last executing test programs:

6.157844034s ago: executing program 2 (id=978):
socket$inet6(0xa, 0x5, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040), 0x0)

5.976621814s ago: executing program 2 (id=982):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket$unix(0x1, 0x1, 0x0) (async)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020) (async)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e) (async)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)

5.903443617s ago: executing program 2 (id=983):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x44, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x2, 0x2, 0x2, 0x0, {0x9, 0x4, 0x0, 0x8, 0x0, 0x1, 0x1, 0x3}, 0x1, 0x1, 0x4}}, @void, @void, @void}}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}, @beacon=[@NL80211_ATTR_IE={0x4}]]}, 0x74}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff)
r9 = socket$nl_route(0x10, 0x3, 0x0)
fcntl$dupfd(r9, 0x0, r9)
ioctl$FS_IOC_GETFSSYSFSPATH(r7, 0x80811501, &(0x7f0000000040)={0x80})
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@gettfilter={0x13, 0x2e, 0x201, 0x0, 0x0, {}, [{0x8, 0xf}]}, 0x2c}}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001500)={0x34, r8, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}]}, 0x34}}, 0x0)

5.458545435s ago: executing program 1 (id=984):
r0 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000000)={0x5, 0x3ff})
ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000040)=0x6)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x900, 0x0)
ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f00000000c0))
connect$caif(r1, &(0x7f0000000100)=@util={0x25, "8f8cec9483f2ef1dec89bb7ca15e954a"}, 0x18)
ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000140)=0x6)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x2})
ioctl$FS_IOC_READ_VERITY_METADATA(r1, 0xc0286687, &(0x7f0000000200)={0x2, 0x3, 0xf, &(0x7f00000001c0)=""/15})
ioperm(0x0, 0x101, 0xe0000000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=@deltaction={0x6c, 0x31, 0x20, 0x70bd2b, 0x25dfdbfe, {}, [@TCA_ACT_TAB={0x58, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x880}}, {0x14, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000001}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
ioctl$TCXONC(r1, 0x540a, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x8000, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000440)={0x4, 0x0, &(0x7f0000000400)=[0x0, 0x0, <r4=>0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_RMFB(r3, 0xc00464af, &(0x7f0000000480)=r4)
ioctl$TCXONC(r1, 0x540a, 0x3)
stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = getgid()
fchown(r0, r5, r6)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), r1)
sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, r7, 0x8, 0x70bd26, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x84)
close(r2)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), r1)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x2c, r8, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8004}, 0x80000)
ioctl$IOMMU_VFIO_SET_IOMMU(r1, 0x3b66, 0xf7d54e7163899e00)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000840), r1)
sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x30, r9, 0x300, 0x70bd28, 0x25dfdbff, {{}, {}, {0x14, 0x18, {0x4, @bearer=@l2={'eth', 0x3a, 'macsec0\x00'}}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000980), r1)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a80)={&(0x7f00000009c0)={0x84, r10, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3bbe}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7a99}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xc}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xf}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x81}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x800}, 0x8000)

5.45441343s ago: executing program 1 (id=986):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r0, r1}, 0xc)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r1}, 0x38) (fail_nth: 41)

5.450670513s ago: executing program 2 (id=987):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) (async)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000005a006da80000007ae1d34f001c14000000000000000002000800010000120000ff7da8c7c88a21acddc80d88d10018839cd6a9b1de011f32d43ea37b0f4ff980cd372a5106953d70928ad17788e4"], 0x24}}, 0x0) (async)
r2 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f080003400000000464"], 0xf0}}, 0x0) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) (async)
r5 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r5, 0x0, 0x0) (async)
syz_open_dev$evdev(&(0x7f0000000080), 0x4, 0x300) (async)
syz_usb_disconnect(0xffffffffffffffff) (async)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
poll(&(0x7f00000000c0)=[{r6, 0x48}], 0x1, 0x62) (async)
write$char_usb(r6, &(0x7f0000000180)='0', 0xfe64) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r8 = syz_open_dev$loop(0x0, 0x81, 0x2)
ioctl$LOOP_GET_STATUS(r8, 0x1263, 0x0) (async)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0) (async)
fdatasync(0xffffffffffffffff)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) (async)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0xff, 0x1, 0x428}}}, 0x7) (async)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xc, 0x2, 0xb, '\x00', 0x8})
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r4, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"})
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c000180060006006558000004050280ff0411"], 0x528}}, 0xc000) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2)

5.402444495s ago: executing program 1 (id=990):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x100000, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@euid_gt={'euid>', r1}}, {@smackfshat={'smackfshat', 0x3d, 'overlay\x00'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r3 = fanotify_init(0x200, 0x0)
fanotify_mark(r3, 0x201, 0x4800003e, r2, 0x0)
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x2000, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = open(&(0x7f0000000080)='./bus\x00', 0x62142, 0x0)
ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000040)={'wlan0\x00', 0x400})
r6 = open$dir(&(0x7f0000000180)='./file1\x00', 0x204100, 0x10)
r7 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', &(0x7f0000000240)={0x80000, 0xc8, 0x21}, 0x18)
linkat(r6, &(0x7f00000001c0)='./file1\x00', r7, &(0x7f0000000280)='./bus\x00', 0x1000)
open(&(0x7f0000000780)='./bus\x00', 0x14117e, 0x0)

5.320316474s ago: executing program 1 (id=991):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0)
ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r1, 0x101, 0x1, &(0x7f0000000040)=0x6, 0x4)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x175a81, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000240)={<r4=>0xffffffffffffffff}, 0x13f, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000200)={0x7, 0xffc1, 0xfa00, {r4, 0x55ab}}, 0x10)
mknodat(r2, &(0x7f0000000280)='./file0\x00', 0x8, 0x800)
socketpair(0x2b, 0x80001, 0x0, &(0x7f0000000000))
chdir(&(0x7f00000000c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x4)
r5 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000002a00)={0xa0, 0xfffffffffffffff5, 0x0, {{0x0, 0x0, 0xfb9, 0x0, 0xe1, 0x9, {0x6, 0x6, 0x4, 0x0, 0x9, 0xa, 0x7fffffff, 0x358, 0xc, 0xa000, 0x100, 0x0, 0x0, 0x0, 0x5}}}}, 0xa0)
setpgid(r5, 0x0)
setpgid(0x0, r5)
openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x10000, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x40000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x80000, <r7=>0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r6, 0xc00464c9, &(0x7f0000000100)={r7})
lstat(&(0x7f0000002800)='./file0\x00', &(0x7f0000002900)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000009740)='./file0\x00', &(0x7f0000009780)={0x0, 0x0, 0x0, 0x0, <r10=>0x0, <r11=>0x0}, 0x2000)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000500)="fef294f77f3d160248202661718b458a60f48114de7bdda6d2e1273bc22762cc315ba98698452d25194d502b4cbf61c7fa1703983d3bc2ccb535bf670309c7606ad415488eea74edb42e65902abe07c911f948c926c58d491b68282ea332597e647cd2ef9d7cb4e244f08d2a7d3581a2d67027aa3d0db460d5792b8d38011d26fa507772269fb6214f0195d943dd310a2bf262d45d5aacbdc4f645742df381ed4bcfa38ee761eb2b8e6990db79fad62a4550d8e7494acdf1459317b283f0931d4d623967a25eaf97fdce017b2687f4b80e7e490050c75fd1237c5acb94d845b0f2410595a394510957e18524ba82e5bf90287c818cca2649ea0982c51bc9bb1b140839c2cf2f129207ce8ac32e32186f763464d28eaee2aba6f98f3f4700235e77753ad92dd9d96f1e529a40dcb5ed1451ca572d8887b7a94d5d700838297ebaee60bbc77fb8287df8d5a39fb6927c0beb481e2f5672ab61c0164f698799bce19974a4c8f0cb48c1646f19943e1668d56038c81b75c9bc9bdc4c88a0331aaa8de65c4b72ab8d03606a8945ad4afdb520b985d161fd8329b0d114c5404ea4ff90fd1f1a513fbe2df274f374ebfb448f4b52f7099e4d0b6ed0c64f0e05669ffe4d462d46f4b1e29a939227f00be04ed27fb4dd36a56f8289d6765dc37b701f92851938732040de311bd449f9f3ef50b591df403008f14ec11d7df83aa02ab1b4a809b8a1e5589fe88770fef41837461ea2fa79bded4a6611a7e8711b86f062bcd9aab85961ca46af0e3e52e77c7e1e8395238641e753b8b86c7b3eee2f3d4db72d7d8ac7178b7dd03a817a13bc3cb808424ccad6ba909a1bc729a3cc612c855f7bfe7f409e6c6c75f482e677c0f5cc231dd61a888344ce711ba28babdbbca0e39a310abf6060a2efd6e82c77d56094e1a5a4e9f589ad6e5ab89629f149b7125d20f5cecd604c7171dede37a4f0fe566e108a45e84017cc07485a9c21181d55c2f3c825e6a61b01edb3c053798c3ae842d4be6dd8830265426f0cbdb5280cfd74cdd02b505c4425a3d8d70b360659a129bd777c0cd17bed9bf6111abe27e7713d006182ce1769dc7a4f860ed4b39a01dcfaf9e1a0eb3025912e1b88b17808ca646c0433e1604cf9fd0e76e9ed420ee41acb57f4b9aa292918d38a991e7c54c3ce76d7281be47ca5c2104d0063a9b2230d4855f90b53e2b2c7bb43043f2e85f8d41d4a858ca6eaa32c2295b466fb9345f5d6b06252cf4c4e181bed1125bec1192a9b9210f4b65c1d3d8f6d3dcb8791a9b43565883747e7174c3c345835b0ffde4fd00560b17441d6eb528e39c8a8dc331e496914fd23d2f8d331f42da02c89bb3807852e0dd90b5f8e6cb873315f2e862a232c91405b70d79dc9ff49f4ada6e57528310ae0841106c6adf9526a0025c11e2e52a28d4ee06dd575ed9c4c85ab583226dd92cd4b8fa8e00fe98605ba6b76bd90f76b211c22d7ac409f95143a53994f22283fd651cecab923550b9392c6db4a18493ad951e2d5cf746c39645d61a0693403cb15fa885b44ed1d838d0ecc0955aeb607300d333dc33f0987a18e5b67cc1600f7df64f3cb3938b9381c7675a49ace960873d70cfb4a1594b03a575d501ea08e09c41d16fc5c576ed58da3dd44ae4e21d3f8486f158ab8ce5c6c09d549d732bf2da0c3c4b851cdb64815726807219b9adc1a410f5d9d15f65b9bf42e3cae1cc9a9b2698f48ed55176cee95f8acd80e220eb252a77d7a31f7634eed0011215c2eecf1a1fe5fae85f6771e5441888a191226948ef36cbf5dd6eb9c211283e113fc1f02dabf524cb4ac928c4adc1969bc6bc6d2e41897f13aac0a9e230f2e6a85b5de113c1e0f8a6d9419224f23956e0e9000c3d9b7103ac6e00a34a08f3ba91b449a971d7686aea680a340beff8a5ee1b00f9c90e824515607dbaa747f0a0ab630841f9ae9ad8c4a4edd3b3c903761c5f8a0e20f8985f954c06bb02541d9109f027868bfd00a0ac1fe82f3493c781b769448b4ee462ed0e7f08c51e167abba86773db874ee3125d7b932061f2ce2912d2bca8182758c7395d1f6769a6a3c246b21278305e43b8032c95d562f3a24125f7f1b79feb8a863db663d2bafae23476a1f16c50e6fe50ce86ec2ebe097b54686e46633d9b84a9be2de2b271d339158907ac39bd564dfbe4d969f94785531cd4a27fa42d5d3938340e24dbe15061421efeb799fde44a603aaaddd6acdaa3a529716f63a8214bbd98ab688c6c83498bd9f187085d5df7dbe34184b0a5a62ad69fbbdd2e8778b4cfb9b43cc29ec1632b13c747d5b2b38c8333bdc0d9516ea3c9b022151a1417196ee2cdf62188ed5e05a8905cef1b0da42a84e6053fd77008bf25ad9dbc94b95a07e76fb63df54e9a5ac1e41a9423d498b1bed6a7d9b1eebbc59708ea84aecb1b1712e5f5ac16186f8f991240b2e744eaec42dcded6dec3f050bbb7394ff90002f5015e304b4b47f58c4a16944388ffb15ffd2b0f4e108f45d72693e185f3424fa9ddb45dbcbc1296ee706b38429f8920a18522af39d9025542cf36d9504aa3301f4b4a93294c2b4044e96f4d964d21dc0e99badd1e3b7c2de2343fd9dcb475bbfd7fa0efccb6adfcb968083089738e1c240cf01d5dd0851bfb1cfc6acff79419eda9420b56d1dde44c1661bbfada8cad701a82dcf17050580ee1c02466274c32a02df457a30a54555c251e0338dbf51fc03834502b23b2444eeea8ac8a7a8c11508895994f48cb2a9a737f570f83fd24446ff193b21dfdf48875c2ede3a2a619be123c915f21a29f6738af5ad4234993efcbf0c9b975199e7bef131071ab8fa470384997d12aec650a40d34dc54cf9a0af04f97d64df02c9bce59e91d327fbdcbfdf05f01d549b4aee4e9a7f68c4d654ad1570d4bfaf7a4ba9c13d034079e8406a0e948a18e08cd4ac04e1bf09ae9e6b334be11ff61cee7c763ceb26dd81d7a819b50d8d88192db0a49425ac2ac3b2c68a746bdf9dc621f26517ae6b6e250827da51ffb29f21199a9502c9261826358ffec7134b42dc34fab8fe8615e94803b4d18e3f6ece51d1a276fd996a125a71bc6d4afbdb048dadf97ecd9471bb5a27a2a86ba0b0bcbe7d3e1e3075b109e87267f4921d464ef563a1ca5640adde8838ccedf89cb422738119084fbda890a73f294d6bd305e2cdd57c4f995dc96eeb4cb886bdc22242a6d32f371c3c023b7f5fba29663d896f5133ab8aa7ee8fd27ea6f1981ecb2772b3796d8b910032b5a7b0ad9b8686efa20c1060d1f7291f2e23effd67931b2cead81f09d4cc01effa9554d48336dd7b58ecd0ed80633e21a809a1937c817c3c6b3e126ab68cc12ebfcd3337a534b44bae075f04d73875bbaf6d135ca43ec2188bb06d1072c05ff10af745b9acfd01298ba1865c59dbdc1970cb6654db495a3c877e2c79d4283c2c531b24025e8c5b4d9a3a7fc3e6b6d7762e98066f2c1e2ac881b27a6761870e1df539764bbfa888fe9131ca685b1a9b45a89df2600146ad74282cd9bfb82c123b786b25a8d760d59e3482db800ad86423dfdcd9df4741c38610471321915d9c86a563fb0cf0bb0ded45f4eb121ddfc8c68cc790a042ceff8cd23a7bde1f0a0efe03df92eb6189a27d4570a801e34e7ee3d55bb17ebfc817d601449b87998141fd4267c7dfb9685cc49204669ae8f7ec739b7a39c50cdcdebea63541db2e53a1037e91ba50a8660ee11b6df7cf50551ea446bba9e306ab24d1a039424d4371b7ee8075c1b072151381c805fc16e1afc3a07ae337afb841871a0a187632613b8ae5b81f269990cc69505965fa92b6cf4f19be3ab33db75c19d356c7eb14580c62f249e16e90e397edc88eb3b4df8f1ff27c330d51509daf5b181faacc6f7b1440b37bee2df1372481f0405d1782ae4e31fb837c20072716df93e00635528da442868e4189471a432cd803ce3091ff25df47e0cd06a378917bba9bb33309428390c2aeff2f854260054e7235ec36345fa7dd863c9c80e40e4dd4f0c689b04190f71f8b04850eda92de0a93d6b0db10e74ab0d88f105e8d7b8aaf7b6523ada714fa17f2eb34633b4a663e0fd9e0dc831cd373822593426f639d719484db83605087c45c075945798d8ad6ddb09a24346c80d602607329539d420e59d70fd0d2e38fce35cfc7cae695bcd006eaf606959f6d22ef59a2932b1cf8d49e6bc0a11f87ee0ee6e16258727b97c7eab5ccb25cddc8026f5d3e02cfb5a07978fbd4279fdf00fd6388c70e5daed8e6b9a607263b473db17ed232f94a9161097e6cd6fbaaea7a9516a78e7e93825469de6fda1c09551a612e94b0b565450bbe8a8e25a218fd43d4816718c64bf1800cfc562b8e13edd93950916f30dbefd43d6b4be5a462469b1048bbe573e1c99c7257dc469498b5c4c6fc64e3dc509e28ee41b7085238bd7df014d38c01099b58c0a45677318d6fdb76df838b77223ac738787bb80fd6820ae7432500f4dc01e0d2e24c96bed1ef446d201d76191d81639c1b794823b58659c34dda402c81a061d402c061e8c8cf671b487f94d497b544631548c6245a36a2ebc499aa5b0939fe0432963b21062e2c24ba90d46903a75d37f13cf3002404bc4888210db027e337687f7502b5c7637f8be09b388f4fd4b8e2ff3fd86861b62ce5d0957bd3b5b3e1ba6f690f8dbaf9f428cfd9d545cabd55bb21b98422286c5754428d25945d530d9a623f5da4b20b6986e1d2b7a665a719afa7c8b596a2549145178e8296555dd0148a72de93f2a4422e9c68b30c8ac16d8c889d2ec438db4c431885abfe1f7d662cac8248f77818055ebd2b76f4a28545e473d75fc9c51e328a760f18cdd73779396e54b1ec6f8e6f9123efa5e4f319e6e1997bfcd85fc8fedf71a51c40bbeb9c0762dc54591af03732525e28dda81c5fdd39366e190dc2e759f67ce2c01efdf3443d061559313dba250167ec09bea6ab92991e199b818df2782c13d64df69e7e2af88b51376cb4eaceb8fb5a614d69e1914f8f45e5a95721b54ba8662f250cb4bfcde5366e07dee91c4f8338a6e0be888026300a1f0598f8eb1a323257b152754060ee7bd0ffe06eb6b1809ff54a0dcc86864666fd83c308dd0fb8e105553e8dd345beeee0ddd01600275a77dd37b6674e81517e797e6d4958c61ad7468eef2b3bec52a93829534c7ae7c94b01332b2bf0bac23461e4cbec86c5c5e1c2f62282424a9f6573a7ae57931bd53ff4bdab64d47553f92422faaea84d096387ae9f9c4ebde000959e149ffb3455816ceed4c9edbe6b2e8d0688f05c05de6f3268f0dcf423b077eb78e949c6ed81f404fad6266bcfe505fbdb4c150d4a125cb81b9f799ddf2fcceb8ac5fb2295a22ce3df5a2a89a430bf06bdc6882898f917ec01af4df451a1781eb500626a34e07cfde4696fca08941990a4aababdb5f9de41d0eeb2cb166161004d31cda38bfeab35ff0e9a667d63feafe5bc28e6e7cf40b7d881764bfb98fc3e51034ee978484830ea0e118d032e1750a70ac5e6a5932e3d812970d6a790ef296372961922ab509203e4aa5cf56084c19470b79ef80d6d985440b59e301876e67d5e42de697d7c576a0fc23a0af03617d848f36f11ae7b95428dcfff5743f7ebc875194b00f015fe490c1c24dbecb44960ea67a870d04390ea550166700762a6951be7ad778cd301b7bee550db837a3cf9ab63bfc6065fcb4c740f94c081c1658a4add38eceff75fd1f2711319dc081cb479956cd7a1e2d8df6b519d65f899ca06f508da86b1d6bff8618c872acfba75d19c6a68e727b09bfbd7bdacc02ded4ace5ecfcc15a2038ce87c715bd9300ce29e4fb9f9b7523c91c46d3982f1de9b6b64c07ad1e242209e21ba12b5cb318ea58582b89a81de676d3d9ecdef72498c1f2f90171569ee3a0efc09a9a716b1afe4c26c6db04b54f311f479251b4b614184a20337692f87f2a79620c74be49705faa9762b52874a82c195f7d317e8f9e103f7ee591ac9997ba34bb9dc5150c5cd665911cdef55d846a4dd744808777514dd9cbd554f71cbe186cc1645bc38a46947628192ad73595fc93439f13ff0410721eb413e7f9505fb0d76b14884f8b9a5f45028f31a425077a5ff7e313ef31a61a6314474d9b2591ed1bd99491ff89475a05307411eb8e5f43fb0d565b03792ab335f1b5357eadb2cab6222437d91d619c896e35c19de726a2f2c521a407b961b87b899624f9be4461bfbeef6ddc3a0d55931fcf903dafa2e323d6fbe7457434033b5f7ecfd7b0edc4bc6ad58d6838bda30c9ea4ddd0f48200aedbed4b00887c1fd26901fe9aee69ae2208edfa27f3a113730cafa2f28604fcb390c6cb2e4d0c566fdf85fa39acf8b6cdfb774e635f04a981ebdd50ebde7c6fccccc9083e23fff30e8ff2af09ab67a4a8987d13d78fc36b95e444c4d5cdf5445c771a475c4bf8ad6a5a55ffc2affb0b9c906740c302668df7adeb0502e109b4d9b46a0afd8f0a57e697964041a584ec0b20b931d2bb753d280a8fce5aa05f9f936bf0fb9275b3b1abc3aa4b8ab9bf7abfea6263143b1dfa4eec2db195e4aa6791f71c703ff633ba413642c48f9d5d23c21ad75242c83b2d0015df639e18ecd15775d7c5cd65d7aec4e3ad77fc5a1ba2693c9f6d93411b921d01050d4153b9ad823744a28f460d6a88f99a6637f12c508875f0aade0056a604cd089c74beb885f5f5a01c1711aa57607abacdc6148fe61855bc237f463865ae9b682e172022cb8fbad96e72fc21f6a2835d33eecf7f6b3067663a7359224c19d46af76558dc86eb3be931caeca70d8cc85bd6bd54f76fa768ecd891ccaaa345cd107d746adc146a1ac1e5cf6113a50cdd3f989e999c3e6f767a80175a6570e803768c9dc60fd1c44fa141a824084f08fd5e86ea19b9cb61f7c6b385d80a2ad9c4ed82811fb553be5ffd626824ae3baf62d42601f49482d2a6806cfcda5579bcd068e6e99617bc1ba62ec784e8e29e4247627b89300607abec06d74e15bfdcde39f599065b9e17afbf97a2e7bef55183d23684baf41d70cfa76f1ebff1e396d8beba384e5d931f16aa1af86440b9d22f9af1025bb91f7744e4637d5725663d772f0bf77d69f8b3bd133c0297b44a73c42c6b40df05e5df36654741a6309f2e9547602d2770cf2d461db267c2ef79f4b51ad205e5ce07ff8fd93511256bff1b1a3b6b4e5dc151ab006e341a269d221a82cac7492a6c21a90fe1682545d30b9491e92d2a761a09680a387eb9a3164d74ffdbb37f38056ab86a416378d16b909e344cc23453e05e16427b3f22fe7e8674852fc4b0317c2a52e3259fc064ceb1a6e99b67d6080ba86d363db17dfb07313c115310a98b6d8323ddd5d70082f9260aa8d115bd1ce8d099729be8994d02c66ba089847f52c5d65d021223abde05b8433db184cc68645caf67ec18ae14f2ab24cc1b8249d5ab81553aedfc5cc09f6eb9e70efe901a478b77ed1baa30e22ed42b2124a60851990b61ef5c81d043b3466875ca3aac9399b267177b08d788b39a28272fad981f54c158a337c8916819957dc2bdb747c39e54fcf42ff64d22d0c35f95d4083162eca86a00bc91b3615e02d0b5eaf9de694d38b164e950db2266caad18ee1d1cf9f58639d07173f212c662674869d218d8158c56f453732d6478791c678f2380884b50057e2e54d1efa921cb4195ac391a0d91956da50a6e227874be8328330570a44918e4b1bdc8d861771a4087e0ae6f9b3f47727e167f248b492e08075700d7d6b33191384f6e71572da0308d0c069e081994bcff748ccf8d4168a511d786c0fde72e56e8581489696c68f434016ce0ed689dfb68b58045a23db0004a8a88c1214f3663f4f3f945a20bb36416bdac64f0b0bb2186ff698e3805ca3aac4ef4a1b109810e8699c7c86b4973e6e168fcf6b274d802be2f2cd221ecc417b3c01200e31598e158ad4d72890d3a8fa1cc869b5ba0657d3dbe2967abd2c7fd202bd8e34e2d6f16ab2bf60bc1945ff4781c458cc923cd5783d836e18bba18821b6eb8e7df141b302a64999964949457d2dd8041daf65073b3497b6e12c3a39609dfd7a63cb7a177d5ca4f422d0d06a7b152a920790d5351626a61df25d576f5f30718b3da54a988d6f7e7ebb5297d7bcb3babe135ecf6add15b4eecf8ccb2cff43e3e83c95afcb95cc0d95a81332a030de8df91696a1e6c0766541cbaa67dbb04de8dda63104572d269377a6cace5821608a77091bac1d14c8d40fb0c0dab3de9950f723a4db2cd4532dd6f477c437bbf78b759fd60716e2735adba748f168e692a3da77708aec6ff1befcc41dad3d31644db5a8b5a03b38b898f7c46b52f5f36aa1e1fa7bc8fc1ff0e02ddae14479137cdbe7196b644ea1e83b4aaa6eabb8fa2113b9a4e22c7041f14415077087cd5396232563bdc094b267787695dc429696004406de944f70d0566aada71e3798e8fe74825dfed1b8ac7b0edb60cdb25f4c4cd4c9fa7b3ddc5c4547c27418d1de0c80cdf2d3f3048fdfc035c6065d1900c9f4bc4f6313b6b2501a24bf70ec40e477c2e584c145ec7a1c4cae251cf3fb75336125883db814fcf29cf3eb593d5e6049cb24d2919aa83c488528ec2c49ab5edda17df7d24c34cfa21bafe9828ac3d3949ef34188bcf0ab241d1016ab1af2255534639b4402cb759c73cbe1726dc834b90d50b2a101404177b80619109f1db1e5e9e05fca9c1bef7a784cf3287f919451ce20e0ed062de16c1699d3be2784ef3e02c6e707a17c5ca84e64b1ff319d09df79f07ee0e262486334ce7623c3c2030964c63156cd3bd61f874ea11779753cb35e79f9b0d4ec235cc2fcd56ac39e199ba68cb97524e04c7b6bebcae4b6bd09d110a5a15c3740b609efb3608e2590f394f80f3bf415b617362959dc0f4fa2963ea1f8c9eed82ae1e6e7c115dbbb25a172753d59504b5d69d6c140c105ed5e768a5e033d1912fd2b1398bae648a0acbda0cb466277dc33359bb6f3e43ec4116802885f814691b701d566fa7f765db7b32778873fd72888966721b2c839edbb32f3d33d8a21f5f98bec01b5879bda39888291daf6e3b5586d780b2fbcd3eef74f126050f97b66a930a84e780db3f323603da2c55495c822f23489ed8e4b725f40e6b97866bd1ec86ec0031a1bfaf0aa839c835477ef7bdec24a12318283d100f377571a7ef6f6f8748eb88f130c6a6f78975540647589d10c243ce0c7c6af3ca196678d9614e9639224a6a68629807fb73af4da4a8378b792b75df4bae115e2f499c82d72f9b4aa688ebeafffa841e638a682a8d75e2e590b384185683413440eaff7078b4821f409d4e59cb18ec83caac35f280da856ef49706b6b2f0f1a8ea93e6ebe1a658c6c1305d17d0a3147d4eb5cbec7c2a4fd44071bfa167b5bb7323f760d0d4875c3a2a4d31556cfbc3552ee94295b7b3246e2ec28efed0ec4ea3a8343b7746c919be190f2a0f75bf68f3dd4e080582335a0365b5c48380a8887c6b80f30f44e118663571f44a098994da7a4754a44cc69788454d28be48c79c3355380fd3605793fcd567a403b4221a182e6dd67a6d50b12d662eccbaba782ae0eb146c8462d6a936b4d12be00aeff4b9e6aa45d5e954791361bd0996895c7c69a4f212b63cb3ce5c11ad775c4287ea328fc596ff97430258ac9efcd5fb7791d8e9997107c69bc4a51a5ce3526f03bc22cefb52cb07ca0286e7f65b0b081684bc21dbb68f07444f90ce92933dbf944a00e13a14daaa2301ba3a23c6fad8c49d3ee038d5588b6aadfef3afeed0ff2267168b4a4b3665d83d32d896623d66cbd1aabdd4ca756748e2f720684d3d625af6197eb4e8a19ec48d4d17d57f685261007e7305d4011aeb4eca20bb246b7ae58403afe308660cb769a2cca88d21cda7654709b87a2c476b262f4706688138066b34bb7e56be429bac1ad3561a9fd0f3128f0a5573e61224bb4438ea154c96f9ab60e4c640c1cdbe59d959fd7004c5c215e8c75242cb41ba40ff0062eeaa56396624a36c2859353370bb80b3d090857f97fa6a04373dee07b389a19726ed06c21d89625fed774f1e38d5675d2befced9f6863c34732b2c56613ba93260c36da11e802fd0295a383fcfc8bb4372deebd1f37a4a7dbceb09466da742250ec5f45de301c8486262ce6e4f3db277c845544057a8008bbac4eae8f87dd027f02d56524f9b56f2c64a50edb6d78f271fff2e5303e1ac64a0ca48f78b4f7d75ed4f0b67de4e333ff2512c6ac08f3cdf5d8c213659a7fb10b3dcee68f293effefef91c90fc94314c4d31e06cda54f2d604386d86aa1468f6f59d885b59c629fd658f5e39e6efdd125af5196d2721fafc6d95f51e7617e1d7d585a3e6248e4b4e47798e599c90301cf78e92d842864d28203772f26cbb5db24088b0c830462325b785b3a098c568407fa48e9f351ab76e51e16630a2099dcee3504ef854eca7923e35dfc392dd31810a5d7fa669c3f8b2c9ea20ea0bc2734287650d069be17533a0b465d603833fe07d542f0b9f19463ffa093c8635cd9b395029fd9213699a95ca3748106325a35256c28eed6ee0732c32f944db0f70760c82ce8e9f7d84692264de947854e41bc03e4bed49b2c573436fc514a9a5bf8609977dbbd968b33e2bb05caf884ce4f2464618b52b9bcb2a523b64c5ed3aba69fbc1b579c263fabd3f136793639f28c85198946115a9719ca865b8f05fb75af5b21475e1683847dc1f68e87b792225fae93de23c0c88f137d86f1521f4a1a548aa493ffab8088a8cb5aa593ddd26283ab47082235de3039c3dc48778c62fa21bdb2691c94ae46d04cdbae8da129186d0dd90b00ea7d2adea179703f7f4ab5a30734d4b17c0a66a25e75d1f23860fae2f9b9bbc997ec21c9546c42534fcd06e88771d6c5be29540b16d2d00cb5a0f972c89b19f4736687ac7c58599103f979f5a177d8218f0281812d4f09f9a625b3f419f67ba0e5e6839c8dc0050af88f29e62d8ac48915bf1f4ea81096323f8ab6d07e96b65eb0a171a2b0670049d06314c6fac0a3000ada86bf21a7f92b7148891ad304612a23099f322dc3f41ba97454c8c691be18cec6527e689f8711fcfadeb99e80340dfa1f8742739ab891ed4211d35adc52b4b2fa078ef35d28ba61d88d2f196dc29abd40dfa6091ee17dfe7f18f1f3051f9de7c240c0101cd23c05fb60db576d040fff06bde6a7263b0065129725ea663339733361efb3191255c9485dc772702e0245947f393461ecf1290426c606f234c85c9c4e5414ccc78c6cdc239ae071bac0b91fd4dae024e93316e64ac6610d900989b230f0d05fb645ca31cc8216474fd2982b321cbdcbf108aa525ce81c80574c1aa40de6d68916627b30c327ee02cdb5331753833e58a46ea58c546a7581269f8ff74b2b0f53db915012cd59ec66e991d6f8d1c972413c36dc684ff9d2ffed5b220b4031587bbd3ba0f7b610dcbb4092a3eb1d86b564f0c1bc58e34f43065be1a485536a0d8965b126ab913647cc67a57e6facaca2b999779e1d7f2ceb34b56ec0ecfca3a73f8827a7f10bae0b7c5b30f87eec0b467b9bd8278baacbfcaebb2", 0x2000, &(0x7f0000009940)={&(0x7f0000002500)={0x50, 0x0, 0x35, {0x7, 0x29, 0x170c, 0x2002040, 0x8, 0x9, 0x1, 0x1, 0x0, 0x0, 0x8, 0x1}}, &(0x7f0000000440)={0x18, 0xffffffffffffffda, 0x9, {0x7}}, &(0x7f0000002580)={0x18, 0x0, 0x5, {0x3}}, &(0x7f00000025c0)={0x18, 0x0, 0x0, {0x8}}, &(0x7f0000002600)={0x18, 0xfffffffffffffff5, 0x1, {0x8}}, &(0x7f0000002640)={0x28, 0x0, 0xaeb5, {{0xf, 0x4, 0x1, r5}}}, &(0x7f0000002680)={0x60, 0xfffffffffffffff5, 0x100, {{0x3e, 0x9, 0xb, 0x0, 0x100000000, 0x9, 0x979, 0x502c}}}, &(0x7f0000002700)={0x18, 0xffffffffffffffda, 0x4, {0x40}}, &(0x7f00000027c0)=ANY=[@ANYBLOB="18a441e171431d000074238d0000000000010000408b83a32675a1f0262e254026252d2f00"], &(0x7f0000002780)={0x20, 0x0, 0x7, {0x0, 0xf}}, &(0x7f0000002880)={0x78, 0x0, 0x5, {0x9, 0x7f, 0x0, {0x5, 0x9, 0x0, 0x0, 0x1, 0x5, 0x4, 0x8001, 0x401, 0x1000, 0xb1, 0x0, 0x0, 0x401, 0x4}}}, &(0x7f0000004a00)={0x90, 0xfffffffffffffff5, 0x6, {0x6, 0x1, 0x1, 0x2, 0x7, 0x1, {0x2, 0x196, 0x88, 0x293, 0x3, 0x9, 0x2, 0x6, 0x0, 0x4000, 0x6, r10, 0x0, 0xffffffff, 0x5c34}}}, &(0x7f0000004ac0)=ANY=[@ANYBLOB="c8000000790f0000000000000300000000000000e7f600000000000005000000ed0400005e2b5c262b000000000000000000000006c7000000000000010000000002000023000000000000000600000000000000030000000000000014000000080000002f6465762f6472692f72656e640000000000040000000000000006000000000000000700000000040040776f726b646972000000000000000000020000000100000009000000ff0700002f6465762f66623000"/200], &(0x7f0000008fc0)=ANY=[@ANYBLOB="18050000daffffff0104000000000000030000000000000000000000000000000100000000000000080000000000000007000000070000000000000000000000020000000000000003000000000000000800000000000000030000000000000000000000000000000800000009000000080000000020000001000100", @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="c300000001000000000000000100000000000000050000000000000014000000020000002f6465762f6472692f72656e6465724431323800000000000400000000000000030000000000000001000000000000000800000000000000e40000000503000002000000000000000500000000000000ff0f000000000000f1000000000000004d47000000000000f8ffffffffffffff4700000092000000050000000010000001000000", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0400000002000000000000000300000000000000020000000000000001000000060000002800000000000000040000000000000001000000000000000000000000000000090000000000000009000000060000000100000000000000070000000000000005000000000000000200000000000000010000000000000062000000000000000100008002000000010000000040000009000000", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0001000004000000000000000100000000000000090000000000000002000000130800005e2700000000000005000000000000000200000000000000240000000000000001000000000000800800000009050000020000000000000007000000000000008100000000000000018000000000000000000000000000008608000000000000000000000000000006000000000000000180ffff", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0f000091ec0000000000000300000000000000bf0000000000000008000000090000006f7665726c6179000200000000000000000000000000000000000100000000000400000000000000040000007400000003000000000000000100010000000000070000000000000003000000000000000000010000000000ff0f00000000000000000000a80b00000900000000c0000007000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="07000000020000000000000004000000000000000200000000000000000000007f0000000000000000000000000000000000000000000080ffffffff05000000000000000200000008000000040000000000000004000000000000000b00000000000000ff7f00000000000045000000000000000000000001000000f5ffffff04000000be250000001000000a010000", @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="ff7f000002000000000000000500000000000000070000000000000001000000000800002700000000000000040000000000000003100000000000000100000000000000e8000000000000007f0000000100010005000000000000005c010000000000000500000000000000fffffffffeffffff1d030000000000000300000000000000ad5b0000e4e60000ffffffff00c0000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="060000000600000000000000050000000000000000000700000002000000776f726b6469720002000000000000000200000000000000870400000000000007000000000000000600000002000000010000210000000000000000000000000600000000000000040000000000000001000000000000000000000000000000b300000004000000010000000040000000000100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000012060000000000000000000000000000001d000000000000000200000006000000b700000000000000"], &(0x7f0000009580)={0xa0, 0x0, 0x4, {{0x5, 0x0, 0xfff, 0x1, 0x8, 0x7, {0x2, 0x49, 0x8001, 0x100, 0x4, 0x8, 0xf69, 0x2, 0x4, 0x6000, 0x703, 0x0, 0x0, 0x5, 0x9}}, {0x0, 0x36}}}, &(0x7f0000009640)={0x20, 0xfffffffffffffffe, 0x4, {0x4, 0x0, 0x9, 0x1fff}}, &(0x7f0000009800)={0x130, 0x3d, 0x40, {0x606, 0x5, 0x0, '\x00', {0x4, 0x5, 0x8, 0x9, r9, r11, 0x8000, '\x00', 0x1, 0x3, 0x8000, 0x1, {0x6, 0xab7a}, {0x8, 0xd}, {0x9, 0x3}, {0x0, 0xc018}, 0x7f, 0x0, 0x0, 0xffffaa4e}}}})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r8, 0xc00464c9, &(0x7f0000000400)={r7})
renameat2(r2, &(0x7f0000000480)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x5)

