last executing test programs:

1m14.582800735s ago: executing program 2 (id=2224):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000400000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000300000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

1m14.582391115s ago: executing program 2 (id=2226):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x180, 0x0)
r1 = syz_io_uring_setup(0x6, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0x31a}, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6000, @fd=r0, 0x5, &(0x7f0000000040)=[{&(0x7f0000000140)=""/65, 0x41}], 0x1, 0x1a, 0x1})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0xfffffffc, 0x2, 0x1a, "90737f0000ff256003abbc74dd8e277fffffeb"})
io_uring_enter(r1, 0x617, 0xf7ad, 0x0, 0x0, 0x0)

1m14.546712662s ago: executing program 2 (id=2228):
r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x211}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

1m14.463532915s ago: executing program 2 (id=2230):
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f0000000840), &(0x7f0000004880)=@udp=r0}, 0x20)
ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x14f)
recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=""/149, 0x95}], 0x1}, 0x22)

1m11.453607678s ago: executing program 1 (id=2251):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x161902, 0x0)
dup(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
memfd_create(0x0, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000100)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r7, 0x3, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)

1m10.573621694s ago: executing program 1 (id=2254):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040))

1m10.142090296s ago: executing program 2 (id=2235):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SHUTDOWN={0x22, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x1})
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000040)={0x200, 0x1, &(0x7f0000000340)=[r1], &(0x7f00000004c0)=[0x1], &(0x7f0000000200), &(0x7f0000000400)=[0x2]})

1m10.141517627s ago: executing program 0 (id=2258):
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f0000000840), &(0x7f0000004880)=@udp=r0}, 0x20)
ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x14f)
recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=""/149, 0x95}], 0x1}, 0x22)

1m10.073444742s ago: executing program 2 (id=2259):
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
dup(0xffffffffffffffff)
socket$unix(0x1, 0x5, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x18000003, 0x2}, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
io_uring_enter(r1, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
epoll_create1(0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

1m9.23334192s ago: executing program 0 (id=2263):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
write$tun(r1, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xfd}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)

1m9.063531308s ago: executing program 0 (id=2264):
r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsetxattr$trusted_overlay_nlink(r2, &(0x7f00000000c0), 0x0, 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6(0xa, 0x3, 0xff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', r1, &(0x7f00000003c0)='./file0\x00')
readlinkat(r1, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/198, 0xc6)

1m8.163563031s ago: executing program 0 (id=2272):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, 0x0, 0x10)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f000000e280)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_OPEN(r2, &(0x7f0000000000)={0x20, 0x0, r4, {0x0, 0x8}}, 0x20)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

1m8.063525978s ago: executing program 0 (id=2273):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, 0xb, 0x6, 0x201, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x40, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @dev={0xfe, 0x80, '\x00', 0x1f}}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x36}}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x68}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x48}, 0x4800)

1m8.063369453s ago: executing program 0 (id=2274):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xd, 0x0, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

1m7.563527192s ago: executing program 1 (id=2279):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1}, 0xc)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0xff2c, 0x0}, 0x1}], 0x40, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
writev(r0, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000004c0)="0e9a0f18", 0x4}], 0x2)
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1)

1m7.413630932s ago: executing program 1 (id=2284):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f0000000840), &(0x7f0000004880)=@udp=r0}, 0x20)
ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)=0x14f)
recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=""/149, 0x95}], 0x1}, 0x22)

1m6.592309371s ago: executing program 1 (id=2287):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01800000000000000000010000000000004102"], 0x28}}, 0x40000)

1m6.543603187s ago: executing program 1 (id=2288):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040))

1m6.543369666s ago: executing program 3 (id=2289):
r0 = io_uring_setup(0x7f06, &(0x7f0000000200)={0x0, 0x81c, 0x80, 0x1, 0x299})
io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000005880)={0x3, 0x0, 0x0, &(0x7f00000014c0)=[{0x0}, {0x0}, {0x0}], 0x0}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000001c0)={0x2, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/188, 0xbc}], &(0x7f0000000180)=[0x40], 0x1}, 0x20)

1m6.543228618s ago: executing program 3 (id=2290):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x180, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6000, @fd=r0, 0x5, &(0x7f0000000040)=[{&(0x7f0000000140)=""/65, 0x41}], 0x1, 0x1a, 0x1})
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0xfffffffc, 0x2, 0x1a, "90737f0000ff256003abbc74dd8e277fffffeb"})
io_uring_enter(0xffffffffffffffff, 0x617, 0xf7ad, 0x0, 0x0, 0x0)

