_one+0x1243/0x1da0
[  128.454489][ T7816]  io_submit_one+0x1243/0x1da0
[  128.454504][ T7816]  ? __lock_acquire+0xaa4/0x1ba0
[  128.454519][ T7816]  ? __pfx_io_submit_one+0x10/0x10
[  128.454538][ T7816]  ? __might_fault+0xe3/0x190
[  128.454547][ T7816]  ? __might_fault+0x13b/0x190
[  128.454561][ T7816]  ? __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  128.454576][ T7816]  __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  128.454592][ T7816]  ? __pfx___ia32_compat_sys_io_submit+0x10/0x10
[  128.454607][ T7816]  ? fput+0x70/0xf0
[  128.454621][ T7816]  ? rcu_is_watching+0x12/0xc0
[  128.454633][ T7816]  __do_fast_syscall_32+0x73/0x120
[  128.454647][ T7816]  do_fast_syscall_32+0x32/0x80
[  128.454660][ T7816]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  128.454673][ T7816] RIP: 0023:0xf70ee579
[  128.454681][ T7816] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  128.454691][ T7816] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 00000000000000f8
[  128.454701][ T7816] RAX: ffffffffffffffda RBX: 00000000f5094000 RCX: 0000000000000012
[  128.454707][ T7816] RDX: 0000000080000780 RSI: 0000000000000000 RDI: 0000000000000000
[  128.454712][ T7816] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  128.454718][ T7816] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  128.454723][ T7816] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  128.454736][ T7816]  </TASK>
[  129.576980][ T7841] sp0: Synchronizing with TNC
[  129.582891][ T1141] Bluetooth: hci4: Frame reassembly failed (-84)
[  129.585520][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  129.703093][   T34] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  129.713286][   T34] hid-generic 0000:0000:0000.0003: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  130.166079][ T5300] Bluetooth: unknown link type 108
[  130.167929][ T5300] Bluetooth: hci1: connection err: -111
[  130.294677][ T7858] netlink: 4 bytes leftover after parsing attributes in process `syz.3.539'.
[  131.601709][ T5954] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  132.243994][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  132.547904][ T7898] 9pnet_virtio: no channels available for device syz
[  133.723371][ T7915] netlink: 8 bytes leftover after parsing attributes in process `syz.2.554'.
[  133.726102][ T7915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.554'.
[  133.730611][ T7915] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615)
[  133.736243][ T7915] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647
[  133.951143][   T24] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  134.111115][   T24] usb 6-1: Using ep0 maxpacket: 8
[  134.123026][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  134.127469][   T24] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  134.131482][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.141716][   T24] usb 6-1: config 0 descriptor??
[  134.357437][   T24] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  134.659218][ T7942] tun0: tun_chr_ioctl cmd 1074025675
[  134.660898][ T7942] tun0: persist disabled
[  134.823272][   T76] usb 6-1: USB disconnect, device number 9
[  135.361759][ T7951] ntfs3(sr0): Primary boot signature is not NTFS.
[  135.364167][ T7951] ntfs3(sr0): try to read out of volume at offset 0xf800
[  135.521144][   T76] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  135.633946][ T7959] 9pnet: Unknown protocol version 9p200
[  135.642316][ T7959] bridge_slave_0: left allmulticast mode
[  135.644092][ T7959] bridge_slave_0: left promiscuous mode
[  135.646132][ T7959] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.658750][ T7959] bridge_slave_1: left allmulticast mode
[  135.660749][ T7959] bridge_slave_1: left promiscuous mode
[  135.665904][ T7959] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.673107][ T7959] bond0: (slave bond_slave_0): Releasing backup interface
[  135.678218][ T7959] bond0: (slave bond_slave_1): Releasing backup interface
[  135.693930][ T7959] team0: Port device team_slave_0 removed
[  135.703752][ T7959] team0: Port device team_slave_1 removed
[  135.705998][ T7959] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.708520][ T7959] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.712832][ T7959] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  135.715147][ T7959] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.724033][ T7959] bond2: (slave wireguard0): Releasing backup interface
[  135.726159][ T7959] wireguard0: left promiscuous mode
[  135.733934][ T7959] bond3: (slave ip6erspan0): Releasing backup interface
[  135.774842][ T7959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.567'.
[  135.883896][   T76] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  135.887084][   T76] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  135.890006][   T76] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  135.893193][   T76] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.899045][ T7949] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  135.904560][   T76] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  136.259034][ T7976] netlink: 232 bytes leftover after parsing attributes in process `syz.2.572'.
[  136.326130][ T7981] fuse: Bad value for 'group_id'
[  136.327771][ T7981] fuse: Bad value for 'group_id'
[  136.334663][ T7981] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  136.664349][ T7993] netlink: 72 bytes leftover after parsing attributes in process `syz.2.578'.
[  136.825681][ T5300] Bluetooth: unknown link type 108
[  136.827229][ T5300] Bluetooth: hci1: connection err: -111
[  137.788125][ T8009] netlink: 4 bytes leftover after parsing attributes in process `syz.1.582'.
[  138.314364][ T8021] overlay: ./file0 is not a directory
[  138.565077][ T6002] usb 8-1: USB disconnect, device number 8
[  139.111147][ T5300] Bluetooth: unknown link type 108
[  139.113004][ T5300] Bluetooth: hci3: connection err: -111
[  139.909076][ T5300] Bluetooth: unknown link type 108
[  139.910739][ T5300] Bluetooth: hci2: connection err: -111
[  140.288054][ T8073] xt_bpf: check failed: parse error
[  140.373319][ T8078] capability: warning: `syz.2.603' uses 32-bit capabilities (legacy support in use)
[  140.420071][ T8081] tc_dump_action: action bad kind
[  141.286831][ T8095] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  141.404598][ T8103] fuse: Unknown parameter '000000000000000000030xffffffffffffffff'
[  141.900032][ T8123] can: request_module (can-proto-0) failed.
[  141.928985][ T8127] tc_dump_action: action bad kind
[  142.023585][ T8132] netlink: 16 bytes leftover after parsing attributes in process `syz.0.618'.
[  142.037986][ T8134] FAULT_INJECTION: forcing a failure.
[  142.037986][ T8134] name failslab, interval 1, probability 0, space 0, times 0
[  142.043361][ T8134] CPU: 1 UID: 0 PID: 8134 Comm: syz.1.619 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  142.043382][ T8134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  142.043391][ T8134] Call Trace:
[  142.043397][ T8134]  <TASK>
[  142.043403][ T8134]  dump_stack_lvl+0x16c/0x1f0
[  142.043446][ T8134]  should_fail_ex+0x512/0x640
[  142.043477][ T8134]  should_failslab+0xc2/0x120
[  142.043496][ T8134]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  142.043511][ T8134]  ? __lock_acquire+0x5ca/0x1ba0
[  142.043531][ T8134]  ? dst_alloc+0x99/0x1a0
[  142.043556][ T8134]  dst_alloc+0x99/0x1a0
[  142.043579][ T8134]  rt_dst_alloc+0x35/0x3a0
[  142.043600][ T8134]  ip_route_output_key_hash_rcu+0x87a/0x28f0
[  142.043629][ T8134]  ip_route_output_key_hash+0x137/0x2e0
[  142.043651][ T8134]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  142.043681][ T8134]  ? find_held_lock+0x2b/0x80
[  142.043700][ T8134]  ip_route_output_flow+0x27/0x150
[  142.043722][ T8134]  udp_sendmsg+0x1bc3/0x29e0
[  142.043743][ T8134]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  142.043764][ T8134]  ? __pfx_udp_sendmsg+0x10/0x10
[  142.043779][ T8134]  ? find_held_lock+0x2b/0x80
[  142.043810][ T8134]  ? __pfx___might_resched+0x10/0x10
[  142.043826][ T8134]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  142.043853][ T8134]  ? aa_sk_perm+0x2f4/0xb10
[  142.043880][ T8134]  ? __import_iovec+0x1c8/0x660
[  142.043903][ T8134]  ? __pfx_udp_sendmsg+0x10/0x10
[  142.043922][ T8134]  inet_sendmsg+0x105/0x140
[  142.043944][ T8134]  ____sys_sendmsg+0x973/0xc70
[  142.043967][ T8134]  ? __pfx_____sys_sendmsg+0x10/0x10
[  142.043986][ T8134]  ? get_compat_msghdr+0x11a/0x170
[  142.044008][ T8134]  ? find_held_lock+0x2b/0x80
[  142.044026][ T8134]  ___sys_sendmsg+0x134/0x1d0
[  142.044044][ T8134]  ? __pfx____sys_sendmsg+0x10/0x10
[  142.044089][ T8134]  ? __pfx___might_resched+0x10/0x10
[  142.044105][ T8134]  ? __sys_sendmmsg+0x30d/0x420
[  142.044124][ T8134]  __sys_sendmmsg+0x2f9/0x420
[  142.044144][ T8134]  ? __pfx___sys_sendmmsg+0x10/0x10
[  142.044168][ T8134]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  142.044200][ T8134]  ? fput+0x70/0xf0
[  142.044218][ T8134]  ? ksys_write+0x1b9/0x240
[  142.044232][ T8134]  ? __pfx_ksys_write+0x10/0x10
[  142.044251][ T8134]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  142.044268][ T8134]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  142.044290][ T8134]  __do_fast_syscall_32+0x73/0x120
[  142.044313][ T8134]  do_fast_syscall_32+0x32/0x80
[  142.044355][ T8134]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  142.044375][ T8134] RIP: 0023:0xf7f75579
[  142.044388][ T8134] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  142.044403][ T8134] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  142.044419][ T8134] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080007fc0
[  142.044429][ T8134] RDX: 000000000800001d RSI: 0000000000000000 RDI: 0000000000000000
[  142.044438][ T8134] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  142.044447][ T8134] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  142.044456][ T8134] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  142.044479][ T8134]  </TASK>
[  142.046586][ T8136] program syz.0.620 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  142.305419][ T8151] tc_dump_action: action bad kind
[  142.641081][ T1330] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  142.771075][  T835] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  142.811069][ T1330] usb 8-1: Using ep0 maxpacket: 32
[  142.813946][ T1330] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  142.817168][ T1330] usb 8-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  142.821976][ T1330] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  142.824796][ T1330] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.827292][ T1330] usb 8-1: Product: syz
[  142.828662][ T1330] usb 8-1: Manufacturer: syz
[  142.830619][ T1330] usb 8-1: SerialNumber: syz
[  142.931120][  T835] usb 7-1: Using ep0 maxpacket: 8
[  142.934474][  T835] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  142.938761][  T835] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  142.942576][  T835] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.947467][  T835] usb 7-1: config 0 descriptor??
[  143.038123][ T8155] netlink: 'syz.3.627': attribute type 2 has an invalid length.
[  143.058244][ T1330] cdc_ncm 8-1:1.0: bind() failure
[  143.064421][ T1330] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found
[  143.067233][ T1330] cdc_ncm 8-1:1.1: bind() failure
[  143.073568][ T1330] usb 8-1: USB disconnect, device number 9
[  143.158282][  T835] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  143.626562][  T835] usb 7-1: USB disconnect, device number 8
[  144.197425][ T8183] tc_dump_action: action bad kind
[  145.569806][ T8203] binder: 8202:8203 ioctl c0306201 80000540 returned -14
[  145.572942][ T8203] binder: 8202:8203 ioctl c0306201 80000340 returned -14
[  145.734120][ T8211] tipc: Started in network mode
[  145.736499][ T8211] tipc: Node identity aaaaaaaaaa3, cluster identity 4711
[  145.739634][ T8211] tipc: Enabled bearer <eth:ipvlan1>, priority 1
[  145.789819][ T8211] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  145.792045][ T8211] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  145.795591][ T8211] vhci_hcd vhci_hcd.0: Device attached
[  145.799744][ T8213] vhci_hcd: connection closed
[  145.799888][   T65] vhci_hcd: stop threads
[  145.803866][   T65] vhci_hcd: release socket
[  145.805878][   T65] vhci_hcd: disconnect device
[  146.634865][ T8228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.649'.
[  146.872213][  T835] tipc: Node number set to 10136234
[  147.265437][ T8244] 9pnet: p9_errstr2errno: server reported unknown error í<jqzÂPL¿�òóØáß<Òp—
[  147.564788][ T8265] netlink: 48 bytes leftover after parsing attributes in process `syz.1.662'.