5.137258497s ago: executing program 1 (id=992):
r0 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x1, &(0x7f0000000480)={[0x5]}, &(0x7f00000004c0), 0x8)
r1 = syz_open_dev$media(&(0x7f0000000280), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc0287c02, &(0x7f00000000c0)={0x80000000, 0x0, &(0x7f0000000300)=[{}, {{}, {<r2=>0x80000000}}]})
ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f0000000080)={{}, {r2}, 0x2})
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = msgget$private(0x0, 0x80)
msgctl$IPC_STAT(r4, 0x2, &(0x7f0000000000)=""/121)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
readv(r3, &(0x7f00000001c0)=[{&(0x7f0000000540)=""/227, 0xe3}], 0x1)
r5 = socket$kcm(0x2, 0xa, 0x2)
r6 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r7 = syz_open_dev$vim2m(&(0x7f0000000440), 0x9, 0x2)
ioctl$vim2m_VIDIOC_QBUF(r7, 0xc058560f, &(0x7f00000001c0)=@userptr={0x0, 0xae6ce9e832876da9, 0x4, 0x352c34c113f2f238, 0x0, {}, {0x0, 0xc, 0x6, 0x0, 0x0, 0x0, "0ed290c8"}, 0x0, 0x2, {0x0}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x0, 0x298, 0x200, 0x200, 0x298, 0x330, 0x330, 0x330, 0x330, 0x330, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r8, 0x80047437, &(0x7f0000001f00))
sendmmsg$inet(r8, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001680)=[{0x0}, {&(0x7f00000014c0)="b522f58cec6370a10d37427daf9d9f56e90aedee3c43d823e2b49e7f4940ac1f3c34ec2f13fff4b012f88640c03e0749c61adeb51fc75b2562ec3df7f0d1ab615a1a49df5a3a43c7f8e21de85035c25064745f33da2a835beb159791b0f77933fbe3a9c7bc87d206ce858188a752deb6dd67de97e7fd986c25178289c66bb053663e8a", 0x83}, {0x0}], 0x3}}], 0x1, 0x4004010)

4.514945658s ago: executing program 1 (id=999):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000080)={@val={0x8, 0xf8}, @val={0x2, 0x3, 0x6, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x20, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @multicast1}, {0x4e20, 0x4e22, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x8, 0x0, @void}}}}}, 0x2e)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
process_vm_readv(0xffffffffffffffff, &(0x7f00000018c0)=[{&(0x7f0000000340)=""/160, 0xa0}], 0x1, &(0x7f0000001dc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
socket$kcm(0x2, 0x3, 0x2) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) (async)
write$tun(r0, &(0x7f0000000080)={@val={0x8, 0xf8}, @val={0x2, 0x3, 0x6, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x20, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @multicast1}, {0x4e20, 0x4e22, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x8, 0x0, @void}}}}}, 0x2e) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
process_vm_readv(0xffffffffffffffff, &(0x7f00000018c0)=[{&(0x7f0000000340)=""/160, 0xa0}], 0x1, &(0x7f0000001dc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)

4.418722292s ago: executing program 32 (id=999):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000080)={@val={0x8, 0xf8}, @val={0x2, 0x3, 0x6, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x20, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @multicast1}, {0x4e20, 0x4e22, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x8, 0x0, @void}}}}}, 0x2e)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
process_vm_readv(0xffffffffffffffff, &(0x7f00000018c0)=[{&(0x7f0000000340)=""/160, 0xa0}], 0x1, &(0x7f0000001dc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
socket$kcm(0x2, 0x3, 0x2) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) (async)
write$tun(r0, &(0x7f0000000080)={@val={0x8, 0xf8}, @val={0x2, 0x3, 0x6, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x20, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @multicast1}, {0x4e20, 0x4e22, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x8, 0x0, @void}}}}}, 0x2e) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
process_vm_readv(0xffffffffffffffff, &(0x7f00000018c0)=[{&(0x7f0000000340)=""/160, 0xa0}], 0x1, &(0x7f0000001dc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)

2.693841719s ago: executing program 2 (id=1009):
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0xffff, 0x0, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

2.149515247s ago: executing program 2 (id=1015):
close(0xffffffffffffffff)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f00000003c0)="440f20c0663503000000440f22c0650f01c33e660f3880a80000baf80c66b89446368366efbafc0c66b8f579000066ef0f01c83601c1f0f614b804008ed80f01df0f1ecf", 0x44}], 0x1, 0x0, &(0x7f0000000480)=[@vmwrite={0x8, 0x0, 0x8, 0x0, 0x2, 0x0, 0x3, 0x0, 0x4}, @cstype3={0x5, 0x2}], 0x2)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{0x0, 0xea}, 'syz0\x00', 0x52})
ioctl$UI_DEV_CREATE(r0, 0x5501)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x72, 0x0)
ioctl$EVIOCGEFFECTS(r2, 0x80044584, &(0x7f00000027c0)=""/220)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0xa6e059442bb9cbfd}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x68, r4, 0x200, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xf, 0x28}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x10}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7ff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3ff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x57a9}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000080}, 0x810)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40404}, 0x110)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_PRI(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r6, 0x1, 0x0, 0x400000, {{}, {0x0, 0x410c}, {0x4c, 0x14, {0xfffffff0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xc5, 0xaa, 0x6d, 0x8, 0xccd, 0x38, 0x9903, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x84, 0xdc, 0x6a}}]}}]}}, 0x0)
r7 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000008c0)=@dellinkprop={0x24, 0x2e, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r10, 0x0, 0x10008}, [@IFLA_PROP_LIST={0x4}]}, 0x24}}, 0x0)
close_range(r0, r9, 0x2)
syz_emit_ethernet(0x136, &(0x7f0000000000)={@random="cf702e8cf675", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x100, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @dev, [{0x2, 0x1b, "703b744dc5c6a05fed0c0a28a5c04ec93b15911c51d9f1f265deed8eccd95784a601a0b0e6a4c3111b910f0173045fa2141e5b4595c5c99a9e655650a618f1e1b87d92c6bdc8822504781c5a026526818ceac3312187ff298ddd0b51e329a0555c732fabd5572626bc738bf5440cf57f442ac9bd7656e69c22df50f22d2bbe513c01be63f88b0536f418ebe0bf8f7e1c7ec73cf47ec436ed1d6060a46f881e8d701f56440e5259da2369e350ab54d342e18ac1fc323c56eee2eef13fd238914de7816db149570fe8ec5a49f055ba6a24df8c00000000"}]}}}}}}, 0x0)
pipe2$watch_queue(&(0x7f0000000200)={<r11=>0xffffffffffffffff}, 0x80)
read$watch_queue(r11, &(0x7f0000000300)=""/171, 0xab)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r8}, 0x8)
ioctl$EVIOCGKEYCODE_V2(r7, 0x80284504, &(0x7f0000000040)=""/95)

2.149143172s ago: executing program 0 (id=1016):
mkdir(&(0x7f0000000180)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002a80)=ANY=[@ANYBLOB="b702000004000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x2000, 0x2000, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000500)=""/130, 0x0, 0x0, 0xdf, 0xc4, &(0x7f0000000840)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b710e9246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc6bd5e6effd652c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab4149718d6215a9a3749113c268e49b2b9dae91ed804ea76f9a2b06f7304f6e81221a751008e786e1edde82cf1ecb76cb4cd71cf781ea3a19b917e4ea15b1a6c7ee605b32b91eaa05000000000000002b1e63e9e52ae43197fd72de1f71801e1f9f1369d1f53002960787827692ead840ffcab9ebe21c7aba23d1413d05344f74572c33b3556eb643a3e93344d7cc6ccd5e912c5a474c51b641c4ad9dbd55c3b7e433f3c32e419c67e14c473427fc441dea9e47e889140bfee5294c4caa59c14722cbe83d90bbf32704263036e0ace2eca28a293ad699fdb5264f90c102f67ee6ac215c81075b95a948577e544e4b6f184ef1fd4a0d56bbd8a8b309073af864cee3d19394153539914e1d1b328362d8a6243070e38784ef8219c6f3698fefb178b945f431f7bffa6fea541b237e2280a41a0a2021a6af6cae5d41afc371a0142e89a9cc664b044bb864f6e367c1671e4c8a6e9762f4b13a202c391f803fc6e7074aa1ddfbb4f3d4b1af579be74248d6821478aa2126fcc47bba6c3be2e2086d8cf6aff73b4ba6c16b9a28b6a65804acf3fc5309d5ec66e7b761c981124af931943dc5376913d153088dd9ed4187a817d7a792aa8319936fe33bbada169c922ac157b3aa0c110b416ca17909e50f413ca988c244192d42adfe3432d8a441c95daf3ad7ac362e823df158897dab1d0a239c234a843c8cbb36d266541b38e67530cfd4e5684a3540dccc6fe8bca7f801", &(0x7f00000005c0)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee523318878ee704a8d9502b566cad45587cb74ea8259c1c0a926fc09499395b2db5af40bb6f4c526", 0x1, 0x8000, 0x1}, 0x24)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@verity_on}]})
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
setxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280), &(0x7f0000000380)=@sha1={0x1, "e4a3186656e05fab9468f405313ac4c83f286a14"}, 0x15, 0x1)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)

2.024285039s ago: executing program 0 (id=1017):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x52d35ce30131f272}) (async)
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x149c29da27ce1101) (async)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x304) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, r2, 0xb03}, 0x14}}, 0x0) (async)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000080)={'team0\x00', 0x8})