1m6.473321737s ago: executing program 3 (id=2291):
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000000c0)=0x40)
socket(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000240)={0x0, 0x1000000})
read$dsp(r0, &(0x7f0000000340)=""/100, 0x64)

1m5.582421923s ago: executing program 3 (id=2292):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1}, 0xc)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0xff2c, 0x0}, 0x1}], 0x40, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
writev(r0, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000004c0)="0e9a0f182583", 0x6}], 0x2)
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1)

1m5.462974103s ago: executing program 3 (id=2293):
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e"], 0x24)

1m4.573560396s ago: executing program 3 (id=2294):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x13f, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r1}}, 0x30)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x711, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x6}, {0xa, 0x4e20, 0x0, @loopback, 0x7}, r1, 0x3ff}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x4e23, 0xfff, @ipv4={'\x00', '\xff\xff', @loopback}, 0x238}, r1}}, 0x38)

54.175141535s ago: executing program 32 (id=2259):
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
dup(0xffffffffffffffff)
socket$unix(0x1, 0x5, 0x0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x18000003, 0x2}, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
io_uring_enter(r1, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
epoll_create1(0x0)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

52.160167118s ago: executing program 33 (id=2274):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xd, 0x0, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

51.144076977s ago: executing program 34 (id=2288):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040))

49.190760791s ago: executing program 35 (id=2294):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x13f, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r1}}, 0x30)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x711, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x6}, {0xa, 0x4e20, 0x0, @loopback, 0x7}, r1, 0x3ff}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x4e23, 0xfff, @ipv4={'\x00', '\xff\xff', @loopback}, 0x238}, r1}}, 0x38)

5.032757023s ago: executing program 7 (id=2996):
r0 = syz_io_uring_setup(0x7a8e, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1000000000000000190100001000000010"], 0x20}, 0x0, 0xe3d08660d3cd4684})
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[<r6=>0x0, <r7=>0x0, <r8=>0x0, <r9=>0x0], &(0x7f0000000200), 0x4, r5})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x400, 0x2b0, 0x268, 0x300, 0x2b0, 0x268, 0x3e8, 0x460, 0x460, 0x3e8, 0x460, 0x9, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @loopback, [], [], 'veth0_to_hsr\x00', 'bond_slave_0\x00'}, 0x0, 0x1e0, 0x220, 0x0, {0x9401}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0xc28da5586c675118, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @dev, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, @rand_addr=' \x01\x00', @dev, @mcast2, @private0, @mcast2, @private1, @remote, @private0, @remote, @private1]}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "1852aa405753905554ed000600ebaf5ffbbbcc15d0abddcb5ae29b3b8f45"}}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460)
r10 = syz_open_dev$cec(&(0x7f0000001080), 0x0, 0x0)
ioctl$CEC_RECEIVE(r10, 0xc0386106, &(0x7f00000010c0)={0x2, 0x42e, 0xd3, 0x0, 0x7f, 0x7, "7bfcfd11ddae41917dae6d7063732856", 0x5c, 0x6, 0x1, 0x4, 0x8, 0x8})
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000800)={0x200, 0x5, &(0x7f0000000700)=[r8, r9, r8, r6, 0x0], &(0x7f0000000740)=[0x0, 0x9, 0x5], &(0x7f0000000780)=[r7, r7, 0x0, r6, r7, r8, 0x0, r9], &(0x7f00000007c0)=[0x2], 0x0, 0x6})
r11 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r11, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r12=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r11, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r12})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000640)={&(0x7f00000004c0)=[0x0, 0x0, <r13=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0], 0xa, 0x5, 0x9, 0x3})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000006c0)={r5, r12, r13, 0x0, 0x0, 0x8, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r14 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r14, 0x0, 0x3, &(0x7f0000000080)=0x90e, 0x4)
sendto$inet(r14, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0), 0x0})
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
r15 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r15, 0x6, 0x0, 0x0, 0x0)
r16 = fsmount(r15, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000400)={@map=r16, 0x3, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[0x0], &(0x7f00000000c0), &(0x7f0000000580)=[r9], &(0x7f0000000040)})
io_uring_enter(r0, 0x92, 0xebc0, 0x20, 0x0, 0x0)