[  147.967788][ T8277] tc_dump_action: action bad kind
[  148.581502][  T835] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  148.741116][  T835] usb 8-1: Using ep0 maxpacket: 8
[  148.744588][  T835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.748030][  T835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  148.751185][  T835] usb 8-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  148.753989][  T835] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.757684][  T835] usb 8-1: config 0 descriptor??
[  148.832710][ T5300] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[  148.840099][ T8296] netlink: 'syz.1.671': attribute type 6 has an invalid length.
[  148.843713][   T40] audit: type=1326 audit(2000000026.199:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8295 comm="syz.1.671" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f75579 code=0x0
[  149.736737][ T8311] netlink: 16 bytes leftover after parsing attributes in process `syz.2.677'.
[  149.741923][ T8311] netlink: 28 bytes leftover after parsing attributes in process `syz.2.677'.
[  149.891997][ T8319] tc_dump_action: action bad kind
[  149.983318][ T8324] 9pnet_virtio: no channels available for device syz
[  150.754995][ T5300] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  150.757370][ T8343] netlink: 'syz.2.685': attribute type 6 has an invalid length.
[  150.762097][   T40] audit: type=1326 audit(2000000028.109:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8342 comm="syz.2.685" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0
[  150.899123][ T8349] netlink: 28 bytes leftover after parsing attributes in process `syz.1.687'.
[  151.299386][  T835] usbhid 8-1:0.0: can't add hid device: -71
[  151.302016][  T835] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  151.305381][  T835] usb 8-1: USB disconnect, device number 10
[  151.807541][ T5300] Bluetooth: unknown link type 108
[  151.809863][ T5300] Bluetooth: hci2: connection err: -111
[  152.037852][ T8368] 9pnet_virtio: no channels available for device syz
[  152.193692][ T8358] netlink: 8 bytes leftover after parsing attributes in process `syz.3.690'.
[  152.196456][ T8358] netlink: 8 bytes leftover after parsing attributes in process `syz.3.690'.
[  152.224851][ T8370] tc_dump_action: action bad kind
[  152.440117][ T8373] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  152.478229][   T40] audit: type=1326 audit(2000000029.819:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8374 comm="syz.0.696" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  152.479618][ T8375] FAULT_INJECTION: forcing a failure.
[  152.479618][ T8375] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  152.489039][   T40] audit: type=1326 audit(2000000029.819:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8374 comm="syz.0.696" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  152.490850][ T8375] CPU: 0 UID: 0 PID: 8375 Comm: syz.0.696 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  152.490873][ T8375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  152.490883][ T8375] Call Trace:
[  152.490895][ T8375]  <TASK>
[  152.490901][ T8375]  dump_stack_lvl+0x16c/0x1f0
[  152.490941][ T8375]  should_fail_ex+0x512/0x640
[  152.490972][ T8375]  should_fail_alloc_page+0xe7/0x130
[  152.491012][ T8375]  prepare_alloc_pages+0x3c2/0x610
[  152.491041][ T8375]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  152.491062][ T8375]  ? __lock_acquire+0x5ca/0x1ba0
[  152.491087][ T8375]  ? __lock_acquire+0x5ca/0x1ba0
[  152.491111][ T8375]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  152.491140][ T8375]  ? find_held_lock+0x2b/0x80
[  152.491156][ T8375]  ? unwind_next_frame+0x3f4/0x20a0
[  152.491178][ T8375]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  152.491203][ T8375]  ? policy_nodemask+0xea/0x4e0
[  152.491225][ T8375]  alloc_pages_mpol+0x1fb/0x550
[  152.491245][ T8375]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  152.491266][ T8375]  ? __lock_acquire+0x5ca/0x1ba0
[  152.491291][ T8375]  folio_alloc_mpol_noprof+0x36/0x2f0
[  152.491315][ T8375]  vma_alloc_folio_noprof+0xed/0x1e0
[  152.491337][ T8375]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  152.491368][ T8375]  do_pte_missing+0x223d/0x3fb0
[  152.491392][ T8375]  __handle_mm_fault+0x103d/0x2a40
[  152.491414][ T8375]  ? __pfx___handle_mm_fault+0x10/0x10
[  152.491427][ T8375]  ? __pte_offset_map_lock+0x155/0x2f0
[  152.491448][ T8375]  ? find_held_lock+0x2b/0x80
[  152.491461][ T8375]  ? find_held_lock+0x2b/0x80
[  152.491490][ T8375]  handle_mm_fault+0x3fe/0xad0
[  152.491511][ T8375]  __get_user_pages+0x771/0x36f0
[  152.491545][ T8375]  ? __pfx___get_user_pages+0x10/0x10
[  152.491570][ T8375]  ? __pfx_down_read_killable+0x10/0x10
[  152.491600][ T8375]  get_user_pages_unlocked+0x1c1/0x780
[  152.491623][ T8375]  ? __pfx_get_user_pages_unlocked+0x10/0x10
[  152.491639][ T8375]  ? get_user_pages_fast_only+0xae/0xf0
[  152.491654][ T8375]  ? __pfx_get_user_pages_fast_only+0x10/0x10
[  152.491674][ T8375]  ? __pfx___might_resched+0x10/0x10
[  152.491688][ T8375]  hva_to_pfn+0x886/0xe40
[  152.491700][ T8375]  ? __lock_acquire+0x5ca/0x1ba0
[  152.491712][ T8375]  ? __pfx_hva_to_pfn+0x10/0x10
[  152.491723][ T8375]  ? __lock_acquire+0x5ca/0x1ba0
[  152.491737][ T8375]  ? lock_acquire+0x179/0x350
[  152.491755][ T8375]  kvm_follow_pfn+0x29f/0x3f0
[  152.491767][ T8375]  __kvm_faultin_pfn+0x11c/0x1a0
[  152.491778][ T8375]  ? __pfx___kvm_faultin_pfn+0x10/0x10
[  152.491788][ T8375]  ? __pfx_xa_load+0x10/0x10
[  152.491804][ T8375]  ? kvm_tdp_mmu_map+0x90b/0x1f70
[  152.491819][ T8375]  kvm_mmu_faultin_pfn+0x581/0x2170
[  152.491832][ T8375]  ? __pfx_fast_page_fault+0x10/0x10
[  152.491842][ T8375]  ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10
[  152.491853][ T8375]  ? __kvm_mmu_topup_memory_cache+0x332/0x600
[  152.491863][ T8375]  ? find_held_lock+0x2b/0x80
[  152.491876][ T8375]  kvm_tdp_page_fault+0x186/0x3f0
[  152.491891][ T8375]  kvm_mmu_do_page_fault+0x588/0x6c0
[  152.491905][ T8375]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  152.491923][ T8375]  ? find_held_lock+0x2b/0x80
[  152.491934][ T8375]  kvm_mmu_page_fault+0x225/0x1cb0
[  152.491949][ T8375]  ? kernel_text_address+0x8d/0x100
[  152.491964][ T8375]  ? __kernel_text_address+0xd/0x40
[  152.491978][ T8375]  ? unwind_get_return_address+0x59/0xa0
[  152.491991][ T8375]  ? __pfx_kvm_mmu_page_fault+0x10/0x10
[  152.492004][ T8375]  ? __lock_acquire+0xaa4/0x1ba0
[  152.492018][ T8375]  ? __vmx_complete_interrupts+0x238/0x4e0
[  152.492030][ T8375]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  152.492047][ T8375]  handle_ept_violation+0x254/0x640
[  152.492059][ T8375]  ? __pfx_handle_ept_violation+0x10/0x10
[  152.492071][ T8375]  vmx_handle_exit+0x6ab/0x1cc0
[  152.492085][ T8375]  vcpu_run+0x304c/0x5320
[  152.492105][ T8375]  ? __pfx_vcpu_run+0x10/0x10
[  152.492121][ T8375]  ? fpu_swap_kvm_fpstate+0x235/0x4a0
[  152.492133][ T8375]  ? __local_bh_enable_ip+0xa4/0x120
[  152.492147][ T8375]  ? kvm_arch_vcpu_ioctl_run+0x51c/0x18c0
[  152.492160][ T8375]  kvm_arch_vcpu_ioctl_run+0x51c/0x18c0
[  152.492178][ T8375]  kvm_vcpu_ioctl+0x5e9/0x1680
[  152.492195][ T8375]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  152.492209][ T8375]  ? tomoyo_path_number_perm+0x18d/0x580
[  152.492222][ T8375]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  152.492232][ T8375]  ? kasan_quarantine_put+0x10a/0x240
[  152.492242][ T8375]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  152.492255][ T8375]  ? do_vfs_ioctl+0x512/0x1990
[  152.492269][ T8375]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  152.492293][ T8375]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  152.492308][ T8375]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  152.492323][ T8375]  ? __fget_files+0x20e/0x3c0
[  152.492337][ T8375]  ? fput+0x70/0xf0
[  152.492350][ T8375]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  152.492366][ T8375]  __ia32_compat_sys_ioctl+0x24c/0x360
[  152.492381][ T8375]  __do_fast_syscall_32+0x73/0x120
[  152.492395][ T8375]  do_fast_syscall_32+0x32/0x80
[  152.492408][ T8375]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  152.492420][ T8375] RIP: 0023:0xf704e579
[  152.492429][ T8375] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  152.492438][ T8375] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  152.492448][ T8375] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  152.492454][ T8375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  152.492459][ T8375] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  152.492465][ T8375] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  152.492470][ T8375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  152.492488][ T8375]  </TASK>
[  152.679877][   T40] audit: type=1326 audit(2000000029.819:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8374 comm="syz.0.696" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf704e579 code=0x7ffc0000
[  152.688630][   T40] audit: type=1326 audit(2000000029.819:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8374 comm="syz.0.696" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf704e579 code=0x7ffc0000
[  152.696599][   T40] audit: type=1326 audit(2000000029.819:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8374 comm="syz.0.696" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf704e579 code=0x7ffc0000
[  152.704146][   T40] audit: type=1326 audit(2000000029.869:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8374 comm="syz.0.696" exe="/syz-executor" sig=0 arch=40000003 syscall=3 compat=1 ip=0xf704e579 code=0x7ffc0000
[  152.710594][   T40] audit: type=1326 audit(2000000029.869:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8374 comm="syz.0.696" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf704e579 code=0x7ffc0000
[  152.717149][   T40] audit: type=1326 audit(2000000029.869:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8374 comm="syz.0.696" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf704e579 code=0x7ffc0000
[  152.890958][ T5300] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  152.896755][ T8390] netlink: 'syz.2.700': attribute type 6 has an invalid length.
[  153.661082][ T5986] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  153.811101][ T5986] usb 8-1: Using ep0 maxpacket: 16
[  153.815171][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  153.821728][ T5986] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  153.825607][ T5986] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.829192][ T5986] usb 8-1: Product: syz
[  153.830795][ T5986] usb 8-1: Manufacturer: syz
[  153.832853][ T5986] usb 8-1: SerialNumber: syz
[  153.841390][ T5986] usb 8-1: config 0 descriptor??
[  153.847667][ T5986] hub 8-1:0.0: bad descriptor, ignoring hub
[  153.850287][ T5986] hub 8-1:0.0: probe with driver hub failed with error -5
[  153.858688][ T5986] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input11
[  154.093089][ T8418] tc_dump_action: action bad kind
[  154.609112][ T5300] Bluetooth: hci2: Unable to find connection with handle 0x00c8
[  154.614749][ T8430] netlink: 'syz.0.712': attribute type 6 has an invalid length.
[  154.618175][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  154.618184][   T40] audit: type=1326 audit(2000000031.959:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8429 comm="syz.0.712" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0
[  154.671632][ T5300] Bluetooth: unknown link type 108
[  154.673456][ T5300] Bluetooth: hci3: connection err: -111
[  155.486988][ T8437] overlayfs: missing 'lowerdir'
[  155.714878][ T8441] netlink: 48 bytes leftover after parsing attributes in process `syz.2.716'.
[  155.718699][ T8441] FAULT_INJECTION: forcing a failure.