1.674204748s ago: executing program 0 (id=1018):
r0 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x3, 0x0, 0xffffffff})
r1 = semget$private(0x0, 0x6, 0x0)
semtimedop(r1, &(0x7f0000000180)=[{0x0, 0xfff}], 0x1, 0x0)
semtimedop(r1, &(0x7f0000000040)=[{}, {}], 0x2, 0x0)
semctl$IPC_RMID(r1, 0x0, 0x0)
r2 = getpid()
r3 = getpgid(r2)
kcmp(r2, r3, 0x4, 0xffffffffffffffff, 0xffffffffffffffff)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r5, &(0x7f0000000080), &(0x7f00000002c0)=@tcp6=r4}, 0x20)
close_range(r0, 0xffffffffffffffff, 0x0)

1.395448631s ago: executing program 0 (id=1019):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="d8000000180081034e81f783db4cb9040a1d02", 0x13}], 0x1}, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0xfffd, 0x100, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1b}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000001d80)='~', 0x1}], 0x1, &(0x7f0000000300)=[{0x18, 0x84, 0x0, 'b'}], 0x18, 0x2c010000}, 0x41)

1.183834504s ago: executing program 0 (id=1021):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
io_uring_setup(0x1697, &(0x7f0000000080)={0x0, 0xfc72, 0x40, 0x2, 0x19b}) (async)
r0 = io_uring_setup(0x1697, &(0x7f0000000080)={0x0, 0xfc72, 0x40, 0x2, 0x19b})
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) (async)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x3}) (async)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x2000, 0x3})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
openat(r2, &(0x7f0000000100)='./file0\x00', 0x0, 0x143)
pause()
socket$xdp(0x2c, 0x3, 0x0) (async)
socket$xdp(0x2c, 0x3, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

911.688869ms ago: executing program 3 (id=1022):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c40)=ANY=[@ANYBLOB="4c0000001a001100000000000000000002000000000000000000000005001b0006000000080001007f000001"], 0x4c}}, 0x0)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x30, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}]}, 0x30}}, 0x0)

759.262655ms ago: executing program 3 (id=1023):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="d8000000180081034e81f783db4cb9040a1d02", 0x13}], 0x1}, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0xfffd, 0x100, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1b}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000001d80)='~', 0x1}], 0x1, &(0x7f0000000300)=[{0x18, 0x84, 0x0, 'b'}], 0x18}, 0x41) (fail_nth: 78)

674.936941ms ago: executing program 3 (id=1024):
r0 = syz_open_dev$usbfs(&(0x7f0000002000), 0xd, 0x20041) (async)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) (async)
r1 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0) (async)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0}) (async)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x17, &(0x7f0000000000), 0x4) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000009e842905a6cf878ab18bf420f478a743646e1b4f70ece9c85d8e91db29d50e7e", @ANYRES16=r5, @ANYBLOB="01002cbd7000ffdbdf253900000008000300", @ANYRES32=r3, @ANYBLOB="10005a800c0000800500010011000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
r6 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x101800, 0x0)
ioctl$CDROM_GET_MCN(r6, 0x5311, 0x0)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x2}, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000540)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000500000085000000ba0000005f0000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x600, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550d, 0x0)

500.325699ms ago: executing program 3 (id=1025):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r2, 0x19, &(0x7f0000000180)={0x0, 0x9, 0x1}, 0x0)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x3, 0x2, 0x0, 0xce})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r3, 0x33be, 0xb85, 0x3, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x400, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
r7 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000000), 0x400080, 0x0)
sendmsg$IPSET_CMD_SWAP(r7, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x6, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r7, 0x0, 0x93, 0x92, &(0x7f0000000480)="1044d1aa0fd7334426ebd1b1d3412accf3c9197e195810d6152fd54f88f5672eaa763b041a783a30b366495e49e335e81d1d30fb7462c195270601fef8b62b24ba883e6ae3eedb4b6b6bb3742476096dd5114bab0ef2e13dbb107821c8a98ca6ec38be4a2196d7769e79f3d8bf329b8fdf5428867ac5a4be228ca314d2a13ddf6c67181d534fdb79ccac6d127abf26f06a0922", &(0x7f0000000540)=""/146, 0x100, 0x0, 0x4b, 0xc9, &(0x7f0000000600)="99ce0bd89e16c439f28a50dbebc0d8f7aa228c4a2aa15f60e07d8c8289a85f0b460a3dc989a4f82e6523f7523a341525fa4f78acef9dfb88c823211351d7dca2cc49aa796983df1d7f269d", &(0x7f0000000680)="3371a8f5d30642dc38bee407b55436b5191d5e0d02b8f56fd32363babebf99e6d872cc9457940ae5589f5954930979341364c8a9e8408a1b3712383456e9003f304692bf9819a396c7e153400c46788772f581e56777c7becd51830be583225b61ed44153c862e142667852377e97b8ee028324e810038342f44e387274a71f315c9c2e801a06b85d788727e51beac37b6bbf766a56ea988efe4e57f93d840e42c3f747b90f2c47a597e4ca0c29d382155c654a705d152e13b9d101f48af968efdda41115e244ef7a2", 0x0, 0x0, 0x40}, 0x50)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))

144.155992ms ago: executing program 3 (id=1026):
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x5, 0x62c7, 0x6, 0xcc6, 0x7})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="bc0000002b0001000000000000000000aa0000800c000000000000000000000014000100fe8000000000000000000000000000aa50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd712120765fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b94825661f329ebc92a5856555ee923c65973deb0a99b962bc0fe9400005b23a13934e1e6288c90d5fc8fc36823d9944fc0"], 0xbc}], 0x1}, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000180)={0x800, 0x2, {0x0, 0x1, 0x0, 0x2, 0x1}, 0x1c4d})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRES64=r0, @ANYRES32=0x0, @ANYRESOCT=r0], 0x48}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0)

143.791986ms ago: executing program 0 (id=1027):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth1_to_bond\x00', @ifru_map={0x4, 0x9e, 0x80, 0x3f, 0xf, 0x1}})
ioctl$sock_ifreq(r0, 0x891d, &(0x7f0000000280)={'geneve1\x00', @ifru_data=&(0x7f00000000c0)="2939f9c4afe69c690c57a69f0f1bea12e47f8d16d8bc1ab97b8d52f25d01cfbd"})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup(r1, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_freezer_state(r2, &(0x7f0000000240), 0x2, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x2710, @local}, 0x10)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
r6 = socket$inet6(0xa, 0x80003, 0xff)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="d8000000190081054e81f782db4cb904021d0800fe007c05e8fe55a1040012000a0014260c600e12100005007f370401a8001000200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x19, &(0x7f0000000000), 0x4)
bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
r8 = openat$cgroup_procs(r1, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000180), 0x12)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r5, 0x28, 0x6, &(0x7f0000000080)={0x0, 0x2710}, 0x10)
write$cgroup_freezer_state(r3, &(0x7f0000000200)='THAWED\x00', 0x7)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))

0s ago: executing program 3 (id=1028):
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

kernel console output (not intermixed with test programs):