4.152089789s ago: executing program 7 (id=3007):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x10)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
write$FUSE_OPEN(r2, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x20)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

4.011954704s ago: executing program 7 (id=3008):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x0, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1)
mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='omfs\x00', 0x0, &(0x7f0000000240)='\xd1\x7f\xa9A\x01\xfa`\x15\xcf\x99!C^\xff\x03\xdc\xbf\xb7:Z\xd7/\x11\xcf\xd3\xbdvS\xcepT\x8c\x00hGO\xc989\xe7\xdd\xd6\x1c\xbc\xfb.B\xd1\xde\x139\xeb\x8f\xafk\x06\x8d\n\xbf:\xb0\xd7\xe5\a\xc23\x14\xfd\xc0\xc39 \xf4\xa8\xd1\xd1\xb1\xc8Z\xb4\xfa\xa6\xe9\b\x00\x00\x00\x00\x00\x00\x00\xed\xa4\xcd$\x91\xad\x911\xcc\xaf+\xdd\x84vB\xb5\xd6\xaeA\xe3\xec\xf0\x14\x05\xfe\x9eE=\x11c7\xbf]Y\x8b(~lB8\xfb}~&\xb7\x03T\xde\x8e\x9ej\xf5G\xf7\x1d\xf2\xdc\x8aP\xfe\xd5\xab\x90\xf7-')
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0x9}}, './file0\x00'})
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xcc)
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000080)=[r1, r2, r3], 0x3)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000280)=<r9=>0x0)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="11002abd7000ffdbdd140200000108000100", @ANYRES32=r9], 0x1c}, 0x1, 0x0, 0x0, 0x20040044}, 0x8004)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002c000008000100"/18, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r9, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40005)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x20000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538)

3.142726947s ago: executing program 7 (id=3013):
unshare(0x6a040300)

3.14165126s ago: executing program 7 (id=3015):
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
getdents64(r0, &(0x7f0000000300)=""/154, 0x9a)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)=@v2={0x2, @adiantum, 0x3, '\x00', @d})
r1 = socket$inet6(0xa, 0x40000080806, 0x0)
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x4, @empty}, 0x1c)
poll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x4}, {0xffffffffffffffff, 0x2000}, {r1, 0x11092}, {r2, 0x2001}, {0xffffffffffffffff, 0x2300}, {r1, 0x8}, {r1, 0x2488}, {r1, 0x21}, {r1, 0x50}, {r2}], 0xa, 0xc)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r4 = epoll_create(0x7fffffff)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000280)={0x40000004})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
setresgid(0x0, 0x0, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='comm\x00')
preadv(r7, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="01801f0f08004500001c00000000001190780800001ce0000001000017c100089078"], 0x0)
close(r6)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1e0000000c00000600005ab8746430f9e34f1fd08d7a5fc46ef371f7c71b47d1c3cb3fe2644a2e6f93ed1588e0a07c1d48108f30ff815fb36d3eadae46048efaaca9c9f69be5d7dd85c3cd10043cb7d9463708dce50c0ef135f001", @ANYRES32=r7, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="0300000000000000000000000b00"/28], 0x50)
msgget(0x2, 0xc0)
socket(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
msgget(0x2, 0x11)
write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[], 0x36)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, 0x0, &(0x7f0000000200)=r8}, 0x20)
ioctl$EVIOCGPROP(r8, 0x80404509, &(0x7f0000000400)=""/182)
close_range(r3, 0xffffffffffffffff, 0x0)

2.942298475s ago: executing program 4 (id=3017):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x40000000000008, 0x8b}, 0x0)
r0 = socket$kcm(0x29, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4008014)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'vlan0\x00', <r2=>0x0})
unshare(0x62040200)
r3 = gettid()
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r2, @ANYRESOCT=r3, @ANYRES32=r3], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

1.972847429s ago: executing program 7 (id=3019):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1}, 0xc)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000080)=0xffffbf7f)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000ac0), 0x0, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x90}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
writev(r0, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000004c0)="0e9a0f182583", 0x6}], 0x2)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000240)="00000000000000000000c6241bdedcbed305ea5b169298452781", 0x1a}], 0x1}}], 0x1, 0x4400c800)
sendto$inet6(r3, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1042, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0x1, 0x89}, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="e5db029ea53c"})
write$cgroup_devices(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="1e000300008c71ef28ff4b"], 0xffdd)
r7 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r7, 0x800442d3, &(0x7f0000000000)={0x2, 0x3, 0x2, @empty, 'pim6reg\x00'})
writev(r2, &(0x7f00000001c0)=[{0x0}], 0x1)
r8 = timerfd_create(0x8, 0x0)
timerfd_settime(r8, 0x1, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)