[  155.718699][ T8441] name failslab, interval 1, probability 0, space 0, times 0
[  155.724050][ T8441] CPU: 2 UID: 0 PID: 8441 Comm: syz.2.716 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  155.724072][ T8441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  155.724082][ T8441] Call Trace:
[  155.724088][ T8441]  <TASK>
[  155.724094][ T8441]  dump_stack_lvl+0x16c/0x1f0
[  155.724114][ T8441]  should_fail_ex+0x512/0x640
[  155.724132][ T8441]  should_failslab+0xc2/0x120
[  155.724144][ T8441]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  155.724158][ T8441]  ? skb_clone+0x190/0x3f0
[  155.724172][ T8441]  skb_clone+0x190/0x3f0
[  155.724184][ T8441]  netlink_deliver_tap+0xabd/0xd30
[  155.724214][ T8441]  netlink_dump+0xb6d/0xd00
[  155.724227][ T8441]  ? __pfx_netlink_dump+0x10/0x10
[  155.724237][ T8441]  ? __rhashtable_lookup.constprop.0+0x3a5/0x760
[  155.724257][ T8441]  ? __pfx_netlink_lookup+0x10/0x10
[  155.724273][ T8441]  __netlink_dump_start+0x6d6/0x990
[  155.724285][ T8441]  ? __pfx_xfrm_dump_sa+0x10/0x10
[  155.724298][ T8441]  xfrm_user_rcv_msg+0x80e/0xb60
[  155.724319][ T8441]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  155.724332][ T8441]  ? __pfx_xfrm_dump_sa+0x10/0x10
[  155.724343][ T8441]  ? __pfx_xfrm_dump_sa_done+0x10/0x10
[  155.724356][ T8441]  ? consume_skb+0xcc/0x100
[  155.724385][ T8441]  ? __mutex_trylock_common+0xe9/0x250
[  155.724400][ T8441]  ? __pfx___mutex_trylock_common+0x10/0x10
[  155.724416][ T8441]  netlink_rcv_skb+0x16a/0x440
[  155.724428][ T8441]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  155.724441][ T8441]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  155.724463][ T8441]  ? netlink_deliver_tap+0x1ae/0xd30
[  155.724477][ T8441]  xfrm_netlink_rcv+0x71/0x90
[  155.724488][ T8441]  netlink_unicast+0x53a/0x7f0
[  155.724501][ T8441]  ? __pfx_netlink_unicast+0x10/0x10
[  155.724517][ T8441]  netlink_sendmsg+0x8d1/0xdd0
[  155.724530][ T8441]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.724543][ T8441]  ? __import_iovec+0x1c8/0x660
[  155.724561][ T8441]  ____sys_sendmsg+0xa95/0xc70
[  155.724577][ T8441]  ? __pfx_____sys_sendmsg+0x10/0x10
[  155.724595][ T8441]  ? get_compat_msghdr+0x11a/0x170
[  155.724621][ T8441]  ___sys_sendmsg+0x134/0x1d0
[  155.724641][ T8441]  ? __pfx____sys_sendmsg+0x10/0x10
[  155.724690][ T8441]  __sys_sendmsg+0x16d/0x220
[  155.724707][ T8441]  ? __pfx___sys_sendmsg+0x10/0x10
[  155.724724][ T8441]  ? rcu_is_watching+0x12/0xc0
[  155.724736][ T8441]  __do_fast_syscall_32+0x73/0x120
[  155.724750][ T8441]  do_fast_syscall_32+0x32/0x80
[  155.724764][ T8441]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  155.724776][ T8441] RIP: 0023:0xf710e579
[  155.724784][ T8441] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  155.724794][ T8441] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  155.724803][ T8441] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  155.724809][ T8441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  155.724815][ T8441] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  155.724821][ T8441] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  155.724830][ T8441] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  155.724850][ T8441]  </TASK>
[  156.081931][ T8457] tc_dump_action: action bad kind
[  156.093881][ T5300] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  156.099123][ T8459] netlink: 'syz.2.722': attribute type 6 has an invalid length.
[  156.107652][   T40] audit: type=1326 audit(2000000033.449:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8458 comm="syz.2.722" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0
[  156.541413][ T5869] usb 8-1: USB disconnect, device number 11
[  156.955540][ T8475] netlink: 'syz.1.725': attribute type 1 has an invalid length.
[  157.022175][ T8475] 8021q: adding VLAN 0 to HW filter on device bond2
[  157.099377][ T8482] 9pnet_virtio: no channels available for device syz
[  157.411599][ T8473] syz.0.724 (8473) used greatest stack depth: 20968 bytes left
[  157.849509][ T8493] netlink: 'syz.3.729': attribute type 1 has an invalid length.
[  157.872514][ T8493] 8021q: adding VLAN 0 to HW filter on device bond2
[  158.286470][ T8508] tc_dump_action: action bad kind
[  158.369080][ T5300] Bluetooth: unknown link type 108
[  158.371625][ T5300] Bluetooth: hci2: connection err: -111
[  159.014986][ T5300] Bluetooth: hci0: Unable to find connection with handle 0x00c8
[  159.017581][ T8515] netlink: 'syz.3.737': attribute type 6 has an invalid length.
[  159.023791][   T40] audit: type=1326 audit(2000000036.369:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8514 comm="syz.3.737" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70ee579 code=0x0
[  159.345886][ T8521] 9pnet_virtio: no channels available for device syz
[  159.745119][ T8525] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  159.748738][ T8525] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  159.982975][ T8534] wg1: entered promiscuous mode
[  159.987061][ T8534] wg1: entered allmulticast mode
[  160.480837][ T8547] 9pnet_virtio: no channels available for device syz
[  161.173516][ T8553] 9pnet_virtio: no channels available for device syz
[  161.265332][ T5300] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  161.267458][ T8556] netlink: 'syz.2.751': attribute type 6 has an invalid length.
[  161.270863][   T40] audit: type=1326 audit(2000000038.609:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8555 comm="syz.2.751" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0
[  161.459193][ T8567] ubi: mtd0 is already attached to ubi31
[  161.872236][ T8573] netlink: 'syz.3.763': attribute type 1 has an invalid length.
[  161.885706][ T8573] 8021q: adding VLAN 0 to HW filter on device bond3
[  162.735851][ T8589] FAULT_INJECTION: forcing a failure.
[  162.735851][ T8589] name failslab, interval 1, probability 0, space 0, times 0
[  162.740292][ T8589] CPU: 2 UID: 0 PID: 8589 Comm: syz.1.759 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  162.740316][ T8589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  162.740324][ T8589] Call Trace:
[  162.740328][ T8589]  <TASK>
[  162.740332][ T8589]  dump_stack_lvl+0x16c/0x1f0
[  162.740349][ T8589]  should_fail_ex+0x512/0x640
[  162.740363][ T8589]  ? fs_reclaim_acquire+0xae/0x150
[  162.740379][ T8589]  ? tomoyo_encode2+0x100/0x3e0
[  162.740391][ T8589]  should_failslab+0xc2/0x120
[  162.740403][ T8589]  __kmalloc_noprof+0xd2/0x510
[  162.740413][ T8589]  ? d_absolute_path+0x136/0x1a0
[  162.740428][ T8589]  tomoyo_encode2+0x100/0x3e0
[  162.740442][ T8589]  tomoyo_encode+0x29/0x50
[  162.740454][ T8589]  tomoyo_realpath_from_path+0x18f/0x6e0
[  162.740472][ T8589]  tomoyo_path_number_perm+0x245/0x580
[  162.740482][ T8589]  ? tomoyo_path_number_perm+0x237/0x580
[  162.740495][ T8589]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  162.740520][ T8589]  ? find_held_lock+0x2b/0x80
[  162.740530][ T8589]  ? hook_file_ioctl_common+0x145/0x410
[  162.740545][ T8589]  ? __fget_files+0x204/0x3c0
[  162.740562][ T8589]  ? __fget_files+0x20e/0x3c0
[  162.740575][ T8589]  ? fput+0x70/0xf0
[  162.740589][ T8589]  security_file_ioctl_compat+0x9b/0x240
[  162.740602][ T8589]  __ia32_compat_sys_ioctl+0xc3/0x360
[  162.740618][ T8589]  __do_fast_syscall_32+0x73/0x120
[  162.740632][ T8589]  do_fast_syscall_32+0x32/0x80
[  162.740645][ T8589]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  162.740658][ T8589] RIP: 0023:0xf7f75579
[  162.740666][ T8589] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  162.740676][ T8589] RSP: 002b:00000000f507555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  162.740686][ T8589] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000400455c8
[  162.740692][ T8589] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  162.740697][ T8589] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  162.740703][ T8589] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  162.740708][ T8589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  162.740721][ T8589]  </TASK>
[  162.740806][ T8589] ERROR: Out of memory at tomoyo_realpath_from_path.
[  162.820832][ T8590] Bluetooth: (null): Invalid header checksum
[  162.923635][ T1141] Bluetooth: (null): Invalid header checksum
[  162.926242][ T1141] Bluetooth: (null): Invalid header checksum
[  163.031504][ T1141] Bluetooth: (null): Invalid header checksum
[  163.142367][   T65] Bluetooth: (null): Invalid header checksum
[  163.251366][ T1141] Bluetooth: (null): Invalid header checksum
[  163.273662][ T8604] ubi: mtd0 is already attached to ubi31
[  163.362770][   T12] Bluetooth: (null): Invalid header checksum
[  163.426698][ T5954] Bluetooth: hci0: Unable to find connection with handle 0x00c8
[  163.429012][ T8610] netlink: 'syz.3.767': attribute type 6 has an invalid length.
[  163.433919][   T40] audit: type=1326 audit(2000000040.779:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8609 comm="syz.3.767" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70ee579 code=0x0
[  163.473491][   T13] Bluetooth: (null): Invalid header checksum
[  163.519658][ T8613] tc_dump_action: action bad kind
[  163.934583][ T8627] FAULT_INJECTION: forcing a failure.
[  163.934583][ T8627] name failslab, interval 1, probability 0, space 0, times 0
[  163.951243][ T8627] CPU: 1 UID: 0 PID: 8627 Comm: syz.1.772 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  163.951269][ T8627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.951277][ T8627] Call Trace:
[  163.951288][ T8627]  <TASK>
[  163.951293][ T8627]  dump_stack_lvl+0x16c/0x1f0
[  163.951332][ T8627]  should_fail_ex+0x512/0x640
[  163.951349][ T8627]  ? fs_reclaim_acquire+0xae/0x150
[  163.951365][ T8627]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  163.951379][ T8627]  should_failslab+0xc2/0x120
[  163.951392][ T8627]  __kmalloc_noprof+0xd2/0x510
[  163.951406][ T8627]  tomoyo_realpath_from_path+0xc2/0x6e0
[  163.951421][ T8627]  ? tomoyo_profile+0x47/0x60
[  163.951437][ T8627]  tomoyo_path_number_perm+0x245/0x580
[  163.951448][ T8627]  ? tomoyo_path_number_perm+0x237/0x580
[  163.951464][ T8627]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  163.951490][ T8627]  ? find_held_lock+0x2b/0x80
[  163.951499][ T8627]  ? hook_file_ioctl_common+0x145/0x410
[  163.951509][ T8627]  ? __fget_files+0x204/0x3c0
[  163.951527][ T8627]  ? __fget_files+0x20e/0x3c0
[  163.951540][ T8627]  ? fput+0x70/0xf0
[  163.951553][ T8627]  security_file_ioctl_compat+0x9b/0x240
[  163.951567][ T8627]  __ia32_compat_sys_ioctl+0xc3/0x360
[  163.951582][ T8627]  __do_fast_syscall_32+0x73/0x120
[  163.951597][ T8627]  do_fast_syscall_32+0x32/0x80
[  163.951610][ T8627]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  163.951622][ T8627] RIP: 0023:0xf7f75579
[  163.951631][ T8627] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  163.951641][ T8627] RSP: 002b:00000000f505455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  163.951651][ T8627] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80
[  163.951657][ T8627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  163.951663][ T8627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  163.951668][ T8627] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  163.951674][ T8627] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  163.951691][ T8627]  </TASK>
[  163.954734][ T8627] ERROR: Out of memory at tomoyo_realpath_from_path.
[  164.721139][ T5954] Bluetooth: hci4: command 0x1003 tx timeout
[  164.721522][ T5300] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  164.794650][ T8645] tc_dump_action: action bad kind
[  164.837204][ T8643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.775'.
[  165.664362][ T8660] netlink: 'syz.1.781': attribute type 6 has an invalid length.
[  165.667951][ T5300] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[  165.670660][   T40] audit: type=1326 audit(2000000043.009:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.781" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f75579 code=0x0
[  165.952181][ T8675] netlink: 24 bytes leftover after parsing attributes in process `syz.0.784'.
[  166.115721][ T8684] tc_dump_action: action bad kind
[  167.005640][ T8697] FAULT_INJECTION: forcing a failure.