7ff6b718cde9
[  196.782000][ T8136] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  196.782007][ T8136] RBP: 00007ff6b805f090 R08: 0000000000000000 R09: 0000000000000000
[  196.782051][ T8136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  196.782259][ T8136] R13: 0000000000000000 R14: 00007ff6b73a5fa0 R15: 00007fff39216208
[  196.782423][ T8136]  </TASK>
[  197.150132][    C1] vkms_vblank_simulate: vblank timer overrun
[  197.183176][ T8143] bridge_slave_0: left allmulticast mode
[  197.185960][ T8143] bridge_slave_0: left promiscuous mode
[  197.191397][ T8143] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.204255][ T8143] bridge_slave_1: left allmulticast mode
[  197.211914][ T8143] bridge_slave_1: left promiscuous mode
[  197.215720][ T8143] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.231041][ T8143] bond0: (slave bond_slave_0): Releasing backup interface
[  197.261487][ T8143] bond0: (slave bond_slave_1): Releasing backup interface
[  197.293848][ T8143] team0: Port device team_slave_0 removed
[  197.319155][ T8143] team0: Port device team_slave_1 removed
[  197.322517][ T8143] batman_adv: batadv0: Removing interface: batadv_slave_0
[  197.341343][ T8143] batman_adv: batadv0: Removing interface: batadv_slave_1
[  197.353529][ T8143] bond0: (slave macvlan0): Releasing backup interface
[  197.365453][ T8143] veth1_vlan: left allmulticast mode
[  197.383459][ T8147] team0: Mode changed to "loadbalance"
[  197.468857][    C1] vkms_vblank_simulate: vblank timer overrun
[  197.629288][   T39] audit: type=1400 audit(1739166201.879:11518): avc:  denied  { getopt } for  pid=8156 comm="syz.1.707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  197.685059][    C1] vkms_vblank_simulate: vblank timer overrun
[  197.750095][ T8162] 9pnet: Limiting 'msize' to 512000 as this is the maximum supported by transport virtio
[  197.767710][   T39] audit: type=1400 audit(1739166202.029:11519): avc:  denied  { setattr } for  pid=8155 comm="syz.3.705" name="/" dev="9p" ino=36186104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  197.794761][ T8162] netlink: 44 bytes leftover after parsing attributes in process `syz.3.705'.
[  197.821789][   T39] audit: type=1400 audit(1739166202.069:11520): avc:  denied  { getopt } for  pid=8164 comm="syz.0.708" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  197.841952][ T8160] netlink: 44 bytes leftover after parsing attributes in process `syz.3.705'.
[  197.913222][ T8174] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  198.063121][   T39] audit: type=1400 audit(1739166202.329:11521): avc:  denied  { rename } for  pid=8173 comm="syz.0.710" name="bus" dev="tmpfs" ino=924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  198.065952][ T8178] FAULT_INJECTION: forcing a failure.
[  198.065952][ T8178] name failslab, interval 1, probability 0, space 0, times 0
[  198.098846][    C1] vkms_vblank_simulate: vblank timer overrun
[  198.111134][ T8178] CPU: 1 UID: 0 PID: 8178 Comm: syz.1.711 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  198.111155][ T8178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  198.111164][ T8178] Call Trace:
[  198.111169][ T8178]  <TASK>
[  198.111175][ T8178]  dump_stack_lvl+0x16c/0x1f0
[  198.111200][ T8178]  should_fail_ex+0x50a/0x650
[  198.111226][ T8178]  ? sctp_add_bind_addr+0x9a/0x3d0
[  198.114501][ T8178]  should_failslab+0xc2/0x120
[  198.114549][ T8178]  __kmalloc_cache_noprof+0x68/0x410
[  198.114579][ T8178]  sctp_add_bind_addr+0x9a/0x3d0
[  198.114606][ T8178]  sctp_copy_local_addr_list+0x39e/0x5a0
[  198.130020][ T8178]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  198.130061][ T8178]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  198.130087][ T8178]  ? sctp_bind_addr_copy+0xe0/0x530
[  198.130111][ T8178]  sctp_bind_addr_copy+0xe0/0x530
[  198.130142][ T8178]  sctp_connect_new_asoc+0x1d8/0x790
[  198.130255][ T8178]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  198.130282][ T8178]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  198.130305][ T8178]  sctp_sendmsg+0x1610/0x1eb0
[  198.130323][ T8178]  ? avc_has_perm+0x11b/0x1c0
[  198.130348][ T8178]  ? __pfx_sctp_sendmsg+0x10/0x10
[  198.130374][ T8178]  ? __pfx_sock_has_perm+0x10/0x10
[  198.130396][ T8178]  ? trace_lock_acquire+0x14e/0x1f0
[  198.130420][ T8178]  ? __might_fault+0xe3/0x190
[  198.130440][ T8178]  ? __might_fault+0xe3/0x190
[  198.130459][ T8178]  ? __pfx_sctp_sendmsg+0x10/0x10
[  198.130481][ T8178]  inet_sendmsg+0x119/0x140
[  198.130505][ T8178]  ____sys_sendmsg+0x98c/0xc90
[  198.130535][ T8178]  ? __pfx_____sys_sendmsg+0x10/0x10
[  198.130572][ T8178]  ___sys_sendmsg+0x135/0x1e0
[  198.130595][ T8178]  ? __pfx____sys_sendmsg+0x10/0x10
[  198.130626][ T8178]  ? __pfx_lock_release+0x10/0x10
[  198.130648][ T8178]  ? trace_lock_acquire+0x14e/0x1f0
[  198.130674][ T8178]  ? __fget_files+0x206/0x3a0
[  198.130697][ T8178]  __sys_sendmsg+0x16e/0x220
[  198.130719][ T8178]  ? __pfx___sys_sendmsg+0x10/0x10
[  198.130756][ T8178]  do_syscall_64+0xcd/0x250
[  198.130778][ T8178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.130807][ T8178] RIP: 0033:0x7f86aa78cde9
[  198.130822][ T8178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.130838][ T8178] RSP: 002b:00007f86ab677038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  198.130855][ T8178] RAX: ffffffffffffffda RBX: 00007f86aa9a5fa0 RCX: 00007f86aa78cde9
[  198.130865][ T8178] RDX: 0000000000000041 RSI: 0000400000000600 RDI: 0000000000000003
[  198.130875][ T8178] RBP: 00007f86ab677090 R08: 0000000000000000 R09: 0000000000000000
[  198.130884][ T8178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  198.130893][ T8178] R13: 0000000000000000 R14: 00007f86aa9a5fa0 R15: 00007ffc773f0848
[  198.130916][ T8178]  </TASK>
[  198.358115][    C1] vkms_vblank_simulate: vblank timer overrun
[  198.385678][   T39] audit: type=1400 audit(1739166202.649:11522): avc:  denied  { unmount } for  pid=5952 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  198.497711][   T39] audit: type=1400 audit(1739166202.759:11523): avc:  denied  { map } for  pid=8184 comm="syz.0.713" path="socket:[18382]" dev="sockfs" ino=18382 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  198.501341][ T8183] FAULT_INJECTION: forcing a failure.
[  198.501341][ T8183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  198.525662][   T39] audit: type=1400 audit(1739166202.789:11524): avc:  denied  { ioctl } for  pid=8184 comm="syz.0.713" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0x6612 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  198.575996][ T8183] CPU: 2 UID: 0 PID: 8183 Comm: syz.3.712 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  198.576016][ T8183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  198.576026][ T8183] Call Trace:
[  198.576032][ T8183]  <TASK>
[  198.576045][ T8183]  dump_stack_lvl+0x16c/0x1f0
[  198.576073][ T8183]  should_fail_ex+0x50a/0x650
[  198.576100][ T8183]  _copy_from_user+0x2e/0xd0
[  198.576116][ T8183]  generic_map_update_batch+0x391/0x5f0
[  198.576138][ T8183]  ? __pfx_generic_map_update_batch+0x10/0x10
[  198.576152][ T8183]  ? __fget_files+0x206/0x3a0
[  198.576171][ T8183]  ? __pfx_generic_map_update_batch+0x10/0x10
[  198.576188][ T8183]  bpf_map_do_batch+0x5a8/0x670
[  198.576213][ T8183]  __sys_bpf+0x1ce4/0x49c0
[  198.576250][ T8183]  ? __pfx_lock_release+0x10/0x10
[  198.576272][ T8183]  ? __pfx___sys_bpf+0x10/0x10
[  198.576287][ T8183]  ? vfs_write+0x306/0x1150
[  198.576313][ T8183]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  198.576344][ T8183]  ? fput+0x67/0x440
[  198.576362][ T8183]  ? ksys_write+0x1ba/0x250
[  198.576382][ T8183]  ? __pfx_ksys_write+0x10/0x10
[  198.576406][ T8183]  __x64_sys_bpf+0x78/0xc0
[  198.576422][ T8183]  ? lockdep_hardirqs_on+0x7c/0x110
[  198.576437][ T8183]  do_syscall_64+0xcd/0x250
[  198.576456][ T8183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.576478][ T8183] RIP: 0033:0x7f616ff8cde9
[  198.576494][ T8183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.576511][ T8183] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  198.576527][ T8183] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  198.576537][ T8183] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  198.576546][ T8183] RBP: 00007f6170db1090 R08: 0000000000000000 R09: 0000000000000000
[  198.576555][ T8183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  198.576564][ T8183] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  198.576584][ T8183]  </TASK>
[  198.781107][   T39] audit: type=1326 audit(1739166203.039:11525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8180 comm="syz.1.714" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86aa78cde9 code=0x7fc00000
[  199.026829][ T8199] netfs: Couldn't get user pages (rc=-14)
[  199.036571][ T8202] sp0: Synchronizing with TNC
[  199.288629][  T834] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  199.456594][  T834] usb 6-1: Using ep0 maxpacket: 8
[  199.489476][ T8215] FAULT_INJECTION: forcing a failure.
[  199.489476][ T8215] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.494798][ T8215] CPU: 2 UID: 0 PID: 8215 Comm: syz.3.725 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  199.494821][ T8215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  199.494832][ T8215] Call Trace:
[  199.494840][ T8215]  <TASK>
[  199.494848][ T8215]  dump_stack_lvl+0x16c/0x1f0
[  199.494877][ T8215]  should_fail_ex+0x50a/0x650
[  199.494910][ T8215]  _copy_from_user+0x2e/0xd0
[  199.494930][ T8215]  generic_map_update_batch+0x3ff/0x5f0
[  199.494957][ T8215]  ? __pfx_generic_map_update_batch+0x10/0x10
[  199.494975][ T8215]  ? __fget_files+0x206/0x3a0
[  199.494997][ T8215]  ? __pfx_generic_map_update_batch+0x10/0x10
[  199.495016][ T8215]  bpf_map_do_batch+0x5a8/0x670
[  199.495051][ T8215]  __sys_bpf+0x1ce4/0x49c0
[  199.495069][ T8215]  ? __pfx_lock_release+0x10/0x10
[  199.495097][ T8215]  ? __pfx___sys_bpf+0x10/0x10
[  199.495114][ T8215]  ? vfs_write+0x306/0x1150
[  199.495148][ T8215]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  199.495183][ T8215]  ? fput+0x67/0x440
[  199.495204][ T8215]  ? ksys_write+0x1ba/0x250
[  199.495229][ T8215]  ? __pfx_ksys_write+0x10/0x10
[  199.495260][ T8215]  __x64_sys_bpf+0x78/0xc0
[  199.495279][ T8215]  ? lockdep_hardirqs_on+0x7c/0x110
[  199.495298][ T8215]  do_syscall_64+0xcd/0x250
[  199.495320][ T8215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.495344][ T8215] RIP: 0033:0x7f616ff8cde9
[  199.495359][ T8215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.495376][ T8215] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  199.495393][ T8215] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  199.495404][ T8215] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  199.495414][ T8215] RBP: 00007f6170db1090 R08: 0000000000000000 R09: 0000000000000000
[  199.495424][ T8215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  199.495434][ T8215] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  199.495453][ T8215]  </TASK>
[  199.674502][  T834] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03
[  199.680386][  T834] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.683284][  T834] usb 6-1: Product: syz
[  199.684744][  T834] usb 6-1: Manufacturer: syz
[  199.686970][  T834] usb 6-1: SerialNumber: syz
[  199.699361][  T834] usb 6-1: config 0 descriptor??
[  199.714650][  T834] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
[  199.714684][  T834] dvb-usb: bulk message failed: -22 (2/0)
[  199.714699][  T834] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  199.715091][  T834] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver)
[  199.715126][  T834] usb 6-1: media controller created
[  199.737367][  T834] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  199.772613][  T834] dvb-usb: bulk message failed: -22 (1/0)
[  199.776586][  T834] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver'
[  199.802583][  T834] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input29
[  199.808357][  T834] dvb-usb: schedule remote query interval to 50 msecs.
[  199.827510][  T834] dvb-usb: bulk message failed: -22 (2/0)
[  199.832753][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.836099][  T834] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected.
[  199.882659][  T834] dvb-usb: bulk message failed: -22 (1/0)
[  199.885044][  T834] dvb-usb: error while querying for an remote control event.
[  199.956791][  T834] dvb-usb: bulk message failed: -22 (1/0)
[  199.959491][  T834] dvb-usb: error while querying for an remote control event.
[  199.988848][    C1] vkms_vblank_simulate: vblank timer overrun
[  200.073446][  T834] dvb-usb: bulk message failed: -22 (1/0)
[  200.099483][  T834] dvb-usb: error while querying for an remote control event.
[  200.184242][  T834] dvb-usb: bulk message failed: -22 (1/0)
[  200.187166][  T834] dvb-usb: error while querying for an remote control event.
[  200.208509][    C1] vkms_vblank_simulate: vblank timer overrun
[  200.261808][  T834] dvb-usb: bulk message failed: -22 (1/0)
[  200.264254][  T834] dvb-usb: error while querying for an remote control event.
[  200.267423][   T25] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  200.351673][  T834] dvb-usb: bulk message failed: -22 (1/0)
[  200.354424][  T834] dvb-usb: error while querying for an remote control event.
[  200.437771][  T834] dvb-usb: bulk message failed: -22 (1/0)
[  200.445495][  T834] dvb-usb: error while querying for an remote control event.
[  200.450783][   T25] usb 8-1: Using ep0 maxpacket: 8
[  200.518652][  T834] dvb-usb: bulk message failed: -22 (1/0)
[  200.520881][  T834] dvb-usb: error while querying for an remote control event.
[  200.525859][   T25] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  200.534159][   T25] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  200.537443][   T25] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  200.539041][ T5987] usb 6-1: USB disconnect, device number 12
[  200.582352][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  200.585610][   T25] usb 8-1: config 250 has no interface number 0
[  200.586697][    T8] dvb-usb: error while querying for an remote control event.
[  200.621135][   T25] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  200.659817][   T25] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  200.677772][   T25] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  200.683984][   T25] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  200.695398][   T25] usb 8-1: config 250 interface 228 has no altsetting 0
[  200.711198][   T25] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  200.730612][   T25] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  200.735172][   T25] usb 8-1: Product: syz
[  200.739927][   T25] usb 8-1: SerialNumber: syz
[  200.757134][   T25] hub 8-1:250.228: bad descriptor, ignoring hub
[  200.760196][   T25] hub 8-1:250.228: probe with driver hub failed with error -5
[  200.847552][ T5987] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected.
[  200.859721][    C1] vkms_vblank_simulate: vblank timer overrun
[  200.888160][    C1] vkms_vblank_simulate: vblank timer overrun
[  200.960080][   T25] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 9 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  201.051978][   T25] usb 8-1: USB disconnect, device number 9
[  201.092978][    C1] vkms_vblank_simulate: vblank timer overrun
[  201.095456][   T25] usblp0: removed
[  201.250684][    C1] vkms_vblank_simulate: vblank timer overrun
[  201.350528][    C1] vkms_vblank_simulate: vblank timer overrun
[  201.409202][ T8241] netfs: Couldn't get user pages (rc=-14)
[  201.532596][   T25] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  201.540420][ T8244] netlink: 28 bytes leftover after parsing attributes in process `syz.1.733'.
[  201.546739][ T8244] netlink: 28 bytes leftover after parsing attributes in process `syz.1.733'.
[  201.718770][   T25] usb 8-1: Using ep0 maxpacket: 8
[  201.726979][   T25] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  201.732434][   T25] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  201.751065][   T25] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  201.756799][   T25] usb 8-1: config 250 has no interface number 0
[  201.760562][   T25] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  201.777618][   T25] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  201.791669][   T25] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  201.802171][   T25] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  201.845508][   T25] usb 8-1: config 250 interface 228 has no altsetting 0
[  201.846403][ T8249] FAULT_INJECTION: forcing a failure.
[  201.846403][ T8249] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  201.860774][ T8249] CPU: 3 UID: 0 PID: 8249 Comm: syz.0.734 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  201.860800][ T8249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  201.860810][ T8249] Call Trace:
[  201.860817][ T8249]  <TASK>
[  201.860835][ T8249]  dump_stack_lvl+0x16c/0x1f0
[  201.860862][ T8249]  should_fail_ex+0x50a/0x650
[  201.860887][ T8249]  _copy_from_user+0x2e/0xd0
[  201.860901][ T8249]  generic_map_update_batch+0x391/0x5f0
[  201.860922][ T8249]  ? __pfx_generic_map_update_batch+0x10/0x10
[  201.860934][ T8249]  ? __fget_files+0x206/0x3a0
[  201.860951][ T8249]  ? __pfx_generic_map_update_batch+0x10/0x10
[  201.860966][ T8249]  bpf_map_do_batch+0x5a8/0x670
[  201.860986][ T8249]  __sys_bpf+0x1ce4/0x49c0
[  201.861000][ T8249]  ? __pfx_lock_release+0x10/0x10
[  201.861020][ T8249]  ? __pfx___sys_bpf+0x10/0x10
[  201.861034][ T8249]  ? vfs_write+0x306/0x1150
[  201.861059][ T8249]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  201.861089][ T8249]  ? fput+0x67/0x440
[  201.861105][ T8249]  ? ksys_write+0x1ba/0x250
[  201.861125][ T8249]  ? __pfx_ksys_write+0x10/0x10
[  201.861146][ T8249]  __x64_sys_bpf+0x78/0xc0
[  201.861161][ T8249]  ? lockdep_hardirqs_on+0x7c/0x110
[  201.861176][ T8249]  do_syscall_64+0xcd/0x250
[  201.861194][ T8249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.861214][ T8249] RIP: 0033:0x7ff6b718cde9
[  201.861229][ T8249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.861243][ T8249] RSP: 002b:00007ff6b805f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  201.861259][ T8249] RAX: ffffffffffffffda RBX: 00007ff6b73a5fa0 RCX: 00007ff6b718cde9
[  201.861268][ T8249] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  201.861277][ T8249] RBP: 00007ff6b805f090 R08: 0000000000000000 R09: 0000000000000000
[  201.861286][ T8249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  201.861295][ T8249] R13: 0000000000000000 R14: 00007ff6b73a5fa0 R15: 00007fff39216208
[  201.861316][ T8249]  </TASK>
[  201.866568][   T25] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  201.905028][    C1] vkms_vblank_simulate: vblank timer overrun
[  201.918361][   T25] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  201.918395][   T25] usb 8-1: Product: syz
[  201.918524][   T25] usb 8-1: SerialNumber: syz
[  201.924140][   T25] hub 8-1:250.228: bad descriptor, ignoring hub
[  201.946839][    C1] vkms_vblank_simulate: vblank timer overrun
[  202.127932][   T25] hub 8-1:250.228: probe with driver hub failed with error -5
[  202.147184][   T39] kauditd_printk_skb: 2 callbacks suppressed
[  202.147204][   T39] audit: type=1400 audit(1739166206.399:11528): avc:  denied  { name_bind } for  pid=8221 comm="syz.3.726" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  202.218612][   T39] audit: type=1326 audit(1739166206.449:11529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8221 comm="syz.3.726" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f616ff8cde9 code=0x0
[  202.255197][   T25] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 10 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  202.293288][   T25] usb 8-1: USB disconnect, device number 10
[  202.299118][   T25] usblp0: removed
[  202.439428][   T39] audit: type=1400 audit(1739166206.679:11530): avc:  denied  { getopt } for  pid=8260 comm="syz.1.738" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  202.527247][   T39] audit: type=1400 audit(1739166206.789:11531): avc:  denied  { ioctl } for  pid=8265 comm="syz.0.741" path="socket:[17316]" dev="sockfs" ino=17316 ioctlcmd=0x89b0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  202.539036][   T39] audit: type=1400 audit(1739166206.789:11532): avc:  denied  { name_bind 0x1000000 } for  pid=8265 comm="syz.0.741" path="socket:[17317]" dev="sockfs" ino=17317 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  202.574711][   T39] audit: type=1326 audit(1739166206.789:11533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8265 comm="syz.0.741" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff6b718cde9 code=0x0
[  202.742355][ T8270] netlink: 68 bytes leftover after parsing attributes in process `syz.2.740'.
[  202.858103][   T39] audit: type=1400 audit(1739166207.129:11534): avc:  denied  { create } for  pid=8274 comm="syz.2.743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  202.927691][ T8276] netlink: 60 bytes leftover after parsing attributes in process `syz.1.742'.
[  202.949844][ T8275] netlink: 8 bytes leftover after parsing attributes in process `syz.2.743'.
[  202.963924][ T8275] netlink: 4 bytes leftover after parsing attributes in process `syz.2.743'.
[  202.998774][ T8275] vlan2: entered allmulticast mode
[  203.006103][ T8275] bridge0: port 1(vlan2) entered blocking state
[  203.012183][ T8275] bridge0: port 1(vlan2) entered disabled state
[  203.016992][ T8275] vlan2: entered promiscuous mode
[  203.030796][   T39] audit: type=1400 audit(1739166207.289:11535): avc:  denied  { setopt } for  pid=8274 comm="syz.2.743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  203.056676][ T5293] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  203.201423][ T8283] FAULT_INJECTION: forcing a failure.
[  203.201423][ T8283] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  203.206821][ T8283] CPU: 0 UID: 0 PID: 8283 Comm: syz.2.745 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  203.206847][ T8283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  203.206860][ T8283] Call Trace:
[  203.206870][ T8283]  <TASK>
[  203.206882][ T8283]  dump_stack_lvl+0x16c/0x1f0
[  203.206916][ T8283]  should_fail_ex+0x50a/0x650
[  203.206955][ T8283]  _copy_from_user+0x2e/0xd0
[  203.206978][ T8283]  generic_map_update_batch+0x3ff/0x5f0
[  203.207012][ T8283]  ? __pfx_generic_map_update_batch+0x10/0x10
[  203.207032][ T8283]  ? __fget_files+0x206/0x3a0
[  203.207058][ T8283]  ? __pfx_generic_map_update_batch+0x10/0x10
[  203.207081][ T8283]  bpf_map_do_batch+0x5a8/0x670
[  203.207117][ T8283]  __sys_bpf+0x1ce4/0x49c0
[  203.207140][ T8283]  ? __pfx_lock_release+0x10/0x10
[  203.207175][ T8283]  ? __pfx___sys_bpf+0x10/0x10
[  203.207196][ T8283]  ? vfs_write+0x306/0x1150
[  203.207236][ T8283]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  203.207279][ T8283]  ? fput+0x67/0x440
[  203.207305][ T8283]  ? ksys_write+0x1ba/0x250
[  203.207337][ T8283]  ? __pfx_ksys_write+0x10/0x10
[  203.207375][ T8283]  __x64_sys_bpf+0x78/0xc0
[  203.207399][ T8283]  ? lockdep_hardirqs_on+0x7c/0x110
[  203.207422][ T8283]  do_syscall_64+0xcd/0x250
[  203.207449][ T8283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.207482][ T8283] RIP: 0033:0x7fce16d8cde9
[  203.207503][ T8283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  203.207527][ T8283] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  203.207549][ T8283] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  203.207563][ T8283] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  203.207577][ T8283] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  203.207591][ T8283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  203.207604][ T8283] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  203.207634][ T8283]  </TASK>
[  203.418678][ T8288] netlink: 20 bytes leftover after parsing attributes in process `syz.1.746'.
[  203.599573][   T25] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  203.616645][ T8294] netlink: 48 bytes leftover after parsing attributes in process `syz.1.750'.
[  203.648901][   T39] audit: type=1400 audit(1739166207.919:11536): avc:  denied  { bind } for  pid=8298 comm="syz.0.751" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  203.656088][   T39] audit: type=1400 audit(1739166207.919:11537): avc:  denied  { listen } for  pid=8298 comm="syz.0.751" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  203.705851][ T8294] ptrace attach of "/syz-executor exec"[8304] was attempted by "/syz-executor exec"[8294]
[  203.857470][   T25] usb 7-1: Using ep0 maxpacket: 16
[  203.862937][   T25] usb 7-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  203.875049][   T25] usb 7-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  203.886951][   T25] usb 7-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  203.895064][   T25] usb 7-1: config 0 interface 0 has no altsetting 0
[  203.900269][   T25] usb 7-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  203.906676][   T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.916305][   T25] usb 7-1: config 0 descriptor??
[  204.100716][ T8323] netlink: 20 bytes leftover after parsing attributes in process `syz.1.758'.
[  204.111379][ T8322] FAULT_INJECTION: forcing a failure.
[  204.111379][ T8322] name failslab, interval 1, probability 0, space 0, times 0
[  204.145702][ T8322] CPU: 3 UID: 0 PID: 8322 Comm: syz.3.757 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  204.145734][ T8322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  204.145745][ T8322] Call Trace:
[  204.145751][ T8322]  <TASK>
[  204.145759][ T8322]  dump_stack_lvl+0x16c/0x1f0
[  204.145788][ T8322]  should_fail_ex+0x50a/0x650
[  204.145818][ T8322]  ? sctp_add_bind_addr+0x9a/0x3d0
[  204.145841][ T8322]  should_failslab+0xc2/0x120
[  204.145861][ T8322]  __kmalloc_cache_noprof+0x68/0x410
[  204.145893][ T8322]  sctp_add_bind_addr+0x9a/0x3d0
[  204.145920][ T8322]  sctp_copy_local_addr_list+0x39e/0x5a0
[  204.145941][ T8322]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  204.145962][ T8322]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  204.145988][ T8322]  ? sctp_bind_addr_copy+0xe0/0x530
[  204.146013][ T8322]  sctp_bind_addr_copy+0xe0/0x530
[  204.146049][ T8322]  sctp_connect_new_asoc+0x1d8/0x790
[  204.146076][ T8322]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  204.146105][ T8322]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  204.146127][ T8322]  sctp_sendmsg+0x1610/0x1eb0
[  204.146145][ T8322]  ? avc_has_perm+0x11b/0x1c0
[  204.146167][ T8322]  ? __pfx_sctp_sendmsg+0x10/0x10
[  204.146192][ T8322]  ? __pfx_sock_has_perm+0x10/0x10
[  204.146213][ T8322]  ? trace_lock_acquire+0x14e/0x1f0
[  204.146237][ T8322]  ? __might_fault+0xe3/0x190
[  204.146258][ T8322]  ? __might_fault+0xe3/0x190
[  204.146278][ T8322]  ? __pfx_sctp_sendmsg+0x10/0x10
[  204.146302][ T8322]  inet_sendmsg+0x119/0x140
[  204.146326][ T8322]  ____sys_sendmsg+0x98c/0xc90
[  204.146359][ T8322]  ? __pfx_____sys_sendmsg+0x10/0x10
[  204.146398][ T8322]  ___sys_sendmsg+0x135/0x1e0
[  204.146422][ T8322]  ? __pfx____sys_sendmsg+0x10/0x10
[  204.146454][ T8322]  ? __pfx_lock_release+0x10/0x10
[  204.146477][ T8322]  ? trace_lock_acquire+0x14e/0x1f0
[  204.146506][ T8322]  ? __fget_files+0x206/0x3a0
[  204.146530][ T8322]  __sys_sendmsg+0x16e/0x220
[  204.146552][ T8322]  ? __pfx___sys_sendmsg+0x10/0x10
[  204.146593][ T8322]  do_syscall_64+0xcd/0x250
[  204.146613][ T8322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.146636][ T8322] RIP: 0033:0x7f616ff8cde9
[  204.146652][ T8322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.146667][ T8322] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  204.146684][ T8322] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  204.146694][ T8322] RDX: 0000000000000041 RSI: 0000400000000600 RDI: 0000000000000003
[  204.146704][ T8322] RBP: 00007f6170db1090 R08: 0000000000000000 R09: 0000000000000000
[  204.146714][ T8322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  204.146723][ T8322] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  204.146745][ T8322]  </TASK>
[  204.766724][ T8337] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  204.777482][ T8337] overlayfs: fs on './file0' does not support file handles, falling back to xino=off.
[  204.779093][   T25] usbhid 7-1:0.0: can't add hid device: -71
[  204.786452][   T25] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  204.799806][   T25] usb 7-1: USB disconnect, device number 12
[  204.849027][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.048818][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.246915][ T8353] xt_CT: You must specify a L4 protocol and not use inversions on it
[  205.320015][ T8362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.770'.
[  205.400260][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.426828][ T8361] netlink: 16 bytes leftover after parsing attributes in process `syz.3.769'.
[  205.503434][ T8361] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  205.515498][ T8361] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  205.560154][ T8368] FAULT_INJECTION: forcing a failure.
[  205.560154][ T8368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  205.569165][ T8368] CPU: 1 UID: 0 PID: 8368 Comm: syz.1.771 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  205.569187][ T8368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  205.569232][ T8368] Call Trace:
[  205.569238][ T8368]  <TASK>
[  205.569244][ T8368]  dump_stack_lvl+0x16c/0x1f0
[  205.569270][ T8368]  should_fail_ex+0x50a/0x650
[  205.569299][ T8368]  _copy_from_user+0x2e/0xd0
[  205.569317][ T8368]  generic_map_update_batch+0x3ff/0x5f0
[  205.569341][ T8368]  ? __pfx_generic_map_update_batch+0x10/0x10
[  205.569356][ T8368]  ? __fget_files+0x206/0x3a0
[  205.569376][ T8368]  ? __pfx_generic_map_update_batch+0x10/0x10
[  205.569394][ T8368]  bpf_map_do_batch+0x5a8/0x670
[  205.569418][ T8368]  __sys_bpf+0x1ce4/0x49c0
[  205.569435][ T8368]  ? __pfx_lock_release+0x10/0x10
[  205.569460][ T8368]  ? __pfx___sys_bpf+0x10/0x10
[  205.569474][ T8368]  ? vfs_write+0x306/0x1150
[  205.569500][ T8368]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  205.569529][ T8368]  ? fput+0x67/0x440
[  205.569547][ T8368]  ? ksys_write+0x1ba/0x250
[  205.569570][ T8368]  ? __pfx_ksys_write+0x10/0x10
[  205.569594][ T8368]  __x64_sys_bpf+0x78/0xc0
[  205.569610][ T8368]  ? lockdep_hardirqs_on+0x7c/0x110
[  205.569625][ T8368]  do_syscall_64+0xcd/0x250
[  205.569644][ T8368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.569663][ T8368] RIP: 0033:0x7f86aa78cde9
[  205.569677][ T8368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.569691][ T8368] RSP: 002b:00007f86ab677038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  205.569707][ T8368] RAX: ffffffffffffffda RBX: 00007f86aa9a5fa0 RCX: 00007f86aa78cde9
[  205.569716][ T8368] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  205.569726][ T8368] RBP: 00007f86ab677090 R08: 0000000000000000 R09: 0000000000000000
[  205.569736][ T8368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  205.569745][ T8368] R13: 0000000000000000 R14: 00007f86aa9a5fa0 R15: 00007ffc773f0848
[  205.569764][ T8368]  </TASK>
[  205.773692][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.084597][ T8381] netlink: 'syz.2.778': attribute type 10 has an invalid length.