1.85215135s ago: executing program 5 (id=3021):
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mbind(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x8000, &(0x7f0000000080), 0x1, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=@newsa={0x1a0, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in6=@mcast1}, {@in=@rand_addr=0x64010101, 0x0, 0x32}, @in6=@loopback, {0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xaf}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x8}}]}, 0x1a0}}, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r2 = fanotify_init(0x0, 0x0)
pipe2(&(0x7f0000000440)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
fanotify_mark(r2, 0x1, 0x40000020, r3, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
ftruncate(r4, 0x8800000)
sendfile(r1, r4, 0x0, 0x578410e9)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
readv(r5, &(0x7f0000000180)=[{&(0x7f0000000100)=""/24, 0x18}], 0x1)
r6 = fcntl$dupfd(r5, 0x0, r5)
write$sndseq(r6, &(0x7f00000003c0)=[{0x0, 0x0, 0x0, 0x0, @tick=0xb, {}, {0x4, 0x6}, @control={0x9, 0x3, 0xb}}, {0x0, 0x0, 0x0, 0x4, @time={0xfffffffb}, {0x6, 0x4}, {0x0, 0x8}, @result={0x5, 0x4}}], 0x38)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r8}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = socket$inet(0x2, 0x403, 0x9)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r10, 0x0, 0x48b, &(0x7f00000001c0)={0x1, 'batadv0\x00', 0x4}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r9}, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a0702839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfc8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5ffff232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eeff8619d73415cda2130f50714600fb6241c6e955031795b282f56411e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe00000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000041dcc4cabfc4a21604f0b80da4ec5500000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae6e5c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e80339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000a5ace201020875c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2f95b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12aa51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b56b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f475ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fca4d97a0ae75ccf11e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35e9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f65918192fb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efd7b65f04aa7e72588757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c219d8ddec8f91dae2cdea1353fe062830fa1d233296ec9d8317872257e154665485e7f31cdbfbf435477faf93015b57417d84b8bc8662e097d5ba55d02d48e150695ffae3a676555b10da11751865126d19336116a1e58ab727dda6b343cc97f9479136a66f552abf8fe3d134f6d69df1cffe6740f90735f66ca54fd87800b4bda4db5e68aaccf44d24e09f8a769e3ae7bf246673f15e3d1adae4384bdb7cd30a33e30466b421feb96006c810fd3830a1c75af2580727ffc604d2b04f476acc21419fad9b1baec88974da2db29b8085b0de08b85c8086e4b7f1fd568042ad5396d3179c71b1dc43291e450ce9b8d7d80fcb44966d7ad4691a37870000000000000000000000000000000000000000000000000000000000000000000083a5765d06da91165d24bc316607e2d69344aa1c07ff7cd7bc3d17f122478b6e81077782b9c298edc2546045feff90e7aa7da88d2489fb000a4aa838f911c1a869fa55e979e033b7707df75b93cf5b8d25242741a88f2d54a7107375b25911aa11efa3a4f87fc14f180e353615b3cb9a5cf5ea843014a277c3694a5a83266f73ef039dd739187923715548d58ff43be997e357e07f9581b40470a7c2fa89cc3ef72a19760b89ded2e546f4966b51c2985101f2248f60ad8119e4db4ade09ebd23fdb750ffccba20bc0e0f52c3316767bb9f67f7e714df5e462bcfc35f3a79147f62f9227441cb3ffb35f4e4c69b04b1399efbeb4b682d6facea9fe1c456a1fb9173833107a38991abac8b0e616f11a2c3e265c484fbc6522e9894dc3b5989b7d585c56778c77c6595b7482dfa90bb818ebd3b0b352d3f48ab947a1240842d592fd9c2f13df205e8974919162421548357a8823bd322e6562fa3e7fb7c56ee00e246a98710b9a710103b3df69655b38dcc196156a16fcc14d8ddb4acf3506adc95c742919b83fd57c8b52956e93104cdcd1226ca85a29542b9ea606c72d5339a7d30f23ffcd665b85e4c90d526b33ed854543c2a1d189cd6f319644146c5fe91639d50f2083d46fd82e41bc7d528f18be618904d683726e3eee93388cc78d0df624361bb80afc96b823971fcbbb859d4c2de31f03f884ea774e4abe011389557b2429c85cf795e0a82c94ffc11616d7c8b6939eed3f0e8df5dcc75984430b2a497d78824e539e8f7944b459ae45e7ce803495686984aa91745b8cfb1f80c07c194c4a4327e02cea5fd2ef6041cf053ee5f9829410d150"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r11, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000013c0)="b9ff03316844268cb89e14f00800", 0x0, 0x51, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r12 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r12, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[])