[  167.005640][ T8697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  167.010890][ T8697] CPU: 3 UID: 0 PID: 8697 Comm: syz.0.793 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  167.010905][ T8697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  167.010910][ T8697] Call Trace:
[  167.010914][ T8697]  <TASK>
[  167.010918][ T8697]  dump_stack_lvl+0x16c/0x1f0
[  167.010949][ T8697]  should_fail_ex+0x512/0x640
[  167.010970][ T8697]  _copy_from_user+0x2e/0xd0
[  167.010997][ T8697]  __sys_bpf+0x21d/0x4d80
[  167.011014][ T8697]  ? __pfx___sys_bpf+0x10/0x10
[  167.011028][ T8697]  ? ksys_write+0x190/0x240
[  167.011040][ T8697]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  167.011061][ T8697]  ? fput+0x70/0xf0
[  167.011072][ T8697]  ? ksys_write+0x1b9/0x240
[  167.011081][ T8697]  ? __pfx_ksys_write+0x10/0x10
[  167.011092][ T8697]  __ia32_sys_bpf+0x76/0xe0
[  167.011107][ T8697]  __do_fast_syscall_32+0x73/0x120
[  167.011121][ T8697]  do_fast_syscall_32+0x32/0x80
[  167.011134][ T8697]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  167.011147][ T8697] RIP: 0023:0xf704e579
[  167.011154][ T8697] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  167.011164][ T8697] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  167.011174][ T8697] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000240
[  167.011180][ T8697] RDX: 0000000000000057 RSI: 0000000000000000 RDI: 0000000000000000
[  167.011185][ T8697] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  167.011191][ T8697] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  167.011196][ T8697] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  167.011209][ T8697]  </TASK>
[  167.357158][ T5869] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  167.369970][ T5300] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  167.373330][ T8709] netlink: 'syz.2.798': attribute type 6 has an invalid length.
[  167.376760][   T40] audit: type=1326 audit(2000000044.719:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8708 comm="syz.2.798" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0
[  167.521208][ T5869] usb 8-1: Using ep0 maxpacket: 8
[  167.525341][ T5869] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  167.528970][ T5869] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  167.532698][ T5869] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.536925][ T5869] usb 8-1: config 0 descriptor??
[  167.630769][ T8718] tc_dump_action: action bad kind
[  167.746806][ T5869] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  168.217742][   T76] usb 8-1: USB disconnect, device number 12
[  168.786781][ T8751] can: request_module (can-proto-5) failed.
[  169.016287][ T8759] serio: Serial port ptm0
[  169.073247][ T8763] tc_dump_action: action bad kind
[  169.796845][ T1017] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  169.933261][ T8776] FAULT_INJECTION: forcing a failure.
[  169.933261][ T8776] name failslab, interval 1, probability 0, space 0, times 0
[  169.937115][ T8776] CPU: 1 UID: 0 PID: 8776 Comm: syz.2.819 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  169.937141][ T8776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  169.937148][ T8776] Call Trace:
[  169.937152][ T8776]  <TASK>
[  169.937157][ T8776]  dump_stack_lvl+0x16c/0x1f0
[  169.937174][ T8776]  should_fail_ex+0x512/0x640
[  169.937188][ T8776]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  169.937201][ T8776]  should_failslab+0xc2/0x120
[  169.937214][ T8776]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  169.937225][ T8776]  ? mas_alloc_nodes+0x18b/0x8b0
[  169.937236][ T8776]  ? __lock_acquire+0xaa4/0x1ba0
[  169.937254][ T8776]  mas_alloc_nodes+0x18b/0x8b0
[  169.937269][ T8776]  mas_node_count_gfp+0x105/0x130
[  169.937281][ T8776]  mas_preallocate+0x53e/0xcd0
[  169.937298][ T8776]  ? __pfx_mas_preallocate+0x10/0x10
[  169.937312][ T8776]  ? lockdep_hardirqs_on+0x7c/0x110
[  169.937332][ T8776]  vma_link+0x135/0x6a0
[  169.937344][ T8776]  ? __pfx_vma_link+0x10/0x10
[  169.937363][ T8776]  insert_vm_struct+0x196/0x3e0
[  169.937378][ T8776]  ? __pfx_insert_vm_struct+0x10/0x10
[  169.937394][ T8776]  ? lockdep_init_map_type+0x5c/0x280
[  169.937408][ T8776]  alloc_bprm+0x76d/0xdd0
[  169.937425][ T8776]  do_execveat_common.isra.0+0x1ce/0x610
[  169.937443][ T8776]  __ia32_compat_sys_execveat+0xe0/0x120
[  169.937460][ T8776]  __do_fast_syscall_32+0x73/0x120
[  169.937474][ T8776]  do_fast_syscall_32+0x32/0x80
[  169.937487][ T8776]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  169.937501][ T8776] RIP: 0023:0xf710e579
[  169.937508][ T8776] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  169.937518][ T8776] RSP: 002b:00000000f50bc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000166
[  169.937527][ T8776] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000000
[  169.937534][ T8776] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001000
[  169.937540][ T8776] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  169.937545][ T8776] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  169.937550][ T8776] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  169.937563][ T8776]  </TASK>
[  170.010823][    C1] vkms_vblank_simulate: vblank timer overrun
[  170.013410][ T1017] usb 6-1: Using ep0 maxpacket: 16
[  170.015845][ T6002] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  170.023878][ T1017] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  170.036320][ T1017] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  170.039050][ T1017] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.041490][ T1017] usb 6-1: Product: syz
[  170.042801][ T1017] usb 6-1: Manufacturer: syz
[  170.044276][ T1017] usb 6-1: SerialNumber: syz
[  170.051750][ T1017] usb 6-1: config 0 descriptor??
[  170.058426][ T1017] hub 6-1:0.0: bad descriptor, ignoring hub
[  170.060226][ T1017] hub 6-1:0.0: probe with driver hub failed with error -5
[  170.069559][ T1017] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input12
[  170.191088][ T6002] usb 8-1: Using ep0 maxpacket: 8
[  170.197912][ T6002] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  170.201141][ T6002] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  170.203843][ T6002] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.211238][ T6002] usb 8-1: config 0 descriptor??
[  170.428865][ T6002] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  170.492267][ T5986] usb 6-1: USB disconnect, device number 10
[  170.893050][ T5986] usb 8-1: USB disconnect, device number 13
[  171.055024][ T8793] ubi: mtd0 is already attached to ubi31
[  171.097716][ T8797] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  171.100511][ T8797] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  171.106944][ T8797] vhci_hcd vhci_hcd.0: Device attached
[  171.163174][ T8802] af_packet: tpacket_rcv: packet too big, clamped from 108 to 4294967272. macoff=96
[  171.293571][ T5984] vhci_hcd: vhci_device speed not set
[  171.351167][ T5984] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[  171.430420][ T5300] Bluetooth: hci2: Unable to find connection with handle 0x00c8
[  171.433320][ T8807] 9pnet_virtio: no channels available for device syz
[  171.438816][ T8808] netlink: 'syz.0.828': attribute type 6 has an invalid length.
[  171.444309][   T40] audit: type=1326 audit(2000000048.789:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8806 comm="syz.0.828" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0
[  171.731281][ T8824] ubi: mtd0 is already attached to ubi31
[  171.923066][ T8798] vhci_hcd: connection reset by peer
[  171.931809][   T13] vhci_hcd: stop threads
[  171.934739][   T13] vhci_hcd: release socket
[  171.939482][   T13] vhci_hcd: disconnect device
[  172.231306][ T1330] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  172.391120][ T1330] usb 8-1: Using ep0 maxpacket: 8
[  172.394065][ T1330] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  172.398588][ T1330] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  172.403450][ T1330] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.412379][ T1330] usb 8-1: config 0 descriptor??
[  172.620640][ T1330] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  173.088588][ T1330] usb 8-1: USB disconnect, device number 14
[  173.214864][ T8863] netlink: 'syz.2.845': attribute type 1 has an invalid length.
[  173.232597][ T8863] 8021q: adding VLAN 0 to HW filter on device bond6
[  173.259552][ T5300] Bluetooth: hci2: Unable to find connection with handle 0x00c8
[  173.264805][ T8869] netlink: 'syz.0.847': attribute type 6 has an invalid length.
[  173.268035][   T40] audit: type=1326 audit(2000000050.609:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8868 comm="syz.0.847" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf704e579 code=0x0
[  173.350551][ T8872] can: request_module (can-proto-5) failed.
[  173.628028][ T8876] FAULT_INJECTION: forcing a failure.
[  173.628028][ T8876] name failslab, interval 1, probability 0, space 0, times 0
[  173.632777][ T8876] CPU: 0 UID: 0 PID: 8876 Comm: syz.3.849 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  173.632800][ T8876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  173.632810][ T8876] Call Trace:
[  173.632815][ T8876]  <TASK>
[  173.632820][ T8876]  dump_stack_lvl+0x16c/0x1f0
[  173.632837][ T8876]  should_fail_ex+0x512/0x640
[  173.632851][ T8876]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  173.632864][ T8876]  should_failslab+0xc2/0x120
[  173.632876][ T8876]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  173.632887][ T8876]  ? __alloc_skb+0x2b2/0x380
[  173.632899][ T8876]  __alloc_skb+0x2b2/0x380
[  173.632909][ T8876]  ? __pfx___alloc_skb+0x10/0x10
[  173.632917][ T8876]  ? aa_sk_perm+0x2f4/0xb10
[  173.632930][ T8876]  ? __pfx_aa_sk_perm+0x10/0x10
[  173.632943][ T8876]  pfkey_sendmsg+0x16e/0x850
[  173.632961][ T8876]  ____sys_sendmsg+0xa95/0xc70
[  173.632974][ T8876]  ? gfs2_inode_lookup+0x450/0x8a0
[  173.632986][ T8876]  ? __pfx_____sys_sendmsg+0x10/0x10
[  173.632999][ T8876]  ? get_compat_msghdr+0x11a/0x170
[  173.633015][ T8876]  ___sys_sendmsg+0x134/0x1d0
[  173.633027][ T8876]  ? __pfx____sys_sendmsg+0x10/0x10
[  173.633053][ T8876]  __sys_sendmsg+0x16d/0x220
[  173.633064][ T8876]  ? __pfx___sys_sendmsg+0x10/0x10
[  173.633084][ T8876]  ? rcu_is_watching+0x12/0xc0
[  173.633102][ T8876]  __do_fast_syscall_32+0x73/0x120
[  173.633126][ T8876]  do_fast_syscall_32+0x32/0x80
[  173.633147][ T8876]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  173.633168][ T8876] RIP: 0023:0xf70ee579
[  173.633180][ T8876] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  173.633190][ T8876] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  173.633200][ T8876] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  173.633206][ T8876] RDX: 0000000004000080 RSI: 0000000000000000 RDI: 0000000000000000
[  173.633212][ T8876] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  173.633217][ T8876] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  173.633223][ T8876] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  173.633235][ T8876]  </TASK>
[  173.795176][   T40] audit: type=1326 audit(2000000051.139:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  173.804156][   T40] audit: type=1326 audit(2000000051.139:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  173.814136][   T40] audit: type=1326 audit(2000000051.139:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  173.824330][   T40] audit: type=1326 audit(2000000051.139:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  173.831242][   T40] audit: type=1326 audit(2000000051.139:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  173.837689][   T40] audit: type=1326 audit(2000000051.139:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  173.845344][   T40] audit: type=1326 audit(2000000051.139:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  173.853200][   T40] audit: type=1326 audit(2000000051.139:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  173.859825][   T40] audit: type=1326 audit(2000000051.139:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f75579 code=0x7ffc0000
[  174.401108][  T835] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  174.531223][  T835] usb 8-1: device descriptor read/64, error -71
[  174.766517][ T8915] FAULT_INJECTION: forcing a failure.