[  206.219925][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.301959][ T8381] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  206.648954][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.651999][   T68] Bluetooth: hci4: command 0x1003 tx timeout
[  206.679418][ T5293] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  206.761672][ T8391] netlink: 12 bytes leftover after parsing attributes in process `syz.1.779'.
[  206.796915][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.893453][ T8393] ptm ptm3: ldisc open failed (-12), clearing slot 3
[  206.912857][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  206.917585][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  207.022253][ T8398] netlink: 'syz.1.781': attribute type 8 has an invalid length.
[  207.067900][    C1] vkms_vblank_simulate: vblank timer overrun
[  207.266829][    C1] vkms_vblank_simulate: vblank timer overrun
[  207.502707][    C1] vkms_vblank_simulate: vblank timer overrun
[  207.513360][ T8413] FAULT_INJECTION: forcing a failure.
[  207.513360][ T8413] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  207.538307][ T8415] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  207.543580][ T8415] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  207.544180][ T8413] CPU: 2 UID: 0 PID: 8413 Comm: syz.2.785 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  207.544204][ T8413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  207.544215][ T8413] Call Trace:
[  207.544269][ T8413]  <TASK>
[  207.544277][ T8413]  dump_stack_lvl+0x16c/0x1f0
[  207.544631][ T8413]  should_fail_ex+0x50a/0x650
[  207.544851][ T8413]  _copy_from_user+0x2e/0xd0
[  207.544886][ T8413]  generic_map_update_batch+0x391/0x5f0
[  207.544974][ T8413]  ? __pfx_generic_map_update_batch+0x10/0x10
[  207.544991][ T8413]  ? __fget_files+0x206/0x3a0
[  207.545055][ T8413]  ? __pfx_generic_map_update_batch+0x10/0x10
[  207.545068][ T8413]  bpf_map_do_batch+0x5a8/0x670
[  207.545090][ T8413]  __sys_bpf+0x1ce4/0x49c0
[  207.545104][ T8413]  ? __pfx_lock_release+0x10/0x10
[  207.545126][ T8413]  ? __pfx___sys_bpf+0x10/0x10
[  207.545139][ T8413]  ? vfs_write+0x306/0x1150
[  207.545163][ T8413]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  207.545193][ T8413]  ? fput+0x67/0x440
[  207.545210][ T8413]  ? ksys_write+0x1ba/0x250
[  207.545227][ T8413]  ? __pfx_ksys_write+0x10/0x10
[  207.545249][ T8413]  __x64_sys_bpf+0x78/0xc0
[  207.545264][ T8413]  ? lockdep_hardirqs_on+0x7c/0x110
[  207.545278][ T8413]  do_syscall_64+0xcd/0x250
[  207.545295][ T8413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.545334][ T8413] RIP: 0033:0x7fce16d8cde9
[  207.545369][ T8413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.545383][ T8413] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  207.545418][ T8413] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  207.545426][ T8413] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  207.545434][ T8413] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  207.545444][ T8413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  207.545452][ T8413] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  207.545471][ T8413]  </TASK>
[  207.791066][   T39] kauditd_printk_skb: 6 callbacks suppressed
[  207.791083][   T39] audit: type=1400 audit(1739166212.049:11544): avc:  denied  { append } for  pid=8422 comm="syz.0.789" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  207.826840][ T8423] overlayfs: failed to resolve './file1': -2
[  207.868763][ T8425] __nla_validate_parse: 1 callbacks suppressed
[  207.868778][ T8425] netlink: 28 bytes leftover after parsing attributes in process `syz.2.790'.
[  207.910059][   T39] audit: type=1400 audit(1739166212.129:11545): avc:  denied  { write } for  pid=8426 comm="syz.1.791" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  207.926702][ T8429] netlink: 44 bytes leftover after parsing attributes in process `syz.2.790'.
[  207.934269][ T8425] netlink: 28 bytes leftover after parsing attributes in process `syz.2.790'.
[  207.940264][ T8425] netlink: 44 bytes leftover after parsing attributes in process `syz.2.790'.
[  208.009891][ T8433] netlink: 'syz.2.793': attribute type 8 has an invalid length.
[  208.014661][ T8433] netlink: 163260 bytes leftover after parsing attributes in process `syz.2.793'.
[  208.040837][    C1] vkms_vblank_simulate: vblank timer overrun
[  208.091742][   T39] audit: type=1400 audit(1739166212.359:11546): avc:  denied  { setopt } for  pid=8430 comm="syz.1.792" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  208.262519][ T8441] netlink: 'syz.2.796': attribute type 11 has an invalid length.
[  208.298237][ T8441] netlink: 'syz.2.796': attribute type 1 has an invalid length.
[  208.315406][ T8446] Invalid ELF header type: 0 != 1
[  208.338774][   T39] audit: type=1400 audit(1739166212.579:11547): avc:  denied  { module_load } for  pid=8445 comm="syz.1.795" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  208.368296][ T8446] Invalid ELF header type: 3 != 1
[  208.373684][ T8446] Invalid ELF header type: 2 != 1
[  208.378079][ T8441] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.796'.
[  208.378651][ T8446] Invalid ELF header type: 2 != 1
[  208.412420][ T8446] Invalid ELF header type: 2 != 1
[  208.421417][ T8446] Invalid ELF header type: 2 != 1
[  208.431105][ T8446] Invalid ELF header type: 2 != 1
[  208.515561][    C1] vkms_vblank_simulate: vblank timer overrun
[  208.671292][ T8458] FAULT_INJECTION: forcing a failure.
[  208.671292][ T8458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.677314][ T8458] CPU: 1 UID: 0 PID: 8458 Comm: syz.2.799 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  208.677335][ T8458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  208.677344][ T8458] Call Trace:
[  208.677352][ T8458]  <TASK>
[  208.677361][ T8458]  dump_stack_lvl+0x16c/0x1f0
[  208.677391][ T8458]  should_fail_ex+0x50a/0x650
[  208.677418][ T8458]  _copy_from_user+0x2e/0xd0
[  208.677436][ T8458]  generic_map_update_batch+0x3ff/0x5f0
[  208.677460][ T8458]  ? __pfx_generic_map_update_batch+0x10/0x10
[  208.677476][ T8458]  ? __fget_files+0x206/0x3a0
[  208.677495][ T8458]  ? __pfx_generic_map_update_batch+0x10/0x10
[  208.677513][ T8458]  bpf_map_do_batch+0x5a8/0x670
[  208.677541][ T8458]  __sys_bpf+0x1ce4/0x49c0
[  208.677558][ T8458]  ? __pfx_lock_release+0x10/0x10
[  208.677584][ T8458]  ? __pfx___sys_bpf+0x10/0x10
[  208.677599][ T8458]  ? vfs_write+0x306/0x1150
[  208.677630][ T8458]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  208.677664][ T8458]  ? fput+0x67/0x440
[  208.677684][ T8458]  ? ksys_write+0x1ba/0x250
[  208.677708][ T8458]  ? __pfx_ksys_write+0x10/0x10
[  208.677736][ T8458]  __x64_sys_bpf+0x78/0xc0
[  208.677754][ T8458]  ? lockdep_hardirqs_on+0x7c/0x110
[  208.677771][ T8458]  do_syscall_64+0xcd/0x250
[  208.677793][ T8458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.677817][ T8458] RIP: 0033:0x7fce16d8cde9
[  208.677833][ T8458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.677850][ T8458] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  208.677866][ T8458] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  208.677877][ T8458] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  208.677887][ T8458] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  208.677896][ T8458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  208.677906][ T8458] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  208.677927][ T8458]  </TASK>
[  208.908630][   T39] audit: type=1400 audit(1739166213.099:11548): avc:  denied  { accept } for  pid=8460 comm="syz.0.802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  208.911277][    C1] vkms_vblank_simulate: vblank timer overrun
[  208.914083][   T39] audit: type=1400 audit(1739166213.099:11549): avc:  denied  { read } for  pid=8460 comm="syz.0.802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  208.958664][ T8459] netlink: 140 bytes leftover after parsing attributes in process `syz.3.801'.
[  208.992678][ T8459] misc userio: No port type given on /dev/userio
[  209.035356][ T8459] fuse: Unknown parameter 'smackfshat'
[  209.150807][ T8473] netlink: 'syz.3.804': attribute type 8 has an invalid length.
[  209.174336][ T8473] netlink: 163260 bytes leftover after parsing attributes in process `syz.3.804'.
[  209.177365][   T39] audit: type=1326 audit(1739166213.439:11550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8474 comm="syz.1.806" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f86aa78cde9 code=0x0
[  209.331579][ T8482] dlm: non-version read from control device 0
[  209.485059][ T8490] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59 sclass=netlink_xfrm_socket pid=8490 comm=syz.3.810
[  209.492124][ T8490] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=60 sclass=netlink_xfrm_socket pid=8490 comm=syz.3.810
[  209.497338][ T8490] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=52 sclass=netlink_xfrm_socket pid=8490 comm=syz.3.810
[  209.583262][ T8493] FAULT_INJECTION: forcing a failure.
[  209.583262][ T8493] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  209.589308][ T8493] CPU: 0 UID: 0 PID: 8493 Comm: syz.2.811 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  209.589330][ T8493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  209.589339][ T8493] Call Trace:
[  209.589345][ T8493]  <TASK>
[  209.589353][ T8493]  dump_stack_lvl+0x16c/0x1f0
[  209.589380][ T8493]  should_fail_ex+0x50a/0x650
[  209.589409][ T8493]  _copy_from_user+0x2e/0xd0
[  209.589426][ T8493]  generic_map_update_batch+0x391/0x5f0
[  209.589451][ T8493]  ? __pfx_generic_map_update_batch+0x10/0x10
[  209.589466][ T8493]  ? __fget_files+0x206/0x3a0
[  209.589485][ T8493]  ? __pfx_generic_map_update_batch+0x10/0x10
[  209.589502][ T8493]  bpf_map_do_batch+0x5a8/0x670
[  209.589526][ T8493]  __sys_bpf+0x1ce4/0x49c0
[  209.589541][ T8493]  ? __pfx_lock_release+0x10/0x10
[  209.589563][ T8493]  ? __pfx___sys_bpf+0x10/0x10
[  209.589577][ T8493]  ? vfs_write+0x306/0x1150
[  209.589604][ T8493]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  209.589635][ T8493]  ? fput+0x67/0x440
[  209.589651][ T8493]  ? ksys_write+0x1ba/0x250
[  209.589671][ T8493]  ? __pfx_ksys_write+0x10/0x10
[  209.589697][ T8493]  __x64_sys_bpf+0x78/0xc0
[  209.589713][ T8493]  ? lockdep_hardirqs_on+0x7c/0x110
[  209.589728][ T8493]  do_syscall_64+0xcd/0x250
[  209.589747][ T8493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.589771][ T8493] RIP: 0033:0x7fce16d8cde9
[  209.589786][ T8493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.589803][ T8493] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  209.589821][ T8493] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  209.589833][ T8493] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  209.589844][ T8493] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  209.589854][ T8493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  209.589864][ T8493] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  209.589889][ T8493]  </TASK>
[  209.673907][ T8495] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=8495 comm=syz.3.810
[  209.735946][ T8497] fuse: Unknown parameter 'ÿÿÿÿ00000000000000000000004'
[  209.769113][ T8499] program syz.2.813 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  209.773252][   T39] audit: type=1400 audit(1739166214.039:11551): avc:  denied  { create } for  pid=8498 comm="syz.2.813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  209.800497][    C1] vkms_vblank_simulate: vblank timer overrun
[  209.806442][ T8497] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  209.823267][ T8499] program syz.2.813 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  209.896326][ T8502] netlink: 'syz.3.814': attribute type 39 has an invalid length.
[  209.964229][   T39] audit: type=1400 audit(1739166214.229:11552): avc:  denied  { read write } for  pid=8507 comm="syz.2.815" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  210.025136][   T39] audit: type=1400 audit(1739166214.229:11553): avc:  denied  { open } for  pid=8507 comm="syz.2.815" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  210.051766][ T8513] netlink: 200 bytes leftover after parsing attributes in process `syz.0.816'.
[  210.201339][ T8518] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  210.218550][ T8518] IPv6: NLM_F_CREATE should be set when creating new route
[  210.229356][ T8518] IPv6: NLM_F_CREATE should be set when creating new route
[  210.241650][ T8521] netlink: 36 bytes leftover after parsing attributes in process `syz.1.817'.
[  210.464310][ T8542] FAULT_INJECTION: forcing a failure.
[  210.464310][ T8542] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.495157][ T8542] CPU: 3 UID: 0 PID: 8542 Comm: syz.3.822 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  210.495181][ T8542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  210.495190][ T8542] Call Trace:
[  210.495196][ T8542]  <TASK>
[  210.495203][ T8542]  dump_stack_lvl+0x16c/0x1f0
[  210.495235][ T8542]  should_fail_ex+0x50a/0x650
[  210.495263][ T8542]  _copy_from_user+0x2e/0xd0
[  210.495279][ T8542]  generic_map_update_batch+0x3ff/0x5f0
[  210.495304][ T8542]  ? __pfx_generic_map_update_batch+0x10/0x10
[  210.495319][ T8542]  ? __fget_files+0x206/0x3a0
[  210.495339][ T8542]  ? __pfx_generic_map_update_batch+0x10/0x10
[  210.495355][ T8542]  bpf_map_do_batch+0x5a8/0x670
[  210.495379][ T8542]  __sys_bpf+0x1ce4/0x49c0
[  210.495393][ T8542]  ? __pfx_lock_release+0x10/0x10
[  210.495415][ T8542]  ? __pfx___sys_bpf+0x10/0x10
[  210.495429][ T8542]  ? vfs_write+0x306/0x1150
[  210.495457][ T8542]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  210.495488][ T8542]  ? fput+0x67/0x440
[  210.495505][ T8542]  ? ksys_write+0x1ba/0x250
[  210.495525][ T8542]  ? __pfx_ksys_write+0x10/0x10
[  210.495549][ T8542]  __x64_sys_bpf+0x78/0xc0
[  210.495564][ T8542]  ? lockdep_hardirqs_on+0x7c/0x110
[  210.495580][ T8542]  do_syscall_64+0xcd/0x250
[  210.495598][ T8542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.495619][ T8542] RIP: 0033:0x7f616ff8cde9
[  210.495634][ T8542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.495648][ T8542] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  210.495664][ T8542] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  210.495672][ T8542] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  210.495681][ T8542] RBP: 00007f6170db1090 R08: 0000000000000000 R09: 0000000000000000
[  210.495691][ T8542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  210.495707][ T8542] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  210.495727][ T8542]  </TASK>
[  211.017354][    C1] vkms_vblank_simulate: vblank timer overrun
[  211.456795][    C1] vkms_vblank_simulate: vblank timer overrun
[  211.471916][ T8600] netlink: 'syz.0.833': attribute type 1 has an invalid length.
[  211.506797][ T8603] FAULT_INJECTION: forcing a failure.
[  211.506797][ T8603] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  211.512391][ T8603] CPU: 1 UID: 0 PID: 8603 Comm: syz.2.834 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  211.512415][ T8603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  211.512426][ T8603] Call Trace:
[  211.512433][ T8603]  <TASK>
[  211.512440][ T8603]  dump_stack_lvl+0x16c/0x1f0
[  211.512471][ T8603]  should_fail_ex+0x50a/0x650
[  211.512504][ T8603]  _copy_from_user+0x2e/0xd0
[  211.512522][ T8603]  generic_map_update_batch+0x391/0x5f0
[  211.512550][ T8603]  ? __pfx_generic_map_update_batch+0x10/0x10
[  211.512567][ T8603]  ? __fget_files+0x206/0x3a0
[  211.512589][ T8603]  ? __pfx_generic_map_update_batch+0x10/0x10
[  211.512609][ T8603]  bpf_map_do_batch+0x5a8/0x670
[  211.512639][ T8603]  __sys_bpf+0x1ce4/0x49c0
[  211.512657][ T8603]  ? __pfx_lock_release+0x10/0x10
[  211.512711][ T8603]  ? __pfx___sys_bpf+0x10/0x10
[  211.512728][ T8603]  ? vfs_write+0x306/0x1150
[  211.512760][ T8603]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  211.512796][ T8603]  ? fput+0x67/0x440
[  211.512816][ T8603]  ? ksys_write+0x1ba/0x250
[  211.512843][ T8603]  ? __pfx_ksys_write+0x10/0x10
[  211.512875][ T8603]  __x64_sys_bpf+0x78/0xc0
[  211.512895][ T8603]  ? lockdep_hardirqs_on+0x7c/0x110
[  211.512913][ T8603]  do_syscall_64+0xcd/0x250
[  211.512935][ T8603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.512960][ T8603] RIP: 0033:0x7fce16d8cde9
[  211.512976][ T8603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.512999][ T8603] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  211.513017][ T8603] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  211.513029][ T8603] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  211.513039][ T8603] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  211.513050][ T8603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  211.513060][ T8603] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  211.513083][ T8603]  </TASK>
[  211.531399][ T8600] 8021q: adding VLAN 0 to HW filter on device bond2
[  211.583927][    C1] vkms_vblank_simulate: vblank timer overrun
[  211.734850][    C1] vkms_vblank_simulate: vblank timer overrun
[  211.803644][ T8606] bond2: (slave gretap2): making interface the new active one
[  211.825798][ T8606] bond2: (slave gretap2): Enslaving as an active interface with an up link
[  212.082257][    C1] vkms_vblank_simulate: vblank timer overrun
[  212.248972][    C1] vkms_vblank_simulate: vblank timer overrun
[  212.364882][    C1] vkms_vblank_simulate: vblank timer overrun
[  212.400908][    C1] vkms_vblank_simulate: vblank timer overrun
[  212.464932][    C1] vkms_vblank_simulate: vblank timer overrun
[  212.466521][ T8646] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8646 comm=syz.0.846
[  212.532784][    C1] vkms_vblank_simulate: vblank timer overrun
[  212.683654][ T8656] netfs: Couldn't get user pages (rc=-14)
[  212.708811][    C1] vkms_vblank_simulate: vblank timer overrun
[  212.752745][ T8655] SELinux:  policydb magic number 0xff8ca64c does not match expected magic number 0xf97cff8c
[  212.768935][ T8655] SELinux: failed to load policy
[  212.901012][ T8556] Bluetooth: hci4: Frame reassembly failed (-84)
[  213.188856][    C1] vkms_vblank_simulate: vblank timer overrun
[  213.208238][ T8684] sctp: [Deprecated]: syz.2.860 (pid 8684) Use of struct sctp_assoc_value in delayed_ack socket option.
[  213.208238][ T8684] Use struct sctp_sack_info instead
[  213.232760][    C1] vkms_vblank_simulate: vblank timer overrun
[  213.241006][   T39] kauditd_printk_skb: 14 callbacks suppressed
[  213.241028][   T39] audit: type=1400 audit(1739166217.509:11568): avc:  denied  { listen } for  pid=8679 comm="syz.3.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  213.248345][ T8684] sctp: [Deprecated]: syz.2.860 (pid 8684) Use of struct sctp_assoc_value in delayed_ack socket option.
[  213.248345][ T8684] Use struct sctp_sack_info instead
[  213.268995][   T39] audit: type=1400 audit(1739166217.509:11569): avc:  denied  { shutdown } for  pid=8679 comm="syz.3.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  213.269032][   T39] audit: type=1400 audit(1739166217.509:11570): avc:  denied  { accept } for  pid=8679 comm="syz.3.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  213.308617][   T68] Bluetooth: hci0: command 0x0c1a tx timeout
[  213.400799][    C1] vkms_vblank_simulate: vblank timer overrun
[  213.557283][ T8696] use of bytesused == 0 is deprecated and will be removed in the future,
[  213.560874][ T8696] use the actual size instead.
[  213.620107][    C1] vkms_vblank_simulate: vblank timer overrun
[  213.861026][ T8710] FAULT_INJECTION: forcing a failure.
[  213.861026][ T8710] name failslab, interval 1, probability 0, space 0, times 0
[  213.885394][ T8710] CPU: 3 UID: 0 PID: 8710 Comm: syz.1.867 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  213.885419][ T8710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  213.885428][ T8710] Call Trace:
[  213.885434][ T8710]  <TASK>
[  213.885441][ T8710]  dump_stack_lvl+0x16c/0x1f0
[  213.885469][ T8710]  should_fail_ex+0x50a/0x650
[  213.885497][ T8710]  ? sctp_add_bind_addr+0x9a/0x3d0
[  213.885601][ T8710]  should_failslab+0xc2/0x120
[  213.885624][ T8710]  __kmalloc_cache_noprof+0x68/0x410
[  213.885656][ T8710]  sctp_add_bind_addr+0x9a/0x3d0
[  213.885681][ T8710]  sctp_copy_local_addr_list+0x39e/0x5a0
[  213.885711][ T8710]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  213.885732][ T8710]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  213.885756][ T8710]  ? sctp_bind_addr_copy+0xe0/0x530
[  213.885777][ T8710]  sctp_bind_addr_copy+0xe0/0x530
[  213.885805][ T8710]  sctp_connect_new_asoc+0x1d8/0x790
[  213.885827][ T8710]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  213.885852][ T8710]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  213.885875][ T8710]  sctp_sendmsg+0x1610/0x1eb0
[  213.885893][ T8710]  ? avc_has_perm+0x11b/0x1c0
[  213.885966][ T8710]  ? __pfx_sctp_sendmsg+0x10/0x10
[  213.885991][ T8710]  ? __pfx_sock_has_perm+0x10/0x10
[  213.886012][ T8710]  ? trace_lock_acquire+0x14e/0x1f0
[  213.886036][ T8710]  ? __might_fault+0xe3/0x190
[  213.886056][ T8710]  ? __might_fault+0xe3/0x190
[  213.886075][ T8710]  ? __pfx_sctp_sendmsg+0x10/0x10
[  213.886097][ T8710]  inet_sendmsg+0x119/0x140
[  213.886175][ T8710]  ____sys_sendmsg+0x98c/0xc90
[  213.886337][ T8710]  ? __pfx_____sys_sendmsg+0x10/0x10
[  213.886374][ T8710]  ___sys_sendmsg+0x135/0x1e0
[  213.886398][ T8710]  ? __pfx____sys_sendmsg+0x10/0x10
[  213.886430][ T8710]  ? __pfx_lock_release+0x10/0x10
[  213.886453][ T8710]  ? trace_lock_acquire+0x14e/0x1f0
[  213.886479][ T8710]  ? __fget_files+0x206/0x3a0
[  213.886503][ T8710]  __sys_sendmsg+0x16e/0x220
[  213.886525][ T8710]  ? __pfx___sys_sendmsg+0x10/0x10
[  213.886563][ T8710]  do_syscall_64+0xcd/0x250
[  213.886586][ T8710]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.886611][ T8710] RIP: 0033:0x7f86aa78cde9
[  213.886628][ T8710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.886645][ T8710] RSP: 002b:00007f86ab677038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.886663][ T8710] RAX: ffffffffffffffda RBX: 00007f86aa9a5fa0 RCX: 00007f86aa78cde9
[  213.886675][ T8710] RDX: 0000000000000041 RSI: 0000400000000600 RDI: 0000000000000003
[  213.886685][ T8710] RBP: 00007f86ab677090 R08: 0000000000000000 R09: 0000000000000000
[  213.886701][ T8710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  213.886711][ T8710] R13: 0000000000000000 R14: 00007f86aa9a5fa0 R15: 00007ffc773f0848
[  213.886735][ T8710]  </TASK>
[  214.200721][    C1] vkms_vblank_simulate: vblank timer overrun
[  214.249004][ T8722] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  214.266731][ T8722] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  214.275003][ T8722] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  214.283852][ T8722] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  214.294824][ T8722] vxlan0: entered promiscuous mode
[  214.298681][ T8722] vxlan0: entered allmulticast mode
[  214.325948][ T8722] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  214.329779][ T8722] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  214.333375][ T8722] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  214.336892][ T8722] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  214.406753][ T8728] cgroup: name respecified
[  214.470625][   T39] audit: type=1400 audit(1739166218.729:11571): avc:  denied  { accept } for  pid=8724 comm="syz.3.873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  214.488292][ T8728] netlink: 8 bytes leftover after parsing attributes in process `syz.3.873'.
[  214.499406][ T8728] netlink: 'syz.3.873': attribute type 2 has an invalid length.
[  214.510882][ T8728] netlink: 'syz.3.873': attribute type 11 has an invalid length.
[  214.528759][ T8728] netlink: 132 bytes leftover after parsing attributes in process `syz.3.873'.
[  214.822762][ T5950] Bluetooth: hci5: sending frame failed (-49)
[  214.835596][   T68] Bluetooth: hci5: Opcode 0x1003 failed: -49
[  214.910215][ T5293] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  215.106588][ T8743] netlink: 9 bytes leftover after parsing attributes in process `syz.1.879'.
[  215.108981][ T5293] Bluetooth: hci2: unexpected event for opcode 0x200c
[  215.128120][ T8743] gretap0: entered promiscuous mode
[  215.180944][ T8747] FAULT_INJECTION: forcing a failure.
[  215.180944][ T8747] name failslab, interval 1, probability 0, space 0, times 0
[  215.187961][ T8747] CPU: 1 UID: 0 PID: 8747 Comm: syz.2.878 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  215.188019][ T8747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  215.188029][ T8747] Call Trace:
[  215.188072][ T8747]  <TASK>
[  215.188081][ T8747]  dump_stack_lvl+0x16c/0x1f0
[  215.188146][ T8747]  should_fail_ex+0x50a/0x650
[  215.188210][ T8747]  ? sctp_add_bind_addr+0x9a/0x3d0
[  215.188268][ T8747]  should_failslab+0xc2/0x120
[  215.188323][ T8747]  __kmalloc_cache_noprof+0x68/0x410
[  215.188386][ T8747]  sctp_add_bind_addr+0x9a/0x3d0
[  215.188453][ T8747]  sctp_copy_local_addr_list+0x39e/0x5a0
[  215.188509][ T8747]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  215.188561][ T8747]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  215.188584][ T8747]  ? sctp_bind_addr_copy+0xe0/0x530
[  215.188701][ T8747]  sctp_bind_addr_copy+0xe0/0x530
[  215.188763][ T8747]  sctp_connect_new_asoc+0x1d8/0x790
[  215.188787][ T8747]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  215.188846][ T8747]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  215.188902][ T8747]  sctp_sendmsg+0x1610/0x1eb0
[  215.188958][ T8747]  ? avc_has_perm+0x11b/0x1c0
[  215.189016][ T8747]  ? __pfx_sctp_sendmsg+0x10/0x10
[  215.189077][ T8747]  ? __pfx_sock_has_perm+0x10/0x10
[  215.189099][ T8747]  ? trace_lock_acquire+0x14e/0x1f0
[  215.189155][ T8747]  ? __might_fault+0xe3/0x190
[  215.189273][ T8747]  ? __might_fault+0xe3/0x190
[  215.189394][ T8747]  ? __pfx_sctp_sendmsg+0x10/0x10
[  215.189519][ T8747]  inet_sendmsg+0x119/0x140
[  215.189646][ T8747]  ____sys_sendmsg+0x98c/0xc90
[  215.189873][ T8747]  ? __pfx_____sys_sendmsg+0x10/0x10
[  215.190015][ T8747]  ___sys_sendmsg+0x135/0x1e0
[  215.190259][ T8747]  ? __pfx____sys_sendmsg+0x10/0x10
[  215.190287][ T8747]  ? __pfx_lock_release+0x10/0x10
[  215.190307][ T8747]  ? trace_lock_acquire+0x14e/0x1f0
[  215.190332][ T8747]  ? __fget_files+0x206/0x3a0
[  215.190353][ T8747]  __sys_sendmsg+0x16e/0x220
[  215.190373][ T8747]  ? __pfx___sys_sendmsg+0x10/0x10
[  215.190407][ T8747]  do_syscall_64+0xcd/0x250
[  215.190429][ T8747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.190451][ T8747] RIP: 0033:0x7fce16d8cde9
[  215.190467][ T8747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.190482][ T8747] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  215.190498][ T8747] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  215.190506][ T8747] RDX: 0000000000000041 RSI: 0000400000000600 RDI: 0000000000000003
[  215.190515][ T8747] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  215.190523][ T8747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  215.190530][ T8747] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  215.190549][ T8747]  </TASK>
[  215.200485][ T8748] netlink: 5 bytes leftover after parsing attributes in process `syz.1.879'.
[  215.318584][   T39] audit: type=1400 audit(1739166219.569:11572): avc:  denied  { ioctl } for  pid=8749 comm="syz.3.881" path="socket:[20473]" dev="sockfs" ino=20473 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  215.458253][ T8754] FAULT_INJECTION: forcing a failure.
[  215.458253][ T8754] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  215.467049][ T8754] CPU: 1 UID: 0 PID: 8754 Comm: syz.2.882 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  215.467080][ T8754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  215.467092][ T8754] Call Trace:
[  215.467101][ T8754]  <TASK>
[  215.467111][ T8754]  dump_stack_lvl+0x16c/0x1f0
[  215.467143][ T8754]  should_fail_ex+0x50a/0x650
[  215.467174][ T8754]  _copy_from_user+0x2e/0xd0
[  215.467193][ T8754]  generic_map_update_batch+0x391/0x5f0
[  215.467221][ T8754]  ? __pfx_generic_map_update_batch+0x10/0x10
[  215.467238][ T8754]  ? __fget_files+0x206/0x3a0
[  215.467260][ T8754]  ? __pfx_generic_map_update_batch+0x10/0x10
[  215.467276][ T8754]  bpf_map_do_batch+0x5a8/0x670
[  215.467298][ T8754]  __sys_bpf+0x1ce4/0x49c0
[  215.467317][ T8754]  ? __pfx_lock_release+0x10/0x10
[  215.467343][ T8754]  ? __pfx___sys_bpf+0x10/0x10
[  215.467360][ T8754]  ? vfs_write+0x306/0x1150
[  215.467392][ T8754]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  215.467427][ T8754]  ? fput+0x67/0x440
[  215.467448][ T8754]  ? ksys_write+0x1ba/0x250
[  215.467473][ T8754]  ? __pfx_ksys_write+0x10/0x10
[  215.467503][ T8754]  __x64_sys_bpf+0x78/0xc0
[  215.467522][ T8754]  ? lockdep_hardirqs_on+0x7c/0x110
[  215.467540][ T8754]  do_syscall_64+0xcd/0x250
[  215.467560][ T8754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.467585][ T8754] RIP: 0033:0x7fce16d8cde9
[  215.467600][ T8754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.467616][ T8754] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  215.467633][ T8754] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  215.467645][ T8754] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  215.467656][ T8754] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  215.467667][ T8754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  215.467683][ T8754] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  215.467707][ T8754]  </TASK>
[  215.599753][    C1] vkms_vblank_simulate: vblank timer overrun
[  215.634945][ T8745] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.685429][ T8757] netlink: 28 bytes leftover after parsing attributes in process `syz.2.883'.
[  215.689116][ T8757] netlink: 12 bytes leftover after parsing attributes in process `syz.2.883'.
[  215.706001][ T8748] 0ªX¹¦D: renamed from gretap0
[  215.752376][ T8748] 0ªX¹¦D: left promiscuous mode
[  215.754330][ T8748] 0ªX¹¦D: entered allmulticast mode
[  215.762567][ T8748] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  215.850367][ T8745] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.901180][ T8764] overlayfs: upper fs does not support tmpfile.
[  215.925268][   T39] audit: type=1400 audit(1739166220.169:11573): avc:  denied  { mounton } for  pid=8763 comm="syz.2.885" path="/211/file0/bus" dev="bpf" ino=22973 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  216.032101][ T8764] kvm: MWAIT instruction emulated as NOP!
[  216.070503][   T39] audit: type=1400 audit(1739166220.319:11574): avc:  denied  { bind } for  pid=8769 comm="syz.1.887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  216.123970][ T8745] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.310948][   T39] audit: type=1400 audit(1739166220.569:11575): avc:  denied  { setopt } for  pid=8774 comm="syz.1.889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  216.346505][   T39] audit: type=1400 audit(1739166220.609:11576): avc:  denied  { bind } for  pid=8774 comm="syz.1.889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  216.369858][    C1] vkms_vblank_simulate: vblank timer overrun
[  216.445670][ T8745] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.490209][ T8777] »»»»»» speed is unknown, defaulting to 1000
[  216.515029][    C1] vkms_vblank_simulate: vblank timer overrun
[  216.624723][ T8745] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  216.641289][ T8745] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  216.654593][ T8745] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  216.665162][ T8784] FAULT_INJECTION: forcing a failure.