1.621930009s ago: executing program 4 (id=3022):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r2, 0x1, 0x0, 0x80000000, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x2d2}]}, 0x30}, 0x1, 0x0, 0x0, 0x44}, 0x0)

1.617249738s ago: executing program 4 (id=3023):
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='ext4\x00', 0x200000, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000280))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x79, 0x0, 0x3, 0x1, 0x1, 0xfffffffffffffffc, 0x2, 0x5, 0x9, 0x4, 0x2, 0x0, 0x2, 0x6, 0x4, 0x2], 0xf000, 0x82106})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000ac0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x78}}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f00000001c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x64, 0x0, 0x0, 0x88, 0x0, @remote, @multicast2}, @echo={0x8, 0x0, 0x0, 0xfffd, 0x88}}}}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r5, 0x6, 0x19, 0x0, &(0x7f00000006c0))
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_KEY(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, r6, 0x100, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
mount$tmpfs(0x0, &(0x7f0000000180)='./cgroup\x00', &(0x7f0000000280), 0x802400, &(0x7f00000002c0)={[{@noswap}, {@nr_blocks={'nr_blocks', 0x3d, [0x38, 0x36]}}, {@inode32}, {@gid={'gid', 0x3d, 0xee01}}, {@huge_always}, {@huge_always}, {@usrquota}, {@nr_inodes={'nr_inodes', 0x3d, [0xd, 0x65, 0x65, 0x21, 0x39, 0x31, 0x35, 0x37]}}]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="28000000120005"], 0x28}}, 0x80)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r9, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x0, 0x0, 0x0, 0x0, 0x4, 0xc, 0x0, 0x5, 0xff, 0x1f}, {0x3, 0x4, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x9}, {0x0, 0x0, 0x3c, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
r11 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002380), r7)
sendmsg$NLBL_CALIPSO_C_LIST(r7, &(0x7f0000002440)={0x0, 0x0, &(0x7f0000002400)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r11, @ANYBLOB="0d0000007000fddbdf25030000000800010003000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4048855}, 0x4049090)

1.342653208s ago: executing program 4 (id=3024):
r0 = syz_open_dev$radio(&(0x7f0000000040), 0x3, 0x2)
ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000200)={0x0, @reserved})
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, 0xffffffffffffffff, 0x4, 0x0, @val=@perf_event={0x2}}, 0x18)

1.342451604s ago: executing program 4 (id=3025):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
write$tun(r1, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xfd}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) (fail_nth: 4)

1.342088838s ago: executing program 6 (id=3026):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_DIRENTPLUS(r2, 0x0, 0xa8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
write$FUSE_OPEN(r2, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x20)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

1.2328652s ago: executing program 6 (id=3027):
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
recvmmsg(r0, &(0x7f0000004640)=[{{0x0, 0x0, 0x0}, 0xd}], 0x1, 0x40000000, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r1, 0x8)
r2 = accept4(r1, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000240)=@assoc_value={0x0, 0x85}, &(0x7f0000000300)=0x8)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x82002, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000000))
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r4, &(0x7f00000002c0)=""/4096, 0x1000)
r5 = syz_io_uring_setup(0x3739, &(0x7f0000000140)={0x0, 0xbd0d, 0x400, 0x0, 0x104, 0x0, r2}, &(0x7f00000000c0), &(0x7f00000001c0))
io_uring_enter(r5, 0x7199, 0x25a2, 0x1, &(0x7f0000000200)={[0x1]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0xa, 0x4, 0xff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r6, 0x2, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b4050000000000006110b0000000000063510800000000009500090000000000827573595f16aaba19dee4850fad9dc34ae0ec78734eb5ff8c80d4457498c5a7b0c59abd315c61996d140187d64787b68c0a1b3e361a405ed57dc367c33abfd46e35"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x52)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4060)