[  174.766517][ T8915] name failslab, interval 1, probability 0, space 0, times 0
[  174.801315][  T835] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  174.803786][ T8915] CPU: 1 UID: 0 PID: 8915 Comm: syz.2.861 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  174.803802][ T8915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  174.803807][ T8915] Call Trace:
[  174.803811][ T8915]  <TASK>
[  174.803815][ T8915]  dump_stack_lvl+0x16c/0x1f0
[  174.803845][ T8915]  should_fail_ex+0x512/0x640
[  174.803859][ T8915]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  174.803877][ T8915]  should_failslab+0xc2/0x120
[  174.803889][ T8915]  __kmalloc_cache_noprof+0x6a/0x3e0
[  174.803904][ T8915]  ? get_mm_exe_file+0x8a/0x1a0
[  174.803916][ T8915]  ? landlock_init_hierarchy_log+0xa7/0x810
[  174.803932][ T8915]  landlock_init_hierarchy_log+0xa7/0x810
[  174.803947][ T8915]  landlock_merge_ruleset+0x6e1/0x870
[  174.803956][ T8915]  ? prepare_creds+0x583/0x7d0
[  174.803971][ T8915]  __do_sys_landlock_restrict_self+0x2a2/0x910
[  174.803988][ T8915]  __do_fast_syscall_32+0x73/0x120
[  174.804002][ T8915]  do_fast_syscall_32+0x32/0x80
[  174.804016][ T8915]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  174.804028][ T8915] RIP: 0023:0xf710e579
[  174.804036][ T8915] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  174.804045][ T8915] RSP: 002b:00000000f50bc55c EFLAGS: 00000296 ORIG_RAX: 00000000000001be
[  174.804055][ T8915] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000000
[  174.804061][ T8915] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  174.804067][ T8915] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  174.804072][ T8915] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  174.804078][ T8915] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  174.804090][ T8915]  </TASK>
[  175.012040][  T835] usb 8-1: device descriptor read/64, error -71
[  175.123061][  T835] usb usb8-port1: attempt power cycle
[  175.161389][ T8925] tc_dump_action: action bad kind
[  175.184122][ T8925] 9pnet_fd: Insufficient options for proto=fd
[  175.471157][  T835] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  175.491609][  T835] usb 8-1: device descriptor read/8, error -71
[  175.741667][  T835] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  175.761698][  T835] usb 8-1: device descriptor read/8, error -71
[  175.871716][  T835] usb usb8-port1: unable to enumerate USB device
[  176.471154][ T5984] vhci_hcd: vhci_device speed not set
[  176.495170][ T8954] tc_dump_action: action bad kind
[  176.529975][ T8954] 9pnet_fd: Insufficient options for proto=fd
[  176.561847][ T8959] loop7: detected capacity change from 0 to 16384
[  176.806863][ T8978] xt_recent: hitcount (4294967293) is larger than allowed maximum (65535)
[  177.007848][ T8989] FAULT_INJECTION: forcing a failure.
[  177.007848][ T8989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.012010][ T8989] CPU: 3 UID: 0 PID: 8989 Comm: syz.1.886 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  177.012024][ T8989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  177.012030][ T8989] Call Trace:
[  177.012034][ T8989]  <TASK>
[  177.012038][ T8989]  dump_stack_lvl+0x16c/0x1f0
[  177.012068][ T8989]  should_fail_ex+0x512/0x640
[  177.012088][ T8989]  _copy_to_user+0x32/0xd0
[  177.012104][ T8989]  __ia32_compat_sys_rt_sigpending+0x123/0x1e0
[  177.012117][ T8989]  ? __pfx___ia32_compat_sys_rt_sigpending+0x10/0x10
[  177.012128][ T8989]  ? rcu_is_watching+0x12/0xc0
[  177.012139][ T8989]  __do_fast_syscall_32+0x73/0x120
[  177.012168][ T8989]  do_fast_syscall_32+0x32/0x80
[  177.012181][ T8989]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  177.012194][ T8989] RIP: 0023:0xf7f75579
[  177.012203][ T8989] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  177.012212][ T8989] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 00000000000000b0
[  177.012222][ T8989] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  177.012228][ T8989] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  177.012233][ T8989] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  177.012239][ T8989] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  177.012244][ T8989] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  177.012256][ T8989]  </TASK>
[  177.114586][ T8995] FAULT_INJECTION: forcing a failure.
[  177.114586][ T8995] name failslab, interval 1, probability 0, space 0, times 0
[  177.118414][ T8995] CPU: 1 UID: 0 PID: 8995 Comm: syz.3.889 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  177.118432][ T8995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  177.118438][ T8995] Call Trace:
[  177.118442][ T8995]  <TASK>
[  177.118446][ T8995]  dump_stack_lvl+0x16c/0x1f0
[  177.118463][ T8995]  should_fail_ex+0x512/0x640
[  177.118476][ T8995]  ? __kmalloc_node_noprof+0xc5/0x500
[  177.118489][ T8995]  should_failslab+0xc2/0x120
[  177.118502][ T8995]  __kmalloc_node_noprof+0xd8/0x500
[  177.118513][ T8995]  ? __vmalloc_node_range_noprof+0x3eb/0x1540
[  177.118531][ T8995]  __vmalloc_node_range_noprof+0x3eb/0x1540
[  177.118545][ T8995]  ? find_held_lock+0x2b/0x80
[  177.118555][ T8995]  ? rcu_read_unlock+0x17/0x60
[  177.118570][ T8995]  ? bpf_check+0x1e4/0xb460
[  177.118583][ T8995]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  177.118599][ T8995]  ? rcu_is_watching+0x12/0xc0
[  177.118608][ T8995]  ? trace_kmalloc+0x2b/0xd0
[  177.118620][ T8995]  ? __kvmalloc_node_noprof.cold+0x60/0x65
[  177.118633][ T8995]  ? rcu_is_watching+0x12/0xc0
[  177.118641][ T8995]  ? ktime_get+0x200/0x310
[  177.118651][ T8995]  ? bpf_check+0x1e4/0xb460
[  177.118661][ T8995]  vzalloc_noprof+0x6b/0x90
[  177.118676][ T8995]  ? bpf_check+0x1e4/0xb460
[  177.118686][ T8995]  bpf_check+0x1e4/0xb460
[  177.118696][ T8995]  ? __mutex_trylock_common+0xe9/0x250
[  177.118711][ T8995]  ? __mutex_trylock_common+0xe9/0x250
[  177.118727][ T8995]  ? __lock_acquire+0x5ca/0x1ba0
[  177.118739][ T8995]  ? __pfx_bpf_check+0x10/0x10
[  177.118749][ T8995]  ? pcpu_alloc_noprof+0x949/0x1470
[  177.118765][ T8995]  ? __lock_acquire+0xaa4/0x1ba0
[  177.118783][ T8995]  ? find_held_lock+0x2b/0x80
[  177.118793][ T8995]  ? rcu_is_watching+0x12/0xc0
[  177.118801][ T8995]  ? ktime_get_with_offset+0x26e/0x3b0
[  177.118812][ T8995]  ? __asan_memset+0x23/0x50
[  177.118827][ T8995]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  177.118841][ T8995]  bpf_prog_load+0xe41/0x2490
[  177.118857][ T8995]  ? __pfx_bpf_prog_load+0x10/0x10
[  177.118880][ T8995]  ? bpf_lsm_bpf+0x9/0x10
[  177.118891][ T8995]  __sys_bpf+0x433c/0x4d80
[  177.118905][ T8995]  ? __pfx___sys_bpf+0x10/0x10
[  177.118919][ T8995]  ? ksys_write+0x190/0x240
[  177.118930][ T8995]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  177.118951][ T8995]  ? fput+0x70/0xf0
[  177.118962][ T8995]  ? ksys_write+0x1b9/0x240
[  177.118970][ T8995]  ? __pfx_ksys_write+0x10/0x10
[  177.118982][ T8995]  __ia32_sys_bpf+0x76/0xe0
[  177.118996][ T8995]  __do_fast_syscall_32+0x73/0x120
[  177.119010][ T8995]  do_fast_syscall_32+0x32/0x80
[  177.119023][ T8995]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  177.119035][ T8995] RIP: 0023:0xf70ee579
[  177.119043][ T8995] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  177.119052][ T8995] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  177.119062][ T8995] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000200
[  177.119068][ T8995] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  177.119074][ T8995] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  177.119079][ T8995] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  177.119085][ T8995] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  177.119096][ T8995]  </TASK>
[  177.119101][ T8995] syz.3.889: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  177.232335][ T8995] CPU: 3 UID: 0 PID: 8995 Comm: syz.3.889 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  177.232351][ T8995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  177.232357][ T8995] Call Trace:
[  177.232361][ T8995]  <TASK>
[  177.232365][ T8995]  dump_stack_lvl+0x16c/0x1f0
[  177.232382][ T8995]  warn_alloc+0x248/0x3a0
[  177.232395][ T8995]  ? __pfx_warn_alloc+0x10/0x10
[  177.232404][ T8995]  ? dump_stack_lvl+0x185/0x1f0
[  177.232420][ T8995]  ? rcu_is_watching+0x12/0xc0
[  177.232430][ T8995]  ? __kmalloc_node_noprof+0x23b/0x500
[  177.232444][ T8995]  __vmalloc_node_range_noprof+0x1110/0x1540
[  177.232460][ T8995]  ? find_held_lock+0x2b/0x80
[  177.232470][ T8995]  ? rcu_read_unlock+0x17/0x60
[  177.232484][ T8995]  ? bpf_check+0x1e4/0xb460
[  177.232498][ T8995]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  177.232514][ T8995]  ? rcu_is_watching+0x12/0xc0
[  177.232522][ T8995]  ? trace_kmalloc+0x2b/0xd0
[  177.232534][ T8995]  ? __kvmalloc_node_noprof.cold+0x60/0x65
[  177.232547][ T8995]  ? rcu_is_watching+0x12/0xc0
[  177.232555][ T8995]  ? ktime_get+0x200/0x310
[  177.232566][ T8995]  ? bpf_check+0x1e4/0xb460
[  177.232576][ T8995]  vzalloc_noprof+0x6b/0x90
[  177.232591][ T8995]  ? bpf_check+0x1e4/0xb460
[  177.232600][ T8995]  bpf_check+0x1e4/0xb460
[  177.232610][ T8995]  ? __mutex_trylock_common+0xe9/0x250
[  177.232626][ T8995]  ? __mutex_trylock_common+0xe9/0x250
[  177.232642][ T8995]  ? __lock_acquire+0x5ca/0x1ba0
[  177.232654][ T8995]  ? __pfx_bpf_check+0x10/0x10
[  177.232664][ T8995]  ? pcpu_alloc_noprof+0x949/0x1470
[  177.232680][ T8995]  ? __lock_acquire+0xaa4/0x1ba0
[  177.232698][ T8995]  ? find_held_lock+0x2b/0x80
[  177.232708][ T8995]  ? rcu_is_watching+0x12/0xc0
[  177.232716][ T8995]  ? ktime_get_with_offset+0x26e/0x3b0
[  177.232727][ T8995]  ? __asan_memset+0x23/0x50
[  177.232743][ T8995]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  177.232758][ T8995]  bpf_prog_load+0xe41/0x2490
[  177.232774][ T8995]  ? __pfx_bpf_prog_load+0x10/0x10
[  177.232797][ T8995]  ? bpf_lsm_bpf+0x9/0x10
[  177.232808][ T8995]  __sys_bpf+0x433c/0x4d80
[  177.232823][ T8995]  ? __pfx___sys_bpf+0x10/0x10
[  177.232836][ T8995]  ? ksys_write+0x190/0x240
[  177.232847][ T8995]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  177.232869][ T8995]  ? fput+0x70/0xf0
[  177.232880][ T8995]  ? ksys_write+0x1b9/0x240
[  177.232888][ T8995]  ? __pfx_ksys_write+0x10/0x10
[  177.232900][ T8995]  __ia32_sys_bpf+0x76/0xe0
[  177.232914][ T8995]  __do_fast_syscall_32+0x73/0x120
[  177.232928][ T8995]  do_fast_syscall_32+0x32/0x80
[  177.232942][ T8995]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  177.232954][ T8995] RIP: 0023:0xf70ee579
[  177.232962][ T8995] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  177.232971][ T8995] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  177.232982][ T8995] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000200
[  177.232988][ T8995] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  177.232993][ T8995] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  177.232999][ T8995] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  177.233004][ T8995] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  177.233016][ T8995]  </TASK>
[  177.233019][ T8995] Mem-Info:
[  177.251048][ T9001] block nbd1: NBD_DISCONNECT
[  177.269368][ T8995] active_anon:11129 inactive_anon:24759 isolated_anon:0
[  177.269368][ T8995]  active_file:8025 inactive_file:9002 isolated_file:0
[  177.269368][ T8995]  unevictable:1768 dirty:149 writeback:0
[  177.269368][ T8995]  slab_reclaimable:5768 slab_unreclaimable:57856
[  177.269368][ T8995]  mapped:26256 shmem:32558 pagetables:845
[  177.269368][ T8995]  sec_pagetables:312 bounce:0
[  177.269368][ T8995]  kernel_misc_reclaimable:0
[  177.269368][ T8995]  free:56622 free_pcp:2515 free_cma:0
[  177.270853][ T9001] block nbd1: Send disconnect failed -22
[  177.274294][ T8995] Node 0 active_anon:2576kB inactive_anon:28kB active_file:908kB inactive_file:944kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:3336kB dirty:32kB writeback:0kB shmem:5424kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9716kB pagetables:972kB sec_pagetables:1160kB all_unreclaimable? no Balloon:0kB
[  177.278424][ T8992] block nbd1: Disconnected due to user request.