[  216.665162][ T8784] name failslab, interval 1, probability 0, space 0, times 0
[  216.674502][ T8784] CPU: 2 UID: 0 PID: 8784 Comm: syz.1.891 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  216.674528][ T8784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  216.674539][ T8784] Call Trace:
[  216.674546][ T8784]  <TASK>
[  216.674553][ T8784]  dump_stack_lvl+0x16c/0x1f0
[  216.674583][ T8784]  should_fail_ex+0x50a/0x650
[  216.674614][ T8784]  ? sctp_add_bind_addr+0x9a/0x3d0
[  216.674640][ T8784]  should_failslab+0xc2/0x120
[  216.674670][ T8784]  __kmalloc_cache_noprof+0x68/0x410
[  216.674703][ T8784]  sctp_add_bind_addr+0x9a/0x3d0
[  216.674732][ T8784]  sctp_copy_local_addr_list+0x39e/0x5a0
[  216.674755][ T8784]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  216.674778][ T8784]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  216.674804][ T8784]  ? sctp_bind_addr_copy+0xe0/0x530
[  216.674828][ T8784]  sctp_bind_addr_copy+0xe0/0x530
[  216.674860][ T8784]  sctp_connect_new_asoc+0x1d8/0x790
[  216.674884][ T8784]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  216.674907][ T8784]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  216.674928][ T8784]  sctp_sendmsg+0x1610/0x1eb0
[  216.674947][ T8784]  ? avc_has_perm+0x11b/0x1c0
[  216.674972][ T8784]  ? __pfx_sctp_sendmsg+0x10/0x10
[  216.675078][ T8784]  ? __pfx_sock_has_perm+0x10/0x10
[  216.675100][ T8784]  ? trace_lock_acquire+0x14e/0x1f0
[  216.675122][ T8784]  ? __might_fault+0xe3/0x190
[  216.675141][ T8784]  ? __might_fault+0xe3/0x190
[  216.675159][ T8784]  ? __pfx_sctp_sendmsg+0x10/0x10
[  216.675180][ T8784]  inet_sendmsg+0x119/0x140
[  216.675202][ T8784]  ____sys_sendmsg+0x98c/0xc90
[  216.675230][ T8784]  ? __pfx_____sys_sendmsg+0x10/0x10
[  216.675267][ T8784]  ___sys_sendmsg+0x135/0x1e0
[  216.675288][ T8784]  ? __pfx____sys_sendmsg+0x10/0x10
[  216.675318][ T8784]  ? __pfx_lock_release+0x10/0x10
[  216.675337][ T8784]  ? trace_lock_acquire+0x14e/0x1f0
[  216.675362][ T8784]  ? __fget_files+0x206/0x3a0
[  216.675386][ T8784]  __sys_sendmsg+0x16e/0x220
[  216.675406][ T8784]  ? __pfx___sys_sendmsg+0x10/0x10
[  216.675445][ T8784]  do_syscall_64+0xcd/0x250
[  216.675467][ T8784]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.675490][ T8784] RIP: 0033:0x7f86aa78cde9
[  216.675505][ T8784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.675521][ T8784] RSP: 002b:00007f86ab677038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  216.675539][ T8784] RAX: ffffffffffffffda RBX: 00007f86aa9a5fa0 RCX: 00007f86aa78cde9
[  216.675549][ T8784] RDX: 0000000000000041 RSI: 0000400000000600 RDI: 0000000000000003
[  216.675559][ T8784] RBP: 00007f86ab677090 R08: 0000000000000000 R09: 0000000000000000
[  216.675568][ T8784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  216.675577][ T8784] R13: 0000000000000000 R14: 00007f86aa9a5fa0 R15: 00007ffc773f0848
[  216.675600][ T8784]  </TASK>
[  216.676281][ T8745] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  216.732349][ T8786] FAULT_INJECTION: forcing a failure.
[  216.732349][ T8786] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.792755][    C1] vkms_vblank_simulate: vblank timer overrun
[  216.795289][ T8786] CPU: 0 UID: 0 PID: 8786 Comm: syz.1.892 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  216.795312][ T8786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  216.795322][ T8786] Call Trace:
[  216.795391][ T8786]  <TASK>
[  216.795400][ T8786]  dump_stack_lvl+0x16c/0x1f0
[  216.795431][ T8786]  should_fail_ex+0x50a/0x650
[  216.795537][ T8786]  _copy_from_user+0x2e/0xd0
[  216.795556][ T8786]  generic_map_update_batch+0x3ff/0x5f0
[  216.795655][ T8786]  ? __pfx_generic_map_update_batch+0x10/0x10
[  216.795671][ T8786]  ? __fget_files+0x206/0x3a0
[  216.795699][ T8786]  ? __pfx_generic_map_update_batch+0x10/0x10
[  216.795762][ T8786]  bpf_map_do_batch+0x5a8/0x670
[  216.795791][ T8786]  __sys_bpf+0x1ce4/0x49c0
[  216.795852][ T8786]  ? __pfx_lock_release+0x10/0x10
[  216.795878][ T8786]  ? __pfx___sys_bpf+0x10/0x10
[  216.795988][ T8786]  ? vfs_write+0x306/0x1150
[  216.796068][ T8786]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  216.796553][ T8786]  ? fput+0x67/0x440
[  216.796578][ T8786]  ? ksys_write+0x1ba/0x250
[  216.796704][ T8786]  ? __pfx_ksys_write+0x10/0x10
[  216.796771][ T8786]  __x64_sys_bpf+0x78/0xc0
[  216.796834][ T8786]  ? lockdep_hardirqs_on+0x7c/0x110
[  216.796851][ T8786]  do_syscall_64+0xcd/0x250
[  216.796920][ T8786]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.796946][ T8786] RIP: 0033:0x7f86aa78cde9
[  216.796961][ T8786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.797050][ T8786] RSP: 002b:00007f86ab677038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  216.797067][ T8786] RAX: ffffffffffffffda RBX: 00007f86aa9a5fa0 RCX: 00007f86aa78cde9
[  216.797078][ T8786] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  216.797087][ T8786] RBP: 00007f86ab677090 R08: 0000000000000000 R09: 0000000000000000
[  216.797135][ T8786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  216.797143][ T8786] R13: 0000000000000000 R14: 00007f86aa9a5fa0 R15: 00007ffc773f0848
[  216.797202][ T8786]  </TASK>
[  217.187427][    C1] vkms_vblank_simulate: vblank timer overrun
[  217.491971][ T8803] FAULT_INJECTION: forcing a failure.
[  217.491971][ T8803] name failslab, interval 1, probability 0, space 0, times 0
[  217.496779][ T8803] CPU: 2 UID: 0 PID: 8803 Comm: syz.3.900 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  217.496803][ T8803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  217.496812][ T8803] Call Trace:
[  217.496818][ T8803]  <TASK>
[  217.496824][ T8803]  dump_stack_lvl+0x16c/0x1f0
[  217.496852][ T8803]  should_fail_ex+0x50a/0x650
[  217.496879][ T8803]  ? sctp_add_bind_addr+0x9a/0x3d0
[  217.496901][ T8803]  should_failslab+0xc2/0x120
[  217.496927][ T8803]  __kmalloc_cache_noprof+0x68/0x410
[  217.496956][ T8803]  sctp_add_bind_addr+0x9a/0x3d0
[  217.496981][ T8803]  sctp_copy_local_addr_list+0x39e/0x5a0
[  217.497001][ T8803]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  217.497021][ T8803]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  217.497044][ T8803]  ? sctp_bind_addr_copy+0xe0/0x530
[  217.497065][ T8803]  sctp_bind_addr_copy+0xe0/0x530
[  217.497091][ T8803]  sctp_connect_new_asoc+0x1d8/0x790
[  217.497112][ T8803]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  217.497137][ T8803]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  217.497158][ T8803]  sctp_sendmsg+0x1610/0x1eb0
[  217.497175][ T8803]  ? avc_has_perm+0x11b/0x1c0
[  217.497198][ T8803]  ? __pfx_sctp_sendmsg+0x10/0x10
[  217.497221][ T8803]  ? __pfx_sock_has_perm+0x10/0x10
[  217.497241][ T8803]  ? trace_lock_acquire+0x14e/0x1f0
[  217.497264][ T8803]  ? __might_fault+0xe3/0x190
[  217.497283][ T8803]  ? __might_fault+0xe3/0x190
[  217.497300][ T8803]  ? __pfx_sctp_sendmsg+0x10/0x10
[  217.497319][ T8803]  inet_sendmsg+0x119/0x140
[  217.497341][ T8803]  ____sys_sendmsg+0x98c/0xc90
[  217.497368][ T8803]  ? __pfx_____sys_sendmsg+0x10/0x10
[  217.497401][ T8803]  ___sys_sendmsg+0x135/0x1e0
[  217.497421][ T8803]  ? __pfx____sys_sendmsg+0x10/0x10
[  217.497449][ T8803]  ? __pfx_lock_release+0x10/0x10
[  217.497469][ T8803]  ? trace_lock_acquire+0x14e/0x1f0
[  217.497494][ T8803]  ? __fget_files+0x206/0x3a0
[  217.497515][ T8803]  __sys_sendmsg+0x16e/0x220
[  217.497534][ T8803]  ? __pfx___sys_sendmsg+0x10/0x10
[  217.497569][ T8803]  do_syscall_64+0xcd/0x250
[  217.497589][ T8803]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.497611][ T8803] RIP: 0033:0x7f616ff8cde9
[  217.497627][ T8803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.497642][ T8803] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  217.497659][ T8803] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  217.497668][ T8803] RDX: 0000000000000041 RSI: 0000400000000600 RDI: 0000000000000003
[  217.497677][ T8803] RBP: 00007f6170db1090 R08: 0000000000000000 R09: 0000000000000000
[  217.497686][ T8803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  217.497695][ T8803] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  217.497717][ T8803]  </TASK>
[  217.520907][ T8805] netlink: 'syz.0.899': attribute type 1 has an invalid length.
[  217.707877][ T8815] FAULT_INJECTION: forcing a failure.
[  217.707877][ T8815] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  217.722738][ T8815] CPU: 2 UID: 0 PID: 8815 Comm: syz.3.903 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  217.722768][ T8815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  217.722779][ T8815] Call Trace:
[  217.722785][ T8815]  <TASK>
[  217.722792][ T8815]  dump_stack_lvl+0x16c/0x1f0
[  217.722820][ T8815]  should_fail_ex+0x50a/0x650
[  217.722851][ T8815]  _copy_from_user+0x2e/0xd0
[  217.722868][ T8815]  generic_map_update_batch+0x391/0x5f0
[  217.722894][ T8815]  ? __pfx_generic_map_update_batch+0x10/0x10
[  217.722909][ T8815]  ? __fget_files+0x206/0x3a0
[  217.722929][ T8815]  ? __pfx_generic_map_update_batch+0x10/0x10
[  217.722946][ T8815]  bpf_map_do_batch+0x5a8/0x670
[  217.722971][ T8815]  __sys_bpf+0x1ce4/0x49c0
[  217.722987][ T8815]  ? __pfx_lock_release+0x10/0x10
[  217.723012][ T8815]  ? __pfx___sys_bpf+0x10/0x10
[  217.723027][ T8815]  ? vfs_write+0x306/0x1150
[  217.723055][ T8815]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  217.723086][ T8815]  ? fput+0x67/0x440
[  217.723104][ T8815]  ? ksys_write+0x1ba/0x250
[  217.723126][ T8815]  ? __pfx_ksys_write+0x10/0x10
[  217.723152][ T8815]  __x64_sys_bpf+0x78/0xc0
[  217.723169][ T8815]  ? lockdep_hardirqs_on+0x7c/0x110
[  217.723186][ T8815]  do_syscall_64+0xcd/0x250
[  217.723211][ T8815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.723234][ T8815] RIP: 0033:0x7f616ff8cde9
[  217.723249][ T8815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.723265][ T8815] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  217.723282][ T8815] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  217.723292][ T8815] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  217.723302][ T8815] RBP: 00007f6170db1090 R08: 0000000000000000 R09: 0000000000000000
[  217.723312][ T8815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  217.723322][ T8815] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  217.723344][ T8815]  </TASK>
[  217.880044][   T39] audit: type=1400 audit(1739166222.139:11577): avc:  denied  { mount } for  pid=8824 comm="syz.3.905" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  217.910035][ T8822] netlink: 'syz.0.899': attribute type 1 has an invalid length.
[  217.942063][ T8805] bond3: entered promiscuous mode
[  217.965885][ T8805] 8021q: adding VLAN 0 to HW filter on device bond3
[  218.187466][ T8834] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  218.241742][ T8842] vlan2: entered allmulticast mode
[  218.243905][ T8842] bridge_slave_0: entered allmulticast mode
[  218.267424][ T8842] bridge_slave_0: left allmulticast mode
[  218.324761][    C1] vkms_vblank_simulate: vblank timer overrun
[  218.564793][    C1] vkms_vblank_simulate: vblank timer overrun
[  218.780830][    C1] vkms_vblank_simulate: vblank timer overrun
[  218.952734][    C1] vkms_vblank_simulate: vblank timer overrun
[  219.023111][ T8862] FAULT_INJECTION: forcing a failure.
[  219.023111][ T8862] name failslab, interval 1, probability 0, space 0, times 0
[  219.059519][ T8862] CPU: 2 UID: 0 PID: 8862 Comm: syz.2.912 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  219.059550][ T8862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  219.059562][ T8862] Call Trace:
[  219.059567][ T8862]  <TASK>
[  219.059575][ T8862]  dump_stack_lvl+0x16c/0x1f0
[  219.059608][ T8862]  should_fail_ex+0x50a/0x650
[  219.059640][ T8862]  ? sctp_add_bind_addr+0x9a/0x3d0
[  219.059674][ T8862]  should_failslab+0xc2/0x120
[  219.059696][ T8862]  __kmalloc_cache_noprof+0x68/0x410
[  219.059727][ T8862]  sctp_add_bind_addr+0x9a/0x3d0
[  219.059751][ T8862]  sctp_copy_local_addr_list+0x39e/0x5a0
[  219.059772][ T8862]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  219.059791][ T8862]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  219.059814][ T8862]  ? sctp_bind_addr_copy+0xe0/0x530
[  219.059837][ T8862]  sctp_bind_addr_copy+0xe0/0x530
[  219.059867][ T8862]  sctp_connect_new_asoc+0x1d8/0x790
[  219.059890][ T8862]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  219.059916][ T8862]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  219.059937][ T8862]  sctp_sendmsg+0x1610/0x1eb0
[  219.059956][ T8862]  ? avc_has_perm+0x11b/0x1c0
[  219.059978][ T8862]  ? __pfx_sctp_sendmsg+0x10/0x10
[  219.060001][ T8862]  ? __pfx_sock_has_perm+0x10/0x10
[  219.060022][ T8862]  ? trace_lock_acquire+0x14e/0x1f0
[  219.060045][ T8862]  ? __might_fault+0xe3/0x190
[  219.060065][ T8862]  ? __might_fault+0xe3/0x190
[  219.060083][ T8862]  ? __pfx_sctp_sendmsg+0x10/0x10
[  219.060104][ T8862]  inet_sendmsg+0x119/0x140
[  219.060128][ T8862]  ____sys_sendmsg+0x98c/0xc90
[  219.060158][ T8862]  ? __pfx_____sys_sendmsg+0x10/0x10
[  219.060193][ T8862]  ___sys_sendmsg+0x135/0x1e0
[  219.060215][ T8862]  ? __pfx____sys_sendmsg+0x10/0x10
[  219.060245][ T8862]  ? __pfx_lock_release+0x10/0x10
[  219.060268][ T8862]  ? trace_lock_acquire+0x14e/0x1f0
[  219.060295][ T8862]  ? __fget_files+0x206/0x3a0
[  219.060319][ T8862]  __sys_sendmsg+0x16e/0x220
[  219.060340][ T8862]  ? __pfx___sys_sendmsg+0x10/0x10
[  219.060379][ T8862]  do_syscall_64+0xcd/0x250
[  219.060402][ T8862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.060426][ T8862] RIP: 0033:0x7fce16d8cde9
[  219.060442][ T8862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.060461][ T8862] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  219.060482][ T8862] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  219.060495][ T8862] RDX: 0000000000000041 RSI: 0000400000000600 RDI: 0000000000000003
[  219.060507][ T8862] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  219.060517][ T8862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  219.060527][ T8862] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  219.060551][ T8862]  </TASK>
[  219.164459][    C1] vkms_vblank_simulate: vblank timer overrun
[  219.220734][ T8868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.913'.
[  219.241176][    C1] vkms_vblank_simulate: vblank timer overrun
[  219.281812][ T8872] FAULT_INJECTION: forcing a failure.
[  219.281812][ T8872] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.288942][   T39] kauditd_printk_skb: 2 callbacks suppressed
[  219.288956][   T39] audit: type=1400 audit(1739166223.549:11580): avc:  denied  { lock } for  pid=8870 comm="syz.1.914" path="socket:[22111]" dev="sockfs" ino=22111 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  219.314598][ T8872] CPU: 3 UID: 0 PID: 8872 Comm: syz.2.915 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  219.314623][ T8872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  219.314633][ T8872] Call Trace:
[  219.314638][ T8872]  <TASK>
[  219.314644][ T8872]  dump_stack_lvl+0x16c/0x1f0
[  219.314670][ T8872]  should_fail_ex+0x50a/0x650
[  219.314696][ T8872]  _copy_from_user+0x2e/0xd0
[  219.314713][ T8872]  generic_map_update_batch+0x3ff/0x5f0
[  219.314734][ T8872]  ? __pfx_generic_map_update_batch+0x10/0x10
[  219.314747][ T8872]  ? __fget_files+0x206/0x3a0
[  219.314765][ T8872]  ? __pfx_generic_map_update_batch+0x10/0x10
[  219.314780][ T8872]  bpf_map_do_batch+0x5a8/0x670
[  219.314803][ T8872]  __sys_bpf+0x1ce4/0x49c0
[  219.314817][ T8872]  ? __pfx_lock_release+0x10/0x10
[  219.314838][ T8872]  ? __pfx___sys_bpf+0x10/0x10
[  219.314851][ T8872]  ? vfs_write+0x306/0x1150
[  219.314877][ T8872]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  219.314910][ T8872]  ? fput+0x67/0x440
[  219.314926][ T8872]  ? ksys_write+0x1ba/0x250
[  219.314944][ T8872]  ? __pfx_ksys_write+0x10/0x10
[  219.314988][ T8872]  __x64_sys_bpf+0x78/0xc0
[  219.315004][ T8872]  ? lockdep_hardirqs_on+0x7c/0x110
[  219.315020][ T8872]  do_syscall_64+0xcd/0x250
[  219.315039][ T8872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.315059][ T8872] RIP: 0033:0x7fce16d8cde9
[  219.315073][ T8872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  219.315086][ T8872] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  219.315102][ T8872] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  219.315112][ T8872] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  219.315121][ T8872] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  219.315130][ T8872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  219.315139][ T8872] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  219.315160][ T8872]  </TASK>
[  220.233853][ T8894] fuse: Unknown parameter '樲õ'
[  220.419642][ T8902] FAULT_INJECTION: forcing a failure.
[  220.419642][ T8902] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.426729][ T8902] CPU: 2 UID: 0 PID: 8902 Comm: syz.1.925 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  220.426751][ T8902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  220.426761][ T8902] Call Trace:
[  220.426768][ T8902]  <TASK>
[  220.426774][ T8902]  dump_stack_lvl+0x16c/0x1f0
[  220.426801][ T8902]  should_fail_ex+0x50a/0x650
[  220.426826][ T8902]  _copy_from_user+0x2e/0xd0
[  220.426842][ T8902]  generic_map_update_batch+0x391/0x5f0
[  220.426862][ T8902]  ? __pfx_generic_map_update_batch+0x10/0x10
[  220.426875][ T8902]  ? __fget_files+0x206/0x3a0
[  220.426891][ T8902]  ? __pfx_generic_map_update_batch+0x10/0x10
[  220.426905][ T8902]  bpf_map_do_batch+0x5a8/0x670
[  220.426925][ T8902]  __sys_bpf+0x1ce4/0x49c0
[  220.426938][ T8902]  ? __pfx_lock_release+0x10/0x10
[  220.426957][ T8902]  ? __pfx___sys_bpf+0x10/0x10
[  220.426969][ T8902]  ? vfs_write+0x306/0x1150
[  220.426992][ T8902]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  220.427018][ T8902]  ? fput+0x67/0x440
[  220.427032][ T8902]  ? ksys_write+0x1ba/0x250
[  220.427050][ T8902]  ? __pfx_ksys_write+0x10/0x10
[  220.427071][ T8902]  __x64_sys_bpf+0x78/0xc0
[  220.427084][ T8902]  ? lockdep_hardirqs_on+0x7c/0x110
[  220.427097][ T8902]  do_syscall_64+0xcd/0x250
[  220.427113][ T8902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.427132][ T8902] RIP: 0033:0x7f86aa78cde9
[  220.427144][ T8902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.427157][ T8902] RSP: 002b:00007f86ab677038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  220.427170][ T8902] RAX: ffffffffffffffda RBX: 00007f86aa9a5fa0 RCX: 00007f86aa78cde9
[  220.427178][ T8902] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  220.427186][ T8902] RBP: 00007f86ab677090 R08: 0000000000000000 R09: 0000000000000000
[  220.427194][ T8902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  220.427201][ T8902] R13: 0000000000000000 R14: 00007f86aa9a5fa0 R15: 00007ffc773f0848
[  220.427217][ T8902]  </TASK>
[  220.791309][   T39] audit: type=1400 audit(1739166225.059:11581): avc:  denied  { map } for  pid=8909 comm="syz.3.928" path="/dev/vcs1" dev="devtmpfs" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  220.800383][   T39] audit: type=1400 audit(1739166225.059:11582): avc:  denied  { execute } for  pid=8909 comm="syz.3.928" path="/dev/vcs1" dev="devtmpfs" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  220.877444][ T8917] netlink: 'syz.3.930': attribute type 29 has an invalid length.
[  220.891803][ T8918] netlink: 'syz.3.930': attribute type 29 has an invalid length.
[  220.896365][ T8918] netlink: 'syz.3.930': attribute type 29 has an invalid length.
[  220.907610][ T8917] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=5146 sclass=netlink_xfrm_socket pid=8917 comm=syz.3.930
[  220.935691][    C1] vkms_vblank_simulate: vblank timer overrun
[  220.945065][ T8918] netlink: 'syz.3.930': attribute type 29 has an invalid length.
[  220.948055][ T8918] netlink: 'syz.3.930': attribute type 29 has an invalid length.
[  220.992734][ T8918] netlink: 'syz.3.930': attribute type 29 has an invalid length.
[  221.014668][ T8918] netlink: 'syz.3.930': attribute type 29 has an invalid length.
[  221.017705][ T8918] netlink: 'syz.3.930': attribute type 29 has an invalid length.
[  221.033106][    C1] vkms_vblank_simulate: vblank timer overrun
[  221.236790][    C1] vkms_vblank_simulate: vblank timer overrun
[  221.467427][ T8933] FAULT_INJECTION: forcing a failure.
[  221.467427][ T8933] name failslab, interval 1, probability 0, space 0, times 0
[  221.473645][ T8933] CPU: 2 UID: 0 PID: 8933 Comm: syz.1.935 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  221.473664][ T8933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  221.473672][ T8933] Call Trace:
[  221.473677][ T8933]  <TASK>
[  221.473683][ T8933]  dump_stack_lvl+0x16c/0x1f0
[  221.473708][ T8933]  should_fail_ex+0x50a/0x650
[  221.473815][ T8933]  ? sctp_add_bind_addr+0x9a/0x3d0
[  221.473834][ T8933]  should_failslab+0xc2/0x120
[  221.473850][ T8933]  __kmalloc_cache_noprof+0x68/0x410
[  221.473875][ T8933]  sctp_add_bind_addr+0x9a/0x3d0
[  221.473895][ T8933]  sctp_copy_local_addr_list+0x39e/0x5a0
[  221.473918][ T8933]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  221.473935][ T8933]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  221.473954][ T8933]  ? sctp_bind_addr_copy+0xe0/0x530
[  221.473972][ T8933]  sctp_bind_addr_copy+0xe0/0x530
[  221.473994][ T8933]  sctp_connect_new_asoc+0x1d8/0x790
[  221.474013][ T8933]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  221.474033][ T8933]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  221.474050][ T8933]  sctp_sendmsg+0x1610/0x1eb0
[  221.474065][ T8933]  ? avc_has_perm+0x11b/0x1c0
[  221.474084][ T8933]  ? __pfx_sctp_sendmsg+0x10/0x10
[  221.474104][ T8933]  ? __pfx_sock_has_perm+0x10/0x10
[  221.474121][ T8933]  ? trace_lock_acquire+0x14e/0x1f0
[  221.474140][ T8933]  ? __might_fault+0xe3/0x190
[  221.474155][ T8933]  ? __might_fault+0xe3/0x190
[  221.474170][ T8933]  ? __pfx_sctp_sendmsg+0x10/0x10
[  221.474186][ T8933]  inet_sendmsg+0x119/0x140
[  221.474205][ T8933]  ____sys_sendmsg+0x98c/0xc90
[  221.474228][ T8933]  ? __pfx_____sys_sendmsg+0x10/0x10
[  221.474256][ T8933]  ___sys_sendmsg+0x135/0x1e0
[  221.474274][ T8933]  ? __pfx____sys_sendmsg+0x10/0x10
[  221.474297][ T8933]  ? __pfx_lock_release+0x10/0x10
[  221.474314][ T8933]  ? trace_lock_acquire+0x14e/0x1f0
[  221.474338][ T8933]  ? __fget_files+0x206/0x3a0
[  221.474356][ T8933]  __sys_sendmsg+0x16e/0x220
[  221.474372][ T8933]  ? __pfx___sys_sendmsg+0x10/0x10
[  221.474401][ T8933]  do_syscall_64+0xcd/0x250
[  221.474418][ T8933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.474437][ T8933] RIP: 0033:0x7f86aa78cde9
[  221.474451][ T8933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  221.474464][ T8933] RSP: 002b:00007f86ab677038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  221.474480][ T8933] RAX: ffffffffffffffda RBX: 00007f86aa9a5fa0 RCX: 00007f86aa78cde9
[  221.474488][ T8933] RDX: 0000000000000041 RSI: 0000400000000600 RDI: 0000000000000003
[  221.474496][ T8933] RBP: 00007f86ab677090 R08: 0000000000000000 R09: 0000000000000000
[  221.474503][ T8933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  221.474511][ T8933] R13: 0000000000000000 R14: 00007f86aa9a5fa0 R15: 00007ffc773f0848
[  221.474529][ T8933]  </TASK>
[  221.742092][ T8940] FAULT_INJECTION: forcing a failure.
[  221.742092][ T8940] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  221.747303][ T8940] CPU: 3 UID: 0 PID: 8940 Comm: syz.1.937 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  221.747325][ T8940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  221.747334][ T8940] Call Trace:
[  221.747339][ T8940]  <TASK>
[  221.747345][ T8940]  dump_stack_lvl+0x16c/0x1f0
[  221.747373][ T8940]  should_fail_ex+0x50a/0x650
[  221.747399][ T8940]  _copy_from_user+0x2e/0xd0
[  221.747414][ T8940]  generic_map_update_batch+0x3ff/0x5f0
[  221.747439][ T8940]  ? __pfx_generic_map_update_batch+0x10/0x10
[  221.747454][ T8940]  ? __fget_files+0x206/0x3a0
[  221.747471][ T8940]  ? __pfx_generic_map_update_batch+0x10/0x10
[  221.747485][ T8940]  bpf_map_do_batch+0x5a8/0x670
[  221.747508][ T8940]  __sys_bpf+0x1ce4/0x49c0
[  221.747523][ T8940]  ? __pfx_lock_release+0x10/0x10
[  221.747582][ T8940]  ? __pfx___sys_bpf+0x10/0x10
[  221.747596][ T8940]  ? vfs_write+0x306/0x1150
[  221.747622][ T8940]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  221.747651][ T8940]  ? fput+0x67/0x440
[  221.747667][ T8940]  ? ksys_write+0x1ba/0x250
[  221.747688][ T8940]  ? __pfx_ksys_write+0x10/0x10
[  221.747713][ T8940]  __x64_sys_bpf+0x78/0xc0
[  221.747728][ T8940]  ? lockdep_hardirqs_on+0x7c/0x110
[  221.747743][ T8940]  do_syscall_64+0xcd/0x250
[  221.747759][ T8940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.747782][ T8940] RIP: 0033:0x7f86aa78cde9
[  221.747795][ T8940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  221.747809][ T8940] RSP: 002b:00007f86ab677038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  221.747825][ T8940] RAX: ffffffffffffffda RBX: 00007f86aa9a5fa0 RCX: 00007f86aa78cde9
[  221.747834][ T8940] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  221.747843][ T8940] RBP: 00007f86ab677090 R08: 0000000000000000 R09: 0000000000000000
[  221.747852][ T8940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  221.747860][ T8940] R13: 0000000000000000 R14: 00007f86aa9a5fa0 R15: 00007ffc773f0848
[  221.747880][ T8940]  </TASK>
[  221.838632][   T39] audit: type=1400 audit(1739166226.089:11583): avc:  denied  { setopt } for  pid=8941 comm="syz.3.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  221.946232][ T8951] loop2: detected capacity change from 0 to 524287999
[  221.965044][ T8950] netlink: 132 bytes leftover after parsing attributes in process `syz.1.941'.
[  222.005265][ T8950] loop6: detected capacity change from 0 to 524287999
[  222.164702][    C1] vkms_vblank_simulate: vblank timer overrun
[  222.375713][ T8960] FAULT_INJECTION: forcing a failure.
[  222.375713][ T8960] name failslab, interval 1, probability 0, space 0, times 0
[  222.405354][ T8960] CPU: 3 UID: 0 PID: 8960 Comm: syz.3.946 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  222.405377][ T8960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  222.405387][ T8960] Call Trace:
[  222.405392][ T8960]  <TASK>
[  222.405400][ T8960]  dump_stack_lvl+0x16c/0x1f0
[  222.405429][ T8960]  should_fail_ex+0x50a/0x650
[  222.405460][ T8960]  ? sctp_add_bind_addr+0x9a/0x3d0
[  222.405496][ T8960]  should_failslab+0xc2/0x120
[  222.405517][ T8960]  __kmalloc_cache_noprof+0x68/0x410
[  222.405543][ T8960]  sctp_add_bind_addr+0x9a/0x3d0
[  222.405566][ T8960]  sctp_copy_local_addr_list+0x39e/0x5a0
[  222.405586][ T8960]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  222.405605][ T8960]  ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360
[  222.405632][ T8960]  ? sctp_bind_addr_copy+0xe0/0x530
[  222.405652][ T8960]  sctp_bind_addr_copy+0xe0/0x530
[  222.405679][ T8960]  sctp_connect_new_asoc+0x1d8/0x790
[  222.405699][ T8960]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  222.405720][ T8960]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  222.405740][ T8960]  sctp_sendmsg+0x1610/0x1eb0
[  222.405755][ T8960]  ? avc_has_perm+0x11b/0x1c0
[  222.405778][ T8960]  ? __pfx_sctp_sendmsg+0x10/0x10
[  222.405802][ T8960]  ? __pfx_sock_has_perm+0x10/0x10
[  222.405822][ T8960]  ? trace_lock_acquire+0x14e/0x1f0
[  222.405844][ T8960]  ? __might_fault+0xe3/0x190
[  222.405861][ T8960]  ? __might_fault+0xe3/0x190
[  222.405878][ T8960]  ? __pfx_sctp_sendmsg+0x10/0x10
[  222.405897][ T8960]  inet_sendmsg+0x119/0x140
[  222.405921][ T8960]  ____sys_sendmsg+0x98c/0xc90
[  222.405950][ T8960]  ? __pfx_____sys_sendmsg+0x10/0x10
[  222.405982][ T8960]  ___sys_sendmsg+0x135/0x1e0
[  222.406000][ T8960]  ? __pfx____sys_sendmsg+0x10/0x10
[  222.406027][ T8960]  ? __pfx_lock_release+0x10/0x10
[  222.406046][ T8960]  ? trace_lock_acquire+0x14e/0x1f0
[  222.406070][ T8960]  ? __fget_files+0x206/0x3a0
[  222.406091][ T8960]  __sys_sendmsg+0x16e/0x220
[  222.406110][ T8960]  ? __pfx___sys_sendmsg+0x10/0x10
[  222.406142][ T8960]  do_syscall_64+0xcd/0x250
[  222.406162][ T8960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.406183][ T8960] RIP: 0033:0x7f616ff8cde9
[  222.406197][ T8960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.406212][ T8960] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  222.406227][ T8960] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  222.406236][ T8960] RDX: 0000000000000041 RSI: 0000400000000600 RDI: 0000000000000003
[  222.406245][ T8960] RBP: 00007f6170db1090 R08: 0000000000000000 R09: 0000000000000000
[  222.406253][ T8960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  222.406262][ T8960] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  222.406282][ T8960]  </TASK>
[  222.517244][ T8966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.947'.
[  222.549931][    C1] vkms_vblank_simulate: vblank timer overrun
[  222.608328][   T39] audit: type=1400 audit(1739166226.869:11584): avc:  denied  { accept } for  pid=8962 comm="syz.2.947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  222.821784][ T8972] FAULT_INJECTION: forcing a failure.
[  222.821784][ T8972] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  222.835191][ T8972] CPU: 3 UID: 0 PID: 8972 Comm: syz.3.950 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  222.837243][ T8972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  222.837254][ T8972] Call Trace:
[  222.837260][ T8972]  <TASK>
[  222.837271][ T8972]  dump_stack_lvl+0x16c/0x1f0
[  222.837299][ T8972]  should_fail_ex+0x50a/0x650
[  222.837330][ T8972]  _copy_from_user+0x2e/0xd0
[  222.837348][ T8972]  generic_map_update_batch+0x391/0x5f0
[  222.837373][ T8972]  ? __pfx_generic_map_update_batch+0x10/0x10
[  222.837390][ T8972]  ? __fget_files+0x206/0x3a0
[  222.837410][ T8972]  ? __pfx_generic_map_update_batch+0x10/0x10
[  222.837428][ T8972]  bpf_map_do_batch+0x5a8/0x670
[  222.837453][ T8972]  __sys_bpf+0x1ce4/0x49c0
[  222.837469][ T8972]  ? __pfx_lock_release+0x10/0x10
[  222.837493][ T8972]  ? __pfx___sys_bpf+0x10/0x10
[  222.837505][ T8972]  ? vfs_write+0x306/0x1150
[  222.837528][ T8972]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  222.837551][ T8972]  ? fput+0x67/0x440
[  222.837576][ T8972]  ? ksys_write+0x1ba/0x250
[  222.837598][ T8972]  ? __pfx_ksys_write+0x10/0x10
[  222.837626][ T8972]  __x64_sys_bpf+0x78/0xc0
[  222.837643][ T8972]  ? lockdep_hardirqs_on+0x7c/0x110
[  222.837660][ T8972]  do_syscall_64+0xcd/0x250
[  222.837681][ T8972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.837705][ T8972] RIP: 0033:0x7f616ff8cde9
[  222.837721][ T8972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.837737][ T8972] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  222.837753][ T8972] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  222.837764][ T8972] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  222.837774][ T8972] RBP: 00007f6170db1090 R08: 0000000000000000 R09: 0000000000000000
[  222.837784][ T8972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  222.837793][ T8972] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  222.837814][ T8972]  </TASK>
[  222.932830][    C1] vkms_vblank_simulate: vblank timer overrun
[  223.011263][   T39] audit: type=1400 audit(1739166227.279:11585): avc:  denied  { read } for  pid=8974 comm="syz.3.951" lport=3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  223.035990][    C1] vkms_vblank_simulate: vblank timer overrun