[  177.279803][ T8995] Node 1 active_anon:41940kB inactive_anon:99008kB active_file:31192kB inactive_file:35064kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:101688kB dirty:564kB writeback:0kB shmem:124808kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:2956kB pagetables:2408kB sec_pagetables:88kB all_unreclaimable? no Balloon:0kB
[  177.279833][ T8995] Node 0 DMA free:2096kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:488kB local_pcp:148kB free_cma:0kB
[  177.284030][ T8992] block nbd1: shutting down sockets
[  177.286300][ T8995] lowmem_reserve[]: 0 293 293 293 293
[  177.405459][ T8995] Node 0 DMA32 free:18348kB boost:2048kB min:15496kB low:18856kB high:22216kB reserved_highatomic:2048KB active_anon:4600kB inactive_anon:28kB active_file:908kB inactive_file:944kB unevictable:3536kB writepending:32kB present:1032196kB managed:300248kB mlocked:0kB bounce:0kB free_pcp:3120kB local_pcp:584kB free_cma:0kB
[  177.414586][ T8995] lowmem_reserve[]: 0 0 0 0 0
[  177.416078][ T8995] Node 1 DMA32 free:202468kB boost:26624kB min:73772kB low:85556kB high:97340kB reserved_highatomic:2048KB active_anon:45612kB inactive_anon:99008kB active_file:31192kB inactive_file:35068kB unevictable:3536kB writepending:572kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:7856kB local_pcp:4400kB free_cma:0kB
[  177.425487][ T8995] lowmem_reserve[]: 0 0 0 0 0
[  177.427029][ T8995] Node 0 DMA: 22*4kB (UM) 7*8kB (UM) 5*16kB (UM) 9*32kB (UM) 5*64kB (UM) 0*128kB 3*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2112kB
[  177.441065][ T8995] Node 0 DMA32: 68*4kB (UMH) 60*8kB (UMEH) 65*16kB (UMEH) 85*32kB (UEH) 24*64kB (UMEH) 34*128kB (MEH) 20*256kB (ME) 4*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 18592kB
[  177.448053][ T8995] Node 1 DMA32: 300*4kB (UME) 105*8kB (UMEH) 197*16kB (UMEH) 322*32kB (UMEH) 282*64kB (UMEH) 119*128kB (UMEH) 43*256kB (UMEH) 37*512kB (UMEH) 30*1024kB (UME) 20*2048kB (UM) 12*4096kB (UM) = 199560kB
[  177.459720][ T8995] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  177.464389][ T8995] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  177.468137][ T8995] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  177.474959][ T8995] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  177.478960][ T8995] 52521 total pagecache pages
[  177.481154][ T8995] 92 pages in swap cache
[  177.482927][ T8995] Free swap  = 92500kB
[  177.484661][ T8995] Total swap = 124996kB
[  177.486555][ T8995] 524155 pages RAM
[  177.488165][ T8995] 0 pages HighMem/MovableOnly
[  177.490210][ T8995] 208182 pages reserved
[  177.492130][ T8995] 0 pages cma reserved
[  177.670103][ T9023] xt_SECMARK: invalid mode: 0
[  177.989466][ T9039] FAULT_INJECTION: forcing a failure.
[  177.989466][ T9039] name failslab, interval 1, probability 0, space 0, times 0
[  177.996709][ T9039] CPU: 1 UID: 0 PID: 9039 Comm: syz.0.903 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  177.996732][ T9039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  177.996741][ T9039] Call Trace:
[  177.996757][ T9039]  <TASK>
[  177.996765][ T9039]  dump_stack_lvl+0x16c/0x1f0
[  177.996806][ T9039]  should_fail_ex+0x512/0x640
[  177.996833][ T9039]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  177.996853][ T9039]  should_failslab+0xc2/0x120
[  177.996873][ T9039]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  177.996889][ T9039]  ? rcu_is_watching+0x12/0xc0
[  177.996904][ T9039]  ? getname_flags.part.0+0x4c/0x550
[  177.996943][ T9039]  getname_flags.part.0+0x4c/0x550
[  177.996965][ T9039]  getname_flags+0x93/0xf0
[  177.996988][ T9039]  user_path_at+0x24/0x60
[  177.997012][ T9039]  __do_sys_pivot_root+0x16c/0x1570
[  177.997033][ T9039]  ? __fget_files+0x20e/0x3c0
[  177.997058][ T9039]  ? __pfx___do_sys_pivot_root+0x10/0x10
[  177.997076][ T9039]  ? arch_syscall_is_vdso_sigreturn+0x1bd/0x230
[  177.997105][ T9039]  ? rcu_is_watching+0x12/0xc0
[  177.997122][ T9039]  __do_fast_syscall_32+0x73/0x120
[  177.997146][ T9039]  do_fast_syscall_32+0x32/0x80
[  177.997166][ T9039]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  177.997187][ T9039] RIP: 0023:0xf704e579
[  177.997199][ T9039] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  177.997214][ T9039] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000d9
[  177.997230][ T9039] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  177.997238][ T9039] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  177.997246][ T9039] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  177.997256][ T9039] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  177.997265][ T9039] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  177.997284][ T9039]  </TASK>
[  178.272479][ T9050] ubi: mtd0 is already attached to ubi31
[  178.454490][ T9053] netlink: 128 bytes leftover after parsing attributes in process `syz.1.907'.
[  178.837207][ T9062] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  179.179496][ T9068] sit0: entered promiscuous mode
[  179.183800][ T9068] netlink: 'syz.3.912': attribute type 1 has an invalid length.
[  179.186196][ T9068] netlink: 1 bytes leftover after parsing attributes in process `syz.3.912'.
[  179.194128][ T9068] ubi: mtd0 is already attached to ubi31
[  179.232357][ T9072] netlink: 'syz.3.914': attribute type 5 has an invalid length.
[  179.234821][ T9072] netlink: 12 bytes leftover after parsing attributes in process `syz.3.914'.
[  179.259530][ T9074] FAULT_INJECTION: forcing a failure.
[  179.259530][ T9074] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.265370][ T9074] CPU: 3 UID: 0 PID: 9074 Comm: syz.3.915 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  179.265384][ T9074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  179.265390][ T9074] Call Trace:
[  179.265393][ T9074]  <TASK>
[  179.265397][ T9074]  dump_stack_lvl+0x16c/0x1f0
[  179.265415][ T9074]  should_fail_ex+0x512/0x640
[  179.265431][ T9074]  _copy_from_user+0x2e/0xd0
[  179.265445][ T9074]  get_compat_msghdr+0xa7/0x170
[  179.265456][ T9074]  ? __pfx_get_compat_msghdr+0x10/0x10
[  179.265470][ T9074]  ___sys_sendmsg+0x1ae/0x1d0
[  179.265482][ T9074]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.265508][ T9074]  __sys_sendmsg+0x16d/0x220
[  179.265519][ T9074]  ? __pfx___sys_sendmsg+0x10/0x10
[  179.265533][ T9074]  ? rcu_is_watching+0x12/0xc0
[  179.265543][ T9074]  ? rcu_is_watching+0x12/0xc0
[  179.265553][ T9074]  __do_fast_syscall_32+0x73/0x120
[  179.265568][ T9074]  do_fast_syscall_32+0x32/0x80
[  179.265581][ T9074]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.265594][ T9074] RIP: 0023:0xf70ee579
[  179.265602][ T9074] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  179.265612][ T9074] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  179.265621][ T9074] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800001c0
[  179.265628][ T9074] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  179.265633][ T9074] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  179.265638][ T9074] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  179.265644][ T9074] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  179.265656][ T9074]  </TASK>
[  179.691577][ T9085] netlink: 'syz.0.918': attribute type 21 has an invalid length.
[  179.742407][ T9093] FAULT_INJECTION: forcing a failure.
[  179.742407][ T9093] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.746555][ T9093] CPU: 3 UID: 0 PID: 9093 Comm: syz.0.922 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  179.746568][ T9093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  179.746575][ T9093] Call Trace:
[  179.746579][ T9093]  <TASK>
[  179.746583][ T9093]  dump_stack_lvl+0x16c/0x1f0
[  179.746601][ T9093]  should_fail_ex+0x512/0x640
[  179.746618][ T9093]  _copy_from_user+0x2e/0xd0
[  179.746633][ T9093]  get_compat_msghdr+0xa7/0x170
[  179.746644][ T9093]  ? __pfx_get_compat_msghdr+0x10/0x10
[  179.746658][ T9093]  ___sys_sendmsg+0x1ae/0x1d0
[  179.746670][ T9093]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.746696][ T9093]  __sys_sendmsg+0x16d/0x220
[  179.746707][ T9093]  ? __pfx___sys_sendmsg+0x10/0x10
[  179.746723][ T9093]  ? rcu_is_watching+0x12/0xc0
[  179.746734][ T9093]  __do_fast_syscall_32+0x73/0x120
[  179.746749][ T9093]  do_fast_syscall_32+0x32/0x80
[  179.746762][ T9093]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.746775][ T9093] RIP: 0023:0xf704e579
[  179.746783][ T9093] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  179.746793][ T9093] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  179.746802][ T9093] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  179.746808][ T9093] RDX: 0000000004004050 RSI: 0000000000000000 RDI: 0000000000000000
[  179.746814][ T9093] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  179.746819][ T9093] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  179.746825][ T9093] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  179.746837][ T9093]  </TASK>
[  179.835880][ T9094] ubi: mtd0 is already attached to ubi31
[  180.305506][ T9110] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  180.357047][ T9110] kvm: pic: non byte read
[  180.364923][ T9110] kvm: pic: level sensitive irq not supported
[  180.366104][ T9110] kvm: pic: non byte read
[  180.370711][ T9110] kvm: pic: level sensitive irq not supported
[  180.373381][ T9110] kvm: pic: non byte read
[  180.561247][ T9115] FAULT_INJECTION: forcing a failure.
[  180.561247][ T9115] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.565624][ T9115] CPU: 0 UID: 0 PID: 9115 Comm: syz.3.928 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  180.565637][ T9115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.565644][ T9115] Call Trace:
[  180.565648][ T9115]  <TASK>
[  180.565652][ T9115]  dump_stack_lvl+0x16c/0x1f0
[  180.565668][ T9115]  should_fail_ex+0x512/0x640
[  180.565684][ T9115]  _copy_to_user+0x32/0xd0
[  180.565701][ T9115]  simple_read_from_buffer+0xcb/0x170
[  180.565717][ T9115]  proc_fail_nth_read+0x197/0x270
[  180.565732][ T9115]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  180.565746][ T9115]  ? rw_verify_area+0xcf/0x680
[  180.565760][ T9115]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  180.565773][ T9115]  vfs_read+0x1de/0xc70
[  180.565784][ T9115]  ? __pfx___mutex_lock+0x10/0x10
[  180.565798][ T9115]  ? __pfx_vfs_read+0x10/0x10
[  180.565810][ T9115]  ? __fget_files+0x20e/0x3c0
[  180.565829][ T9115]  ksys_read+0x12a/0x240
[  180.565837][ T9115]  ? __pfx_ksys_read+0x10/0x10
[  180.565847][ T9115]  ? __secure_computing+0x21c/0x320
[  180.565859][ T9115]  __do_fast_syscall_32+0x73/0x120
[  180.565892][ T9115]  do_fast_syscall_32+0x32/0x80
[  180.565905][ T9115]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  180.565918][ T9115] RIP: 0023:0xf70ee579
[  180.565926][ T9115] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  180.565935][ T9115] RSP: 002b:00000000f50de590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  180.565945][ T9115] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f50de620
[  180.565951][ T9115] RDX: 000000000000000f RSI: 00000000f7452ff4 RDI: 0000000000000000
[  180.565957][ T9115] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  180.565962][ T9115] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  180.565968][ T9115] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.565980][ T9115]  </TASK>
[  180.639313][ T9120] ubi: mtd0 is already attached to ubi31
[  180.730610][ T9131] FAULT_INJECTION: forcing a failure.
[  180.730610][ T9131] name failslab, interval 1, probability 0, space 0, times 0
[  180.734808][ T9131] CPU: 3 UID: 0 PID: 9131 Comm: syz.1.932 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  180.734822][ T9131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.734828][ T9131] Call Trace:
[  180.734832][ T9131]  <TASK>
[  180.734835][ T9131]  dump_stack_lvl+0x16c/0x1f0
[  180.734852][ T9131]  should_fail_ex+0x512/0x640
[  180.734866][ T9131]  ? fs_reclaim_acquire+0xae/0x150
[  180.734882][ T9131]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  180.734895][ T9131]  should_failslab+0xc2/0x120
[  180.734907][ T9131]  __kmalloc_noprof+0xd2/0x510
[  180.734921][ T9131]  tomoyo_realpath_from_path+0xc2/0x6e0
[  180.734936][ T9131]  ? tomoyo_profile+0x47/0x60
[  180.734952][ T9131]  tomoyo_path_number_perm+0x245/0x580
[  180.734962][ T9131]  ? tomoyo_path_number_perm+0x237/0x580
[  180.734975][ T9131]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  180.735000][ T9131]  ? find_held_lock+0x2b/0x80
[  180.735010][ T9131]  ? hook_file_ioctl_common+0x145/0x410
[  180.735020][ T9131]  ? __fget_files+0x204/0x3c0
[  180.735037][ T9131]  ? __fget_files+0x20e/0x3c0
[  180.735051][ T9131]  ? fput+0x70/0xf0
[  180.735064][ T9131]  security_file_ioctl_compat+0x9b/0x240
[  180.735083][ T9131]  __ia32_compat_sys_ioctl+0xc3/0x360
[  180.735098][ T9131]  __do_fast_syscall_32+0x73/0x120
[  180.735113][ T9131]  do_fast_syscall_32+0x32/0x80
[  180.735126][ T9131]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  180.735139][ T9131] RIP: 0023:0xf7f75579
[  180.735147][ T9131] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  180.735157][ T9131] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  180.735166][ T9131] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080047441
[  180.735172][ T9131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  180.735177][ T9131] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  180.735183][ T9131] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  180.735188][ T9131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  180.735201][ T9131]  </TASK>
[  180.735205][ T9131] ERROR: Out of memory at tomoyo_realpath_from_path.
[  182.218945][ T9164] FAULT_INJECTION: forcing a failure.
[  182.218945][ T9164] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.223662][ T9164] CPU: 2 UID: 0 PID: 9164 Comm: syz.1.940 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  182.223676][ T9164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  182.223682][ T9164] Call Trace:
[  182.223686][ T9164]  <TASK>
[  182.223690][ T9164]  dump_stack_lvl+0x16c/0x1f0
[  182.223707][ T9164]  should_fail_ex+0x512/0x640
[  182.223723][ T9164]  _copy_to_iter+0x2a4/0x15a0
[  182.223739][ T9164]  ? anon_pipe_read+0x7de/0x1210
[  182.223750][ T9164]  ? __pfx__copy_to_iter+0x10/0x10
[  182.223763][ T9164]  ? __pfx___mutex_lock+0x10/0x10
[  182.223782][ T9164]  copy_page_to_iter+0xf1/0x180
[  182.223799][ T9164]  anon_pipe_read+0x47e/0x1210
[  182.223813][ T9164]  ? __pfx_anon_pipe_read+0x10/0x10
[  182.223824][ T9164]  ? __pfx_autoremove_wake_function+0x10/0x10
[  182.223837][ T9164]  ? bpf_lsm_file_permission+0x9/0x10
[  182.223852][ T9164]  ? security_file_permission+0x71/0x210
[  182.223865][ T9164]  ? rw_verify_area+0xcf/0x680
[  182.223880][ T9164]  vfs_read+0xaa3/0xc70
[  182.223892][ T9164]  ? __pfx_vfs_read+0x10/0x10
[  182.223899][ T9164]  ? find_held_lock+0x2b/0x80
[  182.223917][ T9164]  ksys_read+0x205/0x240
[  182.223926][ T9164]  ? __pfx_ksys_read+0x10/0x10
[  182.223936][ T9164]  ? rcu_is_watching+0x12/0xc0
[  182.223947][ T9164]  __do_fast_syscall_32+0x73/0x120
[  182.223962][ T9164]  do_fast_syscall_32+0x32/0x80
[  182.223976][ T9164]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  182.223988][ T9164] RIP: 0023:0xf7f75579
[  182.223996][ T9164] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  182.224006][ T9164] RSP: 002b:00000000f509655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  182.224016][ T9164] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800095c0
[  182.224022][ T9164] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  182.224027][ T9164] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  182.224033][ T9164] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  182.224040][ T9164] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  182.224053][ T9164]  </TASK>
[  182.300336][    C2] vkms_vblank_simulate: vblank timer overrun
[  183.396043][ T5300] Bluetooth: hci1: unexpected event for opcode 0x2002
[  185.605869][   T40] kauditd_printk_skb: 153 callbacks suppressed
[  185.605880][   T40] audit: type=1800 audit(2000000062.949:253): pid=9189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.948" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  185.667248][ T9197] tc_dump_action: action bad kind
[  185.724573][ T9197] 9pnet_fd: Insufficient options for proto=fd
[  186.121112][ T5986] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  186.271072][ T5986] usb 6-1: Using ep0 maxpacket: 8
[  186.275654][ T5986] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  186.279232][ T5986] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  186.287509][ T5986] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.309316][ T5986] usb 6-1: config 0 descriptor??
[  186.527945][ T9200] syz.2.950 (9200) used greatest stack depth: 20760 bytes left
[  186.533146][ T5986] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  186.827459][ T9220] netlink: 'syz.3.958': attribute type 1 has an invalid length.
[  186.840844][ T9220] 8021q: adding VLAN 0 to HW filter on device bond4
[  186.974860][ T9225] netlink: 12 bytes leftover after parsing attributes in process `syz.3.959'.
[  187.174549][ T9229] netlink: 'syz.3.961': attribute type 3 has an invalid length.
[  187.443438][ T5300] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  187.446420][ T5300] Bluetooth: hci1: Injecting HCI hardware error event
[  187.461123][ T5300] Bluetooth: hci1: hardware error 0x00
[  188.886198][ T5984] usb 6-1: USB disconnect, device number 11
[  189.521138][ T5300] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  189.547943][ T9284] 9pnet_virtio: no channels available for device syz
[  189.948897][ T9291] netlink: 'syz.0.977': attribute type 1 has an invalid length.
[  189.960703][ T9291] 8021q: adding VLAN 0 to HW filter on device bond6
[  190.087779][ T9297] wireguard0: entered promiscuous mode
[  190.089693][ T9297] wireguard0: entered allmulticast mode
[  190.347625][ T9307] tc_dump_action: action bad kind
[  190.541904][ T5984] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  190.691131][ T5984] usb 7-1: Using ep0 maxpacket: 8
[  190.696036][ T5984] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  190.700590][ T5984] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  190.704811][ T5984] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.710678][ T5984] usb 7-1: config 0 descriptor??
[  190.918348][ T5984] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  191.331384][ T6002] usb 7-1: USB disconnect, device number 9
[  192.132081][ T9327] netlink: 24 bytes leftover after parsing attributes in process `syz.1.987'.
[  192.230163][ T9329] process 'syz.1.987' launched './file2' with NULL argv: empty string added
[  192.723902][ T5954] Bluetooth: hci4: sending frame failed (-49)
[  192.726966][ T5300] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  192.858791][ T9346] tc_dump_action: action bad kind
[  193.241136][   T10] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  193.282074][ T9359] netlink: 24 bytes leftover after parsing attributes in process `syz.0.995'.
[  193.411056][   T10] usb 6-1: Using ep0 maxpacket: 8
[  193.414176][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  193.417450][   T10] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  193.420347][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.425123][   T10] usb 6-1: config 0 descriptor??
[  193.631511][   T10] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  193.693166][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  194.045668][   T10] usb 6-1: USB disconnect, device number 12
[  194.712058][ T9386] netlink: 'syz.2.1003': attribute type 1 has an invalid length.
[  194.714900][ T9386] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1003'.
[  195.055995][ T9392] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1004'.
[  195.247566][   T40] audit: type=1326 audit(2000000072.589:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.255391][   T40] audit: type=1326 audit(2000000072.589:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.262700][   T40] audit: type=1326 audit(2000000072.609:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.269906][   T40] audit: type=1326 audit(2000000072.609:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.277368][   T40] audit: type=1326 audit(2000000072.609:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.285925][   T40] audit: type=1326 audit(2000000072.609:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=379 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.293799][   T40] audit: type=1326 audit(2000000072.609:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.300611][   T40] audit: type=1326 audit(2000000072.609:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.307348][   T40] audit: type=1326 audit(2000000072.609:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.314530][   T40] audit: type=1326 audit(2000000072.609:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9396 comm="syz.0.1006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  195.375940][ T9397] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  195.382340][ T5947] Bluetooth: hci3: Malformed Event: 0x13
[  195.441565][ T9412] tc_dump_action: action bad kind
[  195.681180][ T5984] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  195.841111][ T5300] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  195.841416][ T5947] Bluetooth: hci4: command 0x1003 tx timeout
[  195.843420][ T5984] usb 7-1: Using ep0 maxpacket: 16
[  195.854508][ T5984] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[  195.857065][ T5984] usb 7-1: config 0 has no interface number 0
[  195.858941][ T5984] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  195.862394][ T5984] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  195.867287][ T5984] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  195.872960][ T5984] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  195.875574][ T5984] usb 7-1: Product: syz
[  195.876874][ T5984] usb 7-1: SerialNumber: syz
[  195.879684][ T5984] usb 7-1: config 0 descriptor??
[  195.885857][ T5984] cm109 7-1:0.8: invalid payload size 0, expected 4
[  195.890779][ T5984] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.8/input/input13
[  195.963707][ T9447] netlink: 'syz.3.1012': attribute type 6 has an invalid length.
[  196.083716][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  196.299896][ T5869] usb 7-1: USB disconnect, device number 10
[  196.310331][ T5869] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  196.410209][ T9457] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1013'.
[  196.443591][ T9456] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1015'.
[  196.446280][ T9456] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1015'.
[  196.571127][ T5300] Bluetooth: hci3: command 0x0405 tx timeout
[  197.544679][ T9495] netlink: 'syz.2.1025': attribute type 1 has an invalid length.
[  197.555572][ T9495] 8021q: adding VLAN 0 to HW filter on device bond7
[  197.898323][ T9504] netlink: 'syz.1.1028': attribute type 6 has an invalid length.
[  198.171177][ T9484] syz.0.1021 (9484) used greatest stack depth: 20552 bytes left
[  198.758780][ T9523] netlink: 'syz.1.1034': attribute type 1 has an invalid length.
[  198.772279][ T9523] 8021q: adding VLAN 0 to HW filter on device bond3
[  198.823901][ T9526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1035'.
[  198.829077][ T9526] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1035'.
[  199.333045][ T9539] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1039'.
[  199.336761][ T9539] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1039'.
[  199.336828][ T9540] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1039'.