[  223.180677][    C1] vkms_vblank_simulate: vblank timer overrun
[  223.312951][ T8984] netlink: 16 bytes leftover after parsing attributes in process `syz.1.955'.
[  223.362856][   T39] audit: type=1400 audit(1739166227.629:11586): avc:  denied  { create } for  pid=8985 comm="syz.0.956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  223.448543][   T39] audit: type=1400 audit(1739166227.709:11587): avc:  denied  { map } for  pid=8985 comm="syz.0.956" path="/dev/bus/usb/002/001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  223.550999][   T39] audit: type=1400 audit(1739166227.809:11588): avc:  denied  { execute } for  pid=8985 comm="syz.0.956" path="/dev/bus/usb/002/001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  223.738216][   T39] audit: type=1400 audit(1739166227.999:11589): avc:  denied  { map } for  pid=8993 comm="syz.2.958" path="socket:[23930]" dev="sockfs" ino=23930 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  223.924700][    C1] vkms_vblank_simulate: vblank timer overrun
[  223.979151][ T8997] FAULT_INJECTION: forcing a failure.
[  223.979151][ T8997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  223.985428][ T8997] CPU: 0 UID: 0 PID: 8997 Comm: syz.0.959 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  223.985452][ T8997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  223.985464][ T8997] Call Trace:
[  223.985472][ T8997]  <TASK>
[  223.985481][ T8997]  dump_stack_lvl+0x16c/0x1f0
[  223.985511][ T8997]  should_fail_ex+0x50a/0x650
[  223.985540][ T8997]  _copy_from_user+0x2e/0xd0
[  223.985558][ T8997]  generic_map_update_batch+0x3ff/0x5f0
[  223.985585][ T8997]  ? __pfx_generic_map_update_batch+0x10/0x10
[  223.985602][ T8997]  ? __fget_files+0x206/0x3a0
[  223.985623][ T8997]  ? __pfx_generic_map_update_batch+0x10/0x10
[  223.985638][ T8997]  bpf_map_do_batch+0x5a8/0x670
[  223.985665][ T8997]  __sys_bpf+0x1ce4/0x49c0
[  223.985683][ T8997]  ? __pfx_lock_release+0x10/0x10
[  223.985708][ T8997]  ? __pfx___sys_bpf+0x10/0x10
[  223.985724][ T8997]  ? vfs_write+0x306/0x1150
[  223.985755][ T8997]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  223.985797][ T8997]  ? fput+0x67/0x440
[  223.985817][ T8997]  ? ksys_write+0x1ba/0x250
[  223.985839][ T8997]  ? __pfx_ksys_write+0x10/0x10
[  223.985866][ T8997]  __x64_sys_bpf+0x78/0xc0
[  223.985885][ T8997]  ? lockdep_hardirqs_on+0x7c/0x110
[  223.985902][ T8997]  do_syscall_64+0xcd/0x250
[  223.985924][ T8997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.985946][ T8997] RIP: 0033:0x7ff6b718cde9
[  223.985962][ T8997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.985979][ T8997] RSP: 002b:00007ff6b805f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  223.985996][ T8997] RAX: ffffffffffffffda RBX: 00007ff6b73a5fa0 RCX: 00007ff6b718cde9
[  223.986006][ T8997] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  223.986016][ T8997] RBP: 00007ff6b805f090 R08: 0000000000000000 R09: 0000000000000000
[  223.986025][ T8997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  223.986032][ T8997] R13: 0000000000000000 R14: 00007ff6b73a5fa0 R15: 00007fff39216208
[  223.986051][ T8997]  </TASK>
[  224.000485][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  224.537592][ T9014] netfs: Couldn't get user pages (rc=-14)
[  224.690692][  T836] e1000 0000:00:06.0 eth0: Reset adapter
[  224.707261][ T9026] validate_nla: 18 callbacks suppressed
[  224.707283][ T9026] netlink: 'syz.0.969': attribute type 4 has an invalid length.
[  224.721622][ T9026] netlink: 17 bytes leftover after parsing attributes in process `syz.0.969'.
[  224.917925][    C1] vkms_vblank_simulate: vblank timer overrun
[  225.188819][    T9] usb 8-1: new low-speed USB device number 11 using dummy_hcd
[  225.214753][ T9041] Invalid ELF header type: 0 != 1
[  225.361983][ T9048] FAULT_INJECTION: forcing a failure.
[  225.361983][ T9048] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.367687][ T9048] CPU: 2 UID: 0 PID: 9048 Comm: syz.2.973 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  225.367708][ T9048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  225.367719][ T9048] Call Trace:
[  225.367728][ T9048]  <TASK>
[  225.367737][ T9048]  dump_stack_lvl+0x16c/0x1f0
[  225.367763][ T9048]  should_fail_ex+0x50a/0x650
[  225.367789][ T9048]  _copy_from_user+0x2e/0xd0
[  225.367805][ T9048]  generic_map_update_batch+0x391/0x5f0
[  225.367828][ T9048]  ? __pfx_generic_map_update_batch+0x10/0x10
[  225.367843][ T9048]  ? __fget_files+0x206/0x3a0
[  225.367862][ T9048]  ? __pfx_generic_map_update_batch+0x10/0x10
[  225.367878][ T9048]  bpf_map_do_batch+0x5a8/0x670
[  225.367902][ T9048]  __sys_bpf+0x1ce4/0x49c0
[  225.367917][ T9048]  ? __pfx_lock_release+0x10/0x10
[  225.367939][ T9048]  ? __pfx___sys_bpf+0x10/0x10
[  225.367953][ T9048]  ? vfs_write+0x306/0x1150
[  225.367978][ T9048]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  225.368006][ T9048]  ? fput+0x67/0x440
[  225.368024][ T9048]  ? ksys_write+0x1ba/0x250
[  225.368044][ T9048]  ? __pfx_ksys_write+0x10/0x10
[  225.368068][ T9048]  __x64_sys_bpf+0x78/0xc0
[  225.368084][ T9048]  ? lockdep_hardirqs_on+0x7c/0x110
[  225.368100][ T9048]  do_syscall_64+0xcd/0x250
[  225.368118][ T9048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.368140][ T9048] RIP: 0033:0x7fce16d8cde9
[  225.368155][ T9048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.368170][ T9048] RSP: 002b:00007fce17b22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  225.368186][ T9048] RAX: ffffffffffffffda RBX: 00007fce16fa5fa0 RCX: 00007fce16d8cde9
[  225.368196][ T9048] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  225.368204][ T9048] RBP: 00007fce17b22090 R08: 0000000000000000 R09: 0000000000000000
[  225.368213][ T9048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  225.368222][ T9048] R13: 0000000000000000 R14: 00007fce16fa5fa0 R15: 00007ffdaf421dd8
[  225.368241][ T9048]  </TASK>
[  225.650745][ T9052] netlink: 12 bytes leftover after parsing attributes in process `syz.0.975'.
[  225.692710][    C1] vkms_vblank_simulate: vblank timer overrun
[  225.752619][    C1] vkms_vblank_simulate: vblank timer overrun
[  225.817388][    C1] vkms_vblank_simulate: vblank timer overrun
[  226.000776][    C1] vkms_vblank_simulate: vblank timer overrun
[  226.668902][   T68] Bluetooth: hci3: command 0x0c1a tx timeout
[  227.139799][ T6939] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[  227.533182][    C1] vkms_vblank_simulate: vblank timer overrun
[  229.833691][    C1] vkms_vblank_simulate: vblank timer overrun
[  229.876054][    C1] vkms_vblank_simulate: vblank timer overrun
[  232.096884][    C1] vkms_vblank_simulate: vblank timer overrun
[  233.648683][    C1] vkms_vblank_simulate: vblank timer overrun
[  234.452618][    C1] vkms_vblank_simulate: vblank timer overrun
[  238.300236][ T9079] netlink: 36 bytes leftover after parsing attributes in process `syz.1.977'.
[  238.470984][ T9098] netlink: 'syz.0.981': attribute type 1 has an invalid length.
[  238.474557][ T9098] netlink: 4 bytes leftover after parsing attributes in process `syz.0.981'.
[  238.514565][ T9087] netfs: Couldn't get user pages (rc=-14)
[  238.663321][ T9107] FAULT_INJECTION: forcing a failure.
[  238.663321][ T9107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  238.669608][ T9107] CPU: 1 UID: 0 PID: 9107 Comm: syz.1.986 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  238.669632][ T9107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  238.669643][ T9107] Call Trace:
[  238.669651][ T9107]  <TASK>
[  238.669659][ T9107]  dump_stack_lvl+0x16c/0x1f0
[  238.669690][ T9107]  should_fail_ex+0x50a/0x650
[  238.669719][ T9107]  _copy_from_user+0x2e/0xd0
[  238.669737][ T9107]  generic_map_update_batch+0x3ff/0x5f0
[  238.669767][ T9107]  ? __pfx_generic_map_update_batch+0x10/0x10
[  238.669782][ T9107]  ? __fget_files+0x206/0x3a0
[  238.669802][ T9107]  ? __pfx_generic_map_update_batch+0x10/0x10
[  238.669819][ T9107]  bpf_map_do_batch+0x5a8/0x670
[  238.669842][ T9107]  __sys_bpf+0x1ce4/0x49c0
[  238.669858][ T9107]  ? __pfx_lock_release+0x10/0x10
[  238.669881][ T9107]  ? __pfx___sys_bpf+0x10/0x10
[  238.669896][ T9107]  ? vfs_write+0x306/0x1150
[  238.669924][ T9107]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  238.669959][ T9107]  ? fput+0x67/0x440
[  238.669978][ T9107]  ? ksys_write+0x1ba/0x250
[  238.670000][ T9107]  ? __pfx_ksys_write+0x10/0x10
[  238.670027][ T9107]  __x64_sys_bpf+0x78/0xc0
[  238.670043][ T9107]  ? lockdep_hardirqs_on+0x7c/0x110
[  238.670059][ T9107]  do_syscall_64+0xcd/0x250
[  238.670078][ T9107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.670101][ T9107] RIP: 0033:0x7f86aa78cde9
[  238.670116][ T9107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  238.670132][ T9107] RSP: 002b:00007f86ab677038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  238.670150][ T9107] RAX: ffffffffffffffda RBX: 00007f86aa9a5fa0 RCX: 00007f86aa78cde9
[  238.670160][ T9107] RDX: 0000000000000038 RSI: 0000400000000900 RDI: 000000000000001a
[  238.670170][ T9107] RBP: 00007f86ab677090 R08: 0000000000000000 R09: 0000000000000000
[  238.670179][ T9107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  238.670189][ T9107] R13: 0000000000000000 R14: 00007f86aa9a5fa0 R15: 00007ffc773f0848
[  238.670208][ T9107]  </TASK>
[  238.679745][ T9109] netlink: 16 bytes leftover after parsing attributes in process `syz.2.987'.
[  238.713544][   T39] audit: type=1400 audit(1739166242.959:11590): avc:  denied  { listen } for  pid=9111 comm="syz.0.988" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  238.728828][    C1] vkms_vblank_simulate: vblank timer overrun
[  238.975779][    C1] vkms_vblank_simulate: vblank timer overrun
[  239.129543][   T25] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  239.150003][   T39] audit: type=1400 audit(1739166243.379:11591): avc:  denied  { write } for  pid=9117 comm="syz.1.991" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  239.179604][ T9119] evm: overlay not supported
[  239.351970][   T25] usb 7-1: device descriptor read/64, error -71
[  239.372829][ T9123] netlink: 'syz.3.993': attribute type 10 has an invalid length.
[  239.475539][ T9125] netlink: 16 bytes leftover after parsing attributes in process `syz.3.994'.
[  239.598082][ T9126] netlink: 8 bytes leftover after parsing attributes in process `syz.3.994'.
[  239.618752][   T25] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  239.751432][   T25] usb 7-1: device descriptor read/64, error -71
[  239.860186][   T25] usb usb7-port1: attempt power cycle
[  239.912984][ T9140] netfs: Couldn't get user pages (rc=-14)
[  240.008515][   T39] audit: type=1400 audit(1739166244.269:11592): avc:  denied  { execute } for  pid=9142 comm="syz-executor" name="syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  240.042363][   T39] audit: type=1400 audit(1739166244.289:11593): avc:  denied  { execute_no_trans } for  pid=9142 comm="syz-executor" path="/syz-executor" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  240.066886][   T39] audit: type=1400 audit(1739166244.289:11594): avc:  denied  { ioctl } for  pid=9143 comm="syz.3.1001" path="/dev/usbmon8" dev="devtmpfs" ino=762 ioctlcmd=0x920a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  240.228666][   T25] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  240.271469][   T25] usb 7-1: device descriptor read/8, error -71
[  240.372736][   T68] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  240.385248][   T68] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  240.393429][   T68] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  240.403178][   T68] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  240.412252][   T68] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  240.418893][   T68] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  240.430471][ T5985] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  240.453139][   T39] audit: type=1400 audit(1739166244.719:11595): avc:  denied  { mounton } for  pid=9152 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  240.491853][ T9152] »»»»»» speed is unknown, defaulting to 1000
[  240.492770][   T39] audit: type=1400 audit(1739166244.759:11596): avc:  denied  { execute } for  pid=9154 comm="syz.0.1004" path="/proc/sys/fs/binfmt_misc/register" dev="binfmt_misc" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=file permissive=1
[  240.524391][   T25] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  240.572082][   T25] usb 7-1: device descriptor read/8, error -71
[  240.588558][ T5985] usb 8-1: Using ep0 maxpacket: 8
[  240.602128][ T5985] usb 8-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03
[  240.630950][ T5985] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.633952][ T5985] usb 8-1: Product: syz
[  240.635492][ T5985] usb 8-1: Manufacturer: syz
[  240.649392][ T5985] usb 8-1: SerialNumber: syz
[  240.686384][ T5985] usb 8-1: config 0 descriptor??
[  240.688884][   T25] usb usb7-port1: unable to enumerate USB device
[  240.732999][ T5985] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
[  240.736588][ T5985] dvb-usb: bulk message failed: -22 (2/0)
[  240.738304][ T5985] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  240.749337][ T5985] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver)
[  240.754195][ T5985] usb 8-1: media controller created
[  240.775362][ T5985] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  240.807374][ T5985] dvb-usb: bulk message failed: -22 (1/0)
[  240.813343][   T39] audit: type=1400 audit(1739166245.079:11597): avc:  denied  { mounton } for  pid=9166 comm="syz.0.1006" path="/proc/686/cgroup" dev="proc" ino=24752 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  240.832329][ T5985] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver'
[  240.842123][ T5985] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb8/8-1/input/input30
[  240.933674][ T5985] dvb-usb: schedule remote query interval to 50 msecs.
[  240.936376][ T5985] dvb-usb: bulk message failed: -22 (2/0)
[  240.939084][ T5985] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected.
[  240.999074][    C1] vkms_vblank_simulate: vblank timer overrun
[  241.003314][   T25] usb 8-1: USB disconnect, device number 12
[  241.030896][   T25] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected.
[  241.140280][ T9152] chnl_net:caif_netlink_parms(): no params data found
[  241.256538][    C1] vkms_vblank_simulate: vblank timer overrun
[  241.284485][    C1] vkms_vblank_simulate: vblank timer overrun
[  241.385054][ T9152] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.388648][ T9152] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.391638][ T9152] bridge_slave_0: entered allmulticast mode
[  241.407535][ T9152] bridge_slave_0: entered promiscuous mode
[  241.437132][ T9152] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.443219][ T9152] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.470341][ T9152] bridge_slave_1: entered allmulticast mode
[  241.473588][ T9152] bridge_slave_1: entered promiscuous mode
[  241.563969][ T9152] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.573375][ T9152] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.597050][    C1] vkms_vblank_simulate: vblank timer overrun
[  241.747035][    C1] vkms_vblank_simulate: vblank timer overrun
[  241.876278][ T9152] team0: Port device team_slave_0 added
[  241.885061][ T9152] team0: Port device team_slave_1 added
[  241.961752][ T9189] netfs: Couldn't get user pages (rc=-14)
[  242.030857][ T9152] batman_adv: batadv0: Adding interface: batadv_slave_0
[  242.033809][ T9152] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.057548][ T9152] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  242.063278][ T9152] batman_adv: batadv0: Adding interface: batadv_slave_1
[  242.070629][ T9152] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  242.088099][ T9152] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  242.301496][    C1] vkms_vblank_simulate: vblank timer overrun
[  242.385767][    C1] vkms_vblank_simulate: vblank timer overrun
[  242.450779][ T9211] input: syz0 as /devices/virtual/input/input31
[  242.462642][ T9152] hsr_slave_0: entered promiscuous mode
[  242.466111][ T9152] hsr_slave_1: entered promiscuous mode
[  242.501505][   T68] Bluetooth: hci2: command tx timeout
[  242.501564][ T9152] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  242.507731][ T9152] Cannot create hsr debugfs directory
[  242.819183][   T66] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  242.880486][    C1] vkms_vblank_simulate: vblank timer overrun
[  242.940016][    C1] vkms_vblank_simulate: vblank timer overrun
[  242.968522][   T66] usb 7-1: Using ep0 maxpacket: 8
[  243.004060][   T66] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03
[  243.030524][   T66] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.037437][   T66] usb 7-1: Product: syz
[  243.047627][   T66] usb 7-1: Manufacturer: syz
[  243.067888][   T66] usb 7-1: SerialNumber: syz
[  243.072106][ T9152] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  243.112555][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.112659][   T66] usb 7-1: config 0 descriptor??
[  243.118602][   T66] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
[  243.148189][   T66] dvb-usb: bulk message failed: -22 (2/0)
[  243.152179][ T9152] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  243.167987][   T66] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  243.168989][   T66] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver)
[  243.203956][   T66] usb 7-1: media controller created
[  243.210971][ T9152] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  243.224791][   T66] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  243.264659][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.267072][   T66] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver'
[  243.269021][ T9152] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  243.293999][   T66] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input32
[  243.306968][   T66] dvb-usb: schedule remote query interval to 50 msecs.
[  243.312546][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.337015][   T66] dvb-usb: bulk message failed: -22 (2/0)
[  243.349558][   T66] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected.
[  243.354948][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.389998][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.392991][   T66] dvb-usb: error while querying for an remote control event.
[  243.396366][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.448792][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.450973][   T66] dvb-usb: error while querying for an remote control event.
[  243.519694][ T9152] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.522407][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.525353][   T66] dvb-usb: error while querying for an remote control event.
[  243.534279][ T9152] 8021q: adding VLAN 0 to HW filter on device team0
[  243.541992][ T9231] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1022'.
[  243.566205][    C1] vkms_vblank_simulate: vblank timer overrun
[  243.582583][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.585077][   T66] dvb-usb: error while querying for an remote control event.
[  243.595129][ T8567] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.604043][ T8567] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.613755][ T8567] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.616665][ T8567] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.638728][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.665081][   T66] dvb-usb: error while querying for an remote control event.
[  243.752827][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.756366][   T66] dvb-usb: error while querying for an remote control event.
[  243.819483][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.822697][   T66] dvb-usb: error while querying for an remote control event.
[  243.884668][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.886614][   T66] dvb-usb: error while querying for an remote control event.
[  243.950132][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  243.952404][   T66] dvb-usb: error while querying for an remote control event.
[  243.956483][    C1] vkms_vblank_simulate: vblank timer overrun
[  244.040264][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  244.043125][   T66] dvb-usb: error while querying for an remote control event.
[  244.047950][ T9152] 8021q: adding VLAN 0 to HW filter on device batadv0
[  244.129048][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  244.134247][   T66] dvb-usb: error while querying for an remote control event.
[  244.196544][    C1] vkms_vblank_simulate: vblank timer overrun
[  244.208589][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  244.257672][   T66] dvb-usb: error while querying for an remote control event.
[  244.337669][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  244.345946][   T66] dvb-usb: error while querying for an remote control event.
[  244.396483][ T9259] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1027'.
[  244.428571][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  244.437898][   T66] dvb-usb: error while querying for an remote control event.
[  244.510682][ T9264] netfs: Couldn't get user pages (rc=-14)
[  244.544509][ T9264] ==================================================================
[  244.544961][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  244.547467][ T9264] BUG: KASAN: slab-use-after-free in io_submit_one+0x4e5/0x1da0
[  244.549829][   T66] dvb-usb: error while querying for an remote control event.
[  244.569122][ T9152] veth0_vlan: entered promiscuous mode
[  244.572000][ T9264] Write of size 4 at addr ffff88802ad50e88 by task syz.3.1028/9264
[  244.597495][   T68] Bluetooth: hci2: command tx timeout
[  244.599007][ T9264] 
[  244.599024][ T9264] CPU: 0 UID: 0 PID: 9264 Comm: syz.3.1028 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  244.599048][ T9264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  244.599058][ T9264] Call Trace:
[  244.599067][ T9264]  <TASK>
[  244.599075][ T9264]  dump_stack_lvl+0x116/0x1f0
[  244.599103][ T9264]  print_report+0xc3/0x620
[  244.599122][ T9264]  ? __virt_addr_valid+0x5e/0x590
[  244.599142][ T9264]  ? __phys_addr+0xc6/0x150
[  244.599158][ T9264]  kasan_report+0xd9/0x110
[  244.599175][ T9264]  ? io_submit_one+0x4e5/0x1da0
[  244.599200][ T9264]  ? io_submit_one+0x4e5/0x1da0
[  244.599299][ T9264]  kasan_check_range+0xef/0x1a0
[  244.599384][ T9264]  io_submit_one+0x4e5/0x1da0
[  244.599411][ T9264]  ? __pfx_io_submit_one+0x10/0x10
[  244.599677][ T9264]  ? __might_fault+0x13b/0x190
[  244.599883][ T9264]  ? lock_acquire+0x2f/0xb0
[  244.599980][ T9264]  ? __might_fault+0xe3/0x190
[  244.600001][ T9264]  ? __x64_sys_io_submit+0x1b2/0x340
[  244.600068][ T9264]  __x64_sys_io_submit+0x1b2/0x340
[  244.600094][ T9264]  ? __pfx___x64_sys_io_submit+0x10/0x10
[  244.600124][ T9264]  do_syscall_64+0xcd/0x250
[  244.600192][ T9264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.600220][ T9264] RIP: 0033:0x7f616ff8cde9
[  244.600315][ T9264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.600336][ T9264] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  244.600355][ T9264] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  244.600408][ T9264] RDX: 00004000000002c0 RSI: 0000000000000001 RDI: 00007f6170d90000
[  244.600420][ T9264] RBP: 00007f617000e2a0 R08: 0000000000000000 R09: 0000000000000000
[  244.600470][ T9264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  244.600481][ T9264] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  244.600499][ T9264]  </TASK>
[  244.600506][ T9264] 
[  244.710346][ T9152] veth1_vlan: entered promiscuous mode
[  244.714242][ T9264] Allocated by task 9264:
[  244.714261][ T9264]  kasan_save_stack+0x33/0x60
[  244.815316][    C1] vkms_vblank_simulate: vblank timer overrun
[  244.818041][ T9264]  kasan_save_track+0x14/0x30
[  244.857387][ T9264]  __kasan_slab_alloc+0x89/0x90
[  244.860243][ T9264]  kmem_cache_alloc_noprof+0x226/0x3d0
[  244.863909][ T9264]  io_submit_one+0x123/0x1da0
[  244.867159][ T9264]  __x64_sys_io_submit+0x1b2/0x340
[  244.874994][ T9264]  do_syscall_64+0xcd/0x250
[  244.877234][ T9264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.880442][ T9264] 
[  244.881544][ T9264] Freed by task 9264:
[  244.883737][ T9264]  kasan_save_stack+0x33/0x60
[  244.886220][ T9264]  kasan_save_track+0x14/0x30
[  244.888252][ T9264]  kasan_save_free_info+0x3b/0x60
[  244.890767][ T9264]  __kasan_slab_free+0x51/0x70
[  244.893189][ T9264]  kmem_cache_free+0x2e2/0x4d0
[  244.895417][ T9264]  aio_complete_rw+0x3ec/0x7b0
[  244.898652][ T9264]  netfs_read_collection+0x30ae/0x3cb0
[  244.902019][ T9264]  netfs_wait_for_pause+0x31c/0x3e0
[  244.905581][ T9264]  netfs_unbuffered_read_iter_locked+0xb50/0x1610
[  244.910514][ T9264]  netfs_unbuffered_read_iter+0xc5/0x100
[  244.914686][ T9264]  v9fs_file_read_iter+0xbf/0x100
[  244.919092][ T9264]  aio_read+0x313/0x4e0
[  244.921754][ T9264]  io_submit_one+0x1580/0x1da0
[  244.924529][ T9264]  __x64_sys_io_submit+0x1b2/0x340
[  244.927414][ T9264]  do_syscall_64+0xcd/0x250
[  244.930163][ T9264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.934800][ T9264] 
[  244.937056][ T9264] The buggy address belongs to the object at ffff88802ad50dc0
[  244.937056][ T9264]  which belongs to the cache aio_kiocb of size 216
[  244.945120][ T9264] The buggy address is located 200 bytes inside of
[  244.945120][ T9264]  freed 216-byte region [ffff88802ad50dc0, ffff88802ad50e98)
[  244.952773][ T9264] 
[  244.954263][ T9264] The buggy address belongs to the physical page:
[  244.958361][ T9264] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802ad50c80 pfn:0x2ad50
[  244.963922][ T9264] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  244.968956][ T9264] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  244.974868][ T9264] page_type: f5(slab)
[  244.976424][ T9264] raw: 00fff00000000040 ffff888020495900 dead000000000122 0000000000000000
[  244.979837][ T9264] raw: ffff88802ad50c80 000000008019000e 00000000f5000000 0000000000000000
[  244.982955][ T9264] head: 00fff00000000040 ffff888020495900 dead000000000122 0000000000000000
[  244.986603][ T9264] head: ffff88802ad50c80 000000008019000e 00000000f5000000 0000000000000000
[  244.991674][ T9264] head: 00fff00000000001 ffffea0000ab5401 ffffffffffffffff 0000000000000000
[  244.996403][ T9264] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[  245.000528][ T9264] page dumped because: kasan: bad access detected
[  245.003930][ T9264] page_owner tracks the page as allocated
[  245.007007][ T9264] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6025, tgid 6022 (syz.2.3), ts 116078284261, free_ts 113222182961
[  245.018769][ T9264]  post_alloc_hook+0x181/0x1b0
[  245.021545][ T9264]  get_page_from_freelist+0xfce/0x2f80
[  245.025063][ T9264]  __alloc_frozen_pages_noprof+0x221/0x2470
[  245.029000][ T9264]  alloc_pages_mpol+0x1fc/0x540
[  245.031734][ T9264]  new_slab+0x23d/0x330
[  245.033687][ T9264]  ___slab_alloc+0xc5d/0x1720
[  245.035672][ T9264]  __slab_alloc.constprop.0+0x56/0xb0
[  245.037650][ T9264]  kmem_cache_alloc_noprof+0xfa/0x3d0
[  245.039406][ T9264]  io_submit_one+0x123/0x1da0
[  245.041035][ T9264]  __x64_sys_io_submit+0x1b2/0x340
[  245.042730][ T9264]  do_syscall_64+0xcd/0x250
[  245.044265][ T9264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.048402][ T9264] page last free pid 5952 tgid 5952 stack trace:
[  245.052505][ T9264]  free_frozen_pages+0x6db/0xfb0
[  245.055784][ T9264]  __put_partials+0x14c/0x170
[  245.058473][ T9264]  qlist_free_all+0x4e/0x120
[  245.061615][ T9264]  kasan_quarantine_reduce+0x195/0x1e0
[  245.064181][ T9264]  __kasan_slab_alloc+0x69/0x90
[  245.066930][ T9264]  __kmalloc_noprof+0x1cd/0x510
[  245.069602][ T9264]  do_setlink.constprop.0+0x590/0x3f80
[  245.072386][ T9264]  rtnl_newlink+0x1306/0x1d60
[  245.075291][ T9264]  rtnetlink_rcv_msg+0x95b/0xea0
[  245.078112][ T9264]  netlink_rcv_skb+0x16b/0x440
[  245.081055][ T9264]  netlink_unicast+0x53c/0x7f0
[  245.083750][ T9264]  netlink_sendmsg+0x8b8/0xd70
[  245.086970][ T9264]  __sys_sendto+0x488/0x4f0
[  245.089970][ T9264]  __x64_sys_sendto+0xe0/0x1c0
[  245.092745][ T9264]  do_syscall_64+0xcd/0x250
[  245.095938][ T9264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.099987][ T9264] 
[  245.101408][ T9264] Memory state around the buggy address:
[  245.104377][ T9264]  ffff88802ad50d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  245.108826][ T9264]  ffff88802ad50e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.113143][ T9264] >ffff88802ad50e80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[  245.118292][ T9264]                       ^
[  245.121119][ T9264]  ffff88802ad50f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  245.124676][ T9264]  ffff88802ad50f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  245.130571][ T9264] ==================================================================
[  245.157006][   T66] dvb-usb: bulk message failed: -22 (1/0)
[  245.159689][   T66] dvb-usb: error while querying for an remote control event.
[  245.171352][ T9264] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  245.174243][ T9264] CPU: 0 UID: 0 PID: 9264 Comm: syz.3.1028 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
[  245.194860][ T9264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  245.199359][ T9264] Call Trace:
[  245.201601][ T9264]  <TASK>
[  245.203449][ T9264]  dump_stack_lvl+0x3d/0x1f0
[  245.206377][ T9264]  panic+0x71d/0x800
[  245.209628][ T9264]  ? __pfx_panic+0x10/0x10
[  245.211486][ T9264]  ? irqentry_exit+0x3b/0x90
[  245.213957][ T9264]  ? lockdep_hardirqs_on+0x7c/0x110
[  245.217366][ T9264]  ? preempt_schedule_thunk+0x1a/0x30
[  245.225735][ T9264]  ? preempt_schedule_common+0x44/0xc0
[  245.228033][ T9264]  check_panic_on_warn+0xab/0xb0
[  245.245048][ T9264]  end_report+0x117/0x180
[  245.247288][ T9264]  kasan_report+0xe9/0x110
[  245.249168][ T9264]  ? io_submit_one+0x4e5/0x1da0
[  245.251048][ T9264]  ? io_submit_one+0x4e5/0x1da0
[  245.252724][ T9264]  kasan_check_range+0xef/0x1a0
[  245.254346][ T9264]  io_submit_one+0x4e5/0x1da0
[  245.255953][ T9264]  ? __pfx_io_submit_one+0x10/0x10
[  245.258009][ T9264]  ? __might_fault+0x13b/0x190
[  245.272700][ T9264]  ? lock_acquire+0x2f/0xb0
[  245.275058][ T9264]  ? __might_fault+0xe3/0x190
[  245.277074][ T9264]  ? __x64_sys_io_submit+0x1b2/0x340
[  245.279311][ T9264]  __x64_sys_io_submit+0x1b2/0x340
[  245.281359][ T9264]  ? __pfx___x64_sys_io_submit+0x10/0x10
[  245.283337][ T9264]  do_syscall_64+0xcd/0x250
[  245.285640][ T9264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.288663][ T9264] RIP: 0033:0x7f616ff8cde9
[  245.306027][ T9264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.315899][ T9264] RSP: 002b:00007f6170db1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  245.332490][ T9264] RAX: ffffffffffffffda RBX: 00007f61701a5fa0 RCX: 00007f616ff8cde9
[  245.336523][ T9264] RDX: 00004000000002c0 RSI: 0000000000000001 RDI: 00007f6170d90000
[  245.339768][ T9264] RBP: 00007f617000e2a0 R08: 0000000000000000 R09: 0000000000000000
[  245.342440][ T9264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  245.345459][ T9264] R13: 0000000000000000 R14: 00007f61701a5fa0 R15: 00007ffea026a1f8
[  245.355972][ T9264]  </TASK>
[  245.364985][ T9264] Kernel Offset: disabled
[  245.381552][ T9264] Rebooting in 86400 seconds..

VM DIAGNOSIS:
05:44:09  Registers:
info registers vcpu 0

CPU#0
RAX=000000000002b4b8 RBX=0000000000000040 RCX=ffffc900072d2000 RDX=0000000000080000
RSI=ffffffff8199a7e6 RDI=0000000000000001 RBP=1ffff920007faf3d RSP=ffffc90003fd79d8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=53414b203a475542
R12=0000000000000001 R13=0000000000000000 R14=ffff88804e79c880 R15=ffffc90003fd7aa0
RIP=ffffffff8199a7e8 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f6170db16c0 ffffffff 00c00000
GS =0000 ffff88806a600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f6170d90000 CR3=0000000064e6e000 CR4=00352ef0
DR0=0000000000000006 DR1=0000000000003609 DR2=000000000000029f DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdaf422160 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fce16e0f282
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fce16e0f28f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fce16e0f289
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fce16e0f29d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fce16e0f323
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fce16e0f401
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000e82d03b9 RBX=00000000e82d03b9 RCX=ffff88804ada9cd0 RDX=000000007fa1e4ce
RSI=00000000a63abd9c RDI=0000000096993c21 RBP=0000000000000001 RSP=ffffc900032371f8
R8 =0000000000000000 R9 =ffff88816d703b90 R10=ffffffff90623617 R11=0000000000000002
R12=0000000000000000 R13=ffffc90003237258 R14=0000000000000015 R15=0000000000000015
RIP=ffffffff84f39fe5 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f81f065e0a0 CR3=000000005b5ae000 CR4=00352ef0
DR0=0000000000000006 DR1=0000000000003609 DR2=000000000000029f DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffff0000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ffffffffffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88806a646880 RCX=ffffffff81adcf0a RDX=ffff8880231e8000
RSI=ffffffff81adcee4 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90003fb7a28
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000004
R12=ffffed100d4c8d11 R13=0000000000000001 R14=ffff88806a83fe80 R15=ffff88806a646888
RIP=ffffffff81adcee6 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f53a1322440 CR3=000000000df80000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001030001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff39216330 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff6b720f282
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff6b720f28f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff6b720f289
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff6b720f29d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff6b720f323
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff6b720f401
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e776f6e6b6e7500 6f6c6c3332302500 657a697320740004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b524a4b4e4b5000 4a49491617150000 405f4c560551464a 5751560541444700
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 41a9f92307920397 0e37434b95922a45 933defede4d60dd4 cce65deecb9e2ab4
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e0ecff0bed81ceca e1d509d89abbe35c 211f9563dfdc06e0 6756d9fa403d2f26
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 98b70d36009ecacc 25507ab5db4eeb5a 3f68a4160d737587 9f7cfe22d3d9e1df
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30d9d6141bcee45e 3a6491b71f000000 09f4cea7e52e4cec cb1780ceba6be07c
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000001 RBX=0000000000000003 RCX=ffffffff8166a9cf RDX=fffffbfff20c46c3
RSI=0000000000000008 RDI=ffffffff90623610 RBP=0000000000000000 RSP=ffffc90000708fd0
R8 =0000000000000000 R9 =fffffbfff20c46c2 R10=ffffffff90623617 R11=ffffc90000708ff8
R12=000000000003d94c R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8166ac71 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c310819 CR3=00000000636de000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000040404020 Opmask01=0000000000000fff Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000001 0000003700000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f268120f257
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f268120f24f
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f268120f282
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f268120f28f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f268120f289
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f268120f29d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f268120f323
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f268120f401
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 747663616d007061 747663616d5f3168 7465760070617476 63616d5f30687465
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7600316e616c7670 6900306e616c7670 6900316e616c7663 616d00306e616c76
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000