[  200.049176][ T9544] ==================================================================
[  200.052262][ T9544] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x132/0x320
[  200.054651][ T9544] Write of size 4064 at addr ffffc90003656020 by task syz.0.1042/9544
[  200.058670][ T9544] 
[  200.059768][ T9544] CPU: 3 UID: 0 PID: 9544 Comm: syz.0.1042 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  200.059781][ T9544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  200.059788][ T9544] Call Trace:
[  200.059792][ T9544]  <TASK>
[  200.059796][ T9544]  dump_stack_lvl+0x116/0x1f0
[  200.059812][ T9544]  print_report+0xc3/0x670
[  200.059825][ T9544]  ? __virt_addr_valid+0x5e/0x590
[  200.059839][ T9544]  ? vrealloc_noprof+0x132/0x320
[  200.059848][ T9544]  kasan_report+0xe0/0x110
[  200.059859][ T9544]  ? vrealloc_noprof+0x132/0x320
[  200.059874][ T9544]  kasan_check_range+0xef/0x1a0
[  200.059887][ T9544]  __asan_memset+0x23/0x50
[  200.059903][ T9544]  vrealloc_noprof+0x132/0x320
[  200.059912][ T9544]  push_insn_history+0x2ae/0x6c0
[  200.059924][ T9544]  do_check_common+0xbd3/0xc2a0
[  200.059940][ T9544]  ? __pfx_do_check_common+0x10/0x10
[  200.059950][ T9544]  ? lockdep_hardirqs_on+0x7c/0x110
[  200.059963][ T9544]  ? kfree+0x2b6/0x4d0
[  200.059977][ T9544]  ? bpf_check+0x6c86/0xb460
[  200.059986][ T9544]  ? bpf_check+0x7b2f/0xb460
[  200.059996][ T9544]  bpf_check+0x7f51/0xb460
[  200.060010][ T9544]  ? __pfx_bpf_check+0x10/0x10
[  200.060020][ T9544]  ? pcpu_alloc_noprof+0x949/0x1470
[  200.060033][ T9544]  ? __lock_acquire+0xaa4/0x1ba0
[  200.060049][ T9544]  ? find_held_lock+0x2b/0x80
[  200.060059][ T9544]  ? __asan_memset+0x23/0x50
[  200.060073][ T9544]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  200.060087][ T9544]  bpf_prog_load+0xe41/0x2490
[  200.060101][ T9544]  ? __pfx_bpf_prog_load+0x10/0x10
[  200.060113][ T9544]  ? __pfx___futex_wait+0x10/0x10
[  200.060131][ T9544]  ? bpf_lsm_bpf+0x9/0x10
[  200.060141][ T9544]  __sys_bpf+0x433c/0x4d80
[  200.060155][ T9544]  ? __pfx___sys_bpf+0x10/0x10
[  200.060167][ T9544]  ? kmem_cache_free+0x2d4/0x4d0
[  200.060176][ T9544]  ? fd_install+0x225/0x750
[  200.060190][ T9544]  ? putname+0x154/0x1a0
[  200.060202][ T9544]  ? do_futex+0x122/0x350
[  200.060212][ T9544]  ? __pfx_do_futex+0x10/0x10
[  200.060224][ T9544]  ? __ia32_compat_sys_openat+0x16d/0x210
[  200.060238][ T9544]  ? arch_syscall_is_vdso_sigreturn+0x1bd/0x230
[  200.060255][ T9544]  ? syscall_user_dispatch+0x78/0x140
[  200.060270][ T9544]  __ia32_sys_bpf+0x76/0xe0
[  200.060284][ T9544]  __do_fast_syscall_32+0x73/0x120
[  200.060297][ T9544]  do_fast_syscall_32+0x32/0x80
[  200.060310][ T9544]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  200.060322][ T9544] RIP: 0023:0xf704e579
[  200.060330][ T9544] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  200.060340][ T9544] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  200.060350][ T9544] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0
[  200.060356][ T9544] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  200.060362][ T9544] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  200.060368][ T9544] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  200.060374][ T9544] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  200.060382][ T9544]  </TASK>
[  200.060386][ T9544] 
[  200.154148][ T9544] The buggy address belongs to the virtual mapping at
[  200.154148][ T9544]  [ffffc90003636000, ffffc90003658000) created by:
[  200.154148][ T9544]  kvrealloc_noprof+0x7d/0xd0
[  200.159480][ T9544] 
[  200.160247][ T9544] The buggy address belongs to the physical page:
[  200.162214][ T9544] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x800c4 pfn:0x4f055
[  200.164974][ T9544] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  200.167228][ T9544] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  200.169864][ T9544] raw: 00000000000800c4 0000000000000000 00000001ffffffff 0000000000000000
[  200.172486][ T9544] page dumped because: kasan: bad access detected
[  200.174450][ T9544] page_owner tracks the page as allocated
[  200.176205][ T9544] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 9544, tgid 9543 (syz.0.1042), ts 200049049569, free_ts 199171103260
[  200.181379][ T9544]  post_alloc_hook+0x181/0x1b0
[  200.182828][ T9544]  get_page_from_freelist+0x135c/0x3920
[  200.184518][ T9544]  __alloc_frozen_pages_noprof+0x5a8/0x23a0
[  200.186300][ T9544]  alloc_pages_mpol+0x1fb/0x550
[  200.187774][ T9544]  alloc_pages_noprof+0x131/0x390
[  200.189290][ T9544]  __vmalloc_node_range_noprof+0x732/0x1540
[  200.191070][ T9544]  __kvmalloc_node_noprof+0x2ff/0x600
[  200.192681][ T9544]  kvrealloc_noprof+0x7d/0xd0
[  200.194114][ T9544]  push_insn_history+0x2ae/0x6c0
[  200.195605][ T9544]  do_check_common+0xbd3/0xc2a0
[  200.197090][ T9544]  bpf_check+0x7f51/0xb460
[  200.198444][ T9544]  bpf_prog_load+0xe41/0x2490
[  200.199852][ T9544]  __sys_bpf+0x433c/0x4d80
[  200.201205][ T9544]  __ia32_sys_bpf+0x76/0xe0
[  200.202556][ T9544]  __do_fast_syscall_32+0x73/0x120
[  200.204106][ T9544]  do_fast_syscall_32+0x32/0x80
[  200.205573][ T9544] page last free pid 6511 tgid 6511 stack trace:
[  200.207491][ T9544]  __free_frozen_pages+0x69d/0xff0
[  200.209096][ T9544]  vfree+0x176/0x960
[  200.210300][ T9544]  delayed_vfree_work+0x56/0x70
[  200.211873][ T9544]  process_one_work+0x9cc/0x1b70
[  200.213482][ T9544]  worker_thread+0x6c8/0xf10
[  200.214855][ T9544]  kthread+0x3c2/0x780
[  200.216088][ T9544]  ret_from_fork+0x45/0x80
[  200.217454][ T9544]  ret_from_fork_asm+0x1a/0x30
[  200.218905][ T9544] 
[  200.219634][ T9544] Memory state around the buggy address:
[  200.221372][ T9544]  ffffc90003655f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  200.223739][ T9544]  ffffc90003655f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  200.226129][ T9544] >ffffc90003656000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  200.228494][ T9544]                                ^
[  200.230065][ T9544]  ffffc90003656080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  200.232402][ T9544]  ffffc90003656100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  200.234768][ T9544] ==================================================================
[  200.250790][ T9552] netlink: 'syz.1.1043': attribute type 1 has an invalid length.
[  200.261552][ T9544] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  200.263769][ T9544] CPU: 3 UID: 0 PID: 9544 Comm: syz.0.1042 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) 
[  200.267498][ T9544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  200.270790][ T9544] Call Trace:
[  200.271879][ T9544]  <TASK>
[  200.272816][ T9544]  dump_stack_lvl+0x3d/0x1f0
[  200.274277][ T9544]  panic+0x71c/0x800
[  200.275509][ T9544]  ? __pfx_panic+0x10/0x10
[  200.276907][ T9544]  ? rcu_is_watching+0x12/0xc0
[  200.278415][ T9544]  ? preempt_schedule_thunk+0x16/0x30
[  200.280091][ T9544]  ? vrealloc_noprof+0x132/0x320
[  200.281632][ T9544]  ? preempt_schedule_common+0x44/0xc0
[  200.283342][ T9544]  ? vrealloc_noprof+0x132/0x320
[  200.284881][ T9544]  check_panic_on_warn+0xab/0xb0
[  200.286438][ T9544]  end_report+0x107/0x170
[  200.287792][ T9544]  kasan_report+0xee/0x110
[  200.289183][ T9544]  ? vrealloc_noprof+0x132/0x320
[  200.290744][ T9544]  kasan_check_range+0xef/0x1a0
[  200.292270][ T9544]  __asan_memset+0x23/0x50
[  200.293671][ T9544]  vrealloc_noprof+0x132/0x320
[  200.295171][ T9544]  push_insn_history+0x2ae/0x6c0
[  200.296720][ T9544]  do_check_common+0xbd3/0xc2a0
[  200.298214][ T9544]  ? __pfx_do_check_common+0x10/0x10
[  200.299854][ T9544]  ? lockdep_hardirqs_on+0x7c/0x110
[  200.301474][ T9544]  ? kfree+0x2b6/0x4d0
[  200.302759][ T9544]  ? bpf_check+0x6c86/0xb460
[  200.304205][ T9544]  ? bpf_check+0x7b2f/0xb460
[  200.305657][ T9544]  bpf_check+0x7f51/0xb460
[  200.307083][ T9544]  ? __pfx_bpf_check+0x10/0x10
[  200.308579][ T9544]  ? pcpu_alloc_noprof+0x949/0x1470
[  200.310206][ T9544]  ? __lock_acquire+0xaa4/0x1ba0
[  200.311754][ T9544]  ? find_held_lock+0x2b/0x80
[  200.313224][ T9544]  ? __asan_memset+0x23/0x50
[  200.314877][ T9544]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  200.316542][ T9544]  bpf_prog_load+0xe41/0x2490
[  200.318072][ T9544]  ? __pfx_bpf_prog_load+0x10/0x10
[  200.319666][ T9544]  ? __pfx___futex_wait+0x10/0x10
[  200.321246][ T9544]  ? bpf_lsm_bpf+0x9/0x10
[  200.322603][ T9544]  __sys_bpf+0x433c/0x4d80
[  200.324008][ T9544]  ? __pfx___sys_bpf+0x10/0x10
[  200.325497][ T9544]  ? kmem_cache_free+0x2d4/0x4d0
[  200.327115][ T9544]  ? fd_install+0x225/0x750
[  200.328539][ T9544]  ? putname+0x154/0x1a0
[  200.329880][ T9544]  ? do_futex+0x122/0x350
[  200.331233][ T9544]  ? __pfx_do_futex+0x10/0x10
[  200.332703][ T9544]  ? __ia32_compat_sys_openat+0x16d/0x210
[  200.334477][ T9544]  ? arch_syscall_is_vdso_sigreturn+0x1bd/0x230
[  200.336446][ T9544]  ? syscall_user_dispatch+0x78/0x140
[  200.338135][ T9544]  __ia32_sys_bpf+0x76/0xe0
[  200.339562][ T9544]  __do_fast_syscall_32+0x73/0x120
[  200.341162][ T9544]  do_fast_syscall_32+0x32/0x80
[  200.342686][ T9544]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  200.344639][ T9544] RIP: 0023:0xf704e579
[  200.346012][ T9544] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  200.352298][ T9544] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  200.354863][ T9544] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0
[  200.357548][ T9544] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  200.359987][ T9544] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  200.362406][ T9544] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  200.364819][ T9544] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  200.367751][ T9544]  </TASK>
[  200.369301][ T9544] Kernel Offset: disabled
[  200.370672][ T9544] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:13:33  Registers:
info registers vcpu 0

CPU#0
RAX=fffff5200060eecf RBX=fffff5200060eed0 RCX=ffffffff8197f49c RDX=0000000000000001
RSI=0000000000000004 RDI=ffffc90003077678 RBP=fffff5200060eecf RSP=ffffc90003077630
R8 =0000000000000001 R9 =fffff5200060eecf R10=ffffc9000307767b R11=0000000000000000
R12=ffff888066b28108 R13=ffff888066b28110 R14=ffff888066b280e8 R15=ffffc90003077898
RIP=ffffffff821f281e RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977ed000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3139d0 CR3=0000000025d40000 CR4=00352ef0
DR0=000000000000b17b DR1=000000000000000f DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000ce000000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000002 RBX=1ffff920005e7ef1 RCX=0000000000000001 RDX=0000000000000000
RSI=ffffffff8dccba91 RDI=ffffffff8bf467e0 RBP=ffffffff8e3bf3e0 RSP=ffffc90002f3f738
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=ffff8880233d0000 R13=ffff8880233d0af0 R14=00000000ffffffff R15=0000000000000000
RIP=ffffffff8b68f580 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978ed000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000558359b47000 CR3=00000000639d6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000005000001bc 00000128ffffffef
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88802b541460 RCX=ffffffff81ae9e69 RDX=ffff888044928000
RSI=ffffffff81ae9e43 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90002216fe0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed10056a828d R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b43b180
RIP=ffffffff81ae9e45 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979ed000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f513de8e CR3=000000006825f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000005 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=ffffffff854bf8f0 RDI=ffffffff9addebc0 RBP=ffffffff9addeb80 RSP=ffffc90004f1ef08
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000034353954
R12=0000000000000000 R13=ffffffff9addebd0 R14=ffffffff9addeb80 R15=ffffffff9addee40
RIP=ffffffff854bf917 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097aed000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f4f7ffc CR3=0000000023513000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007400000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000