1.232667841s ago: executing program 5 (id=3028):
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61)
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
r1 = socket(0x2, 0x1, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x6)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0) (fail_nth: 13)

920.722761ms ago: executing program 5 (id=3029):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaa4c77b99cbb86dd60c6ea090000000000000100000000e01f40000000000000ff0200000000000000000000000000010001c204dcf2a100c2"], 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r5=>0x0})
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r6, &(0x7f00000001c0)={0x2c, 0x2, r5}, 0x10)
mmap$xdp(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r6, 0x100000000)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000340)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)
setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x8a, &(0x7f00000000c0), 0x4)

372.643446ms ago: executing program 6 (id=3030):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2a00a9, &(0x7f0000000000)={[{@inode32}]})
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000400)={&(0x7f000092b000/0x1000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x1000})

372.420108ms ago: executing program 6 (id=3031):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
write$tun(r1, &(0x7f0000000280)={@val={0x6f01, 0x500}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xfd}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)

162.991615ms ago: executing program 5 (id=3032):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f000000e280)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_OPEN(r2, &(0x7f0000000000)={0x20, 0x0, r4, {0x0, 0x8}}, 0x20)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

52.721412ms ago: executing program 5 (id=3033):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x5}, 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r3=>0x0})
r4 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$CDROM_SELECT_SPEED(r4, 0x5322, 0xfffffffffffffff8)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000020c0)=@newnexthop={0x28, 0x68, 0x1, 0x3, 0x80000000, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x6}]}, @NHA_FDB={0x4}]}, 0x28}}, 0x4000)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r6=>0x0})
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@can_delroute={0x6c, 0x19, 0x8, 0x70bd28, 0x25dfdbfe, {0x1d, 0x1, 0x5}, [@CGW_MOD_SET={0x15, 0x4, {{{}, 0x5, 0x0, 0x0, 0x0, "ff88e88ffad1570d"}}}, @CGW_MOD_AND={0x15, 0x1, {{{0x4, 0x0, 0x1}, 0x5, 0x1, 0x0, 0x0, "ad1321e79376c7f9"}}}, @CGW_SRC_IF={0x8, 0x9, r3}, @CGW_DST_IF={0x8, 0xa, r6}, @CGW_MOD_AND={0x15, 0x1, {{{0x1, 0x0, 0x1}, 0x0, 0x2, 0x0, 0x0, "6d6968bbb210ab03"}, 0x2}}]}, 0x6c}}, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x810, r0, 0x94c2d000)

52.550649ms ago: executing program 4 (id=3034):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_io_uring_setup(0x106, &(0x7f0000000140)={0x0, 0x114df, 0x2, 0x1, 0x8b}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x40000180, 0x1})
r5 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r6, 0x1, 0x28, &(0x7f0000002700)=0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000028c0), 0xffffffffffffffff)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000000)={0x1, 0x2e, 0x1})
io_uring_enter(r1, 0x3f08, 0xaddf, 0x47, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)={0x14, 0x7, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x2}}, 0x14}}, 0x4000000)
r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r7, 0x400448c8, &(0x7f0000000280)={r0, r0, 0xc, 0x1, &(0x7f0000000340)='\x00', 0x9, 0x1, 0xc45, 0x9, 0x9, 0x1, 0x1, 'syz1\x00'})

52.346535ms ago: executing program 6 (id=3035):
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_DIRENTPLUS(r2, 0x0, 0xa8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
write$FUSE_OPEN(r2, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x20)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

627.563µs ago: executing program 5 (id=3036):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r2, &(0x7f0000000c40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x40000000000004a, 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r5 = syz_open_dev$vbi(&(0x7f00000000c0), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000400)={0x7, @sdr={0x31303453}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
write$tun(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="016f0800010000000000200000004600003f00000000008490783fffffffac1414aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ba0000009078001009c4f3040200ea00fd000000000002d58838068b91000000"], 0x4e)

0s ago: executing program 6 (id=3037):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
pselect6(0x2000, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000100)={0x8}, 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
r3 = fcntl$dupfd(r2, 0x0, r0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10010, r3, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000100)="d99a6f32a837acfe836379e81bee7081c98b4f94bdb7f2e2e3f104")
fcntl$dupfd(r1, 0x0, r0)
socket(0x2, 0x80805, 0x0)
ioctl$sock_netrom_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={0x1, @null, @bpq0, 0xffff, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffdba, 0x3, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})

kernel console output (not intermixed with test programs):

+ ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  276.694677][T13837] Call Trace:
[  276.694681][T13837]  <TASK>
[  276.694685][T13837]  dump_stack_lvl+0x16c/0x1f0
[  276.694702][T13837]  should_fail_ex+0x512/0x640
[  276.694715][T13837]  _copy_from_iter+0x2a4/0x15b0
[  276.694729][T13837]  ? __pfx__copy_from_iter+0x10/0x10
[  276.694740][T13837]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  276.694755][T13837]  ? __local_bh_enable_ip+0xa4/0x120
[  276.694769][T13837]  qrtr_sendmsg+0x3b4/0x7b0
[  276.694784][T13837]  ? __pfx_qrtr_local_enqueue+0x10/0x10
[  276.694798][T13837]  ? __pfx_qrtr_sendmsg+0x10/0x10
[  276.694818][T13837]  sock_write_iter+0x4fc/0x5b0
[  276.694834][T13837]  ? __pfx_sock_write_iter+0x10/0x10
[  276.694853][T13837]  ? __pfx_file_has_perm+0x10/0x10
[  276.694866][T13837]  do_iter_readv_writev+0x654/0x950
[  276.694882][T13837]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  276.694895][T13837]  ? selinux_file_permission+0x11f/0x580
[  276.694911][T13837]  ? bpf_lsm_file_permission+0x9/0x10
[  276.694925][T13837]  ? security_file_permission+0x71/0x210
[  276.694940][T13837]  ? rw_verify_area+0xcf/0x680
[  276.694954][T13837]  vfs_writev+0x353/0xdc0
[  276.694971][T13837]  ? __pfx_vfs_writev+0x10/0x10
[  276.694993][T13837]  ? __fget_files+0x20e/0x3c0
[  276.695002][T13837]  ? __fget_files+0x200/0x3c0
[  276.695013][T13837]  ? do_writev+0x295/0x330
[  276.695026][T13837]  do_writev+0x295/0x330
[  276.695039][T13837]  ? __pfx_do_writev+0x10/0x10
[  276.695052][T13837]  ? rcu_is_watching+0x12/0xc0
[  276.695069][T13837]  do_syscall_64+0xcd/0x260
[  276.695083][T13837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.695094][T13837] RIP: 0033:0x7f46bcb8e169
[  276.695102][T13837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.695112][T13837] RSP: 002b:00007f46bda90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  276.695121][T13837] RAX: ffffffffffffffda RBX: 00007f46bcdb5fa0 RCX: 00007f46bcb8e169
[  276.695139][T13837] RDX: 0000000000000001 RSI: 0000200000000c40 RDI: 0000000000000003
[  276.695146][T13837] RBP: 00007f46bda90090 R08: 0000000000000000 R09: 0000000000000000
[  276.695151][T13837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.695157][T13837] R13: 0000000000000000 R14: 00007f46bcdb5fa0 R15: 00007fff72e7dde8
[  276.695169][T13837]  </TASK>
[  276.840276][T13843] FAULT_INJECTION: forcing a failure.
[  276.840276][T13843] name failslab, interval 1, probability 0, space 0, times 0
[  276.844327][T13843] CPU: 2 UID: 0 PID: 13843 Comm: syz.6.2718 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  276.844341][T13843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  276.844347][T13843] Call Trace:
[  276.844350][T13843]  <TASK>
[  276.844354][T13843]  dump_stack_lvl+0x16c/0x1f0
[  276.844372][T13843]  should_fail_ex+0x512/0x640
[  276.844385][T13843]  should_failslab+0xc2/0x120
[  276.844396][T13843]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  276.844407][T13843]  ? skb_clone+0x190/0x3f0
[  276.844421][T13843]  skb_clone+0x190/0x3f0
[  276.844434][T13843]  netlink_deliver_tap+0xabd/0xd30
[  276.844449][T13843]  netlink_unicast+0x6b2/0x7f0
[  276.844464][T13843]  ? __pfx_netlink_unicast+0x10/0x10
[  276.844481][T13843]  netlink_ack+0x696/0xb80
[  276.844498][T13843]  netlink_rcv_skb+0x347/0x440
[  276.844510][T13843]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  276.844524][T13843]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  276.844544][T13843]  ? netlink_deliver_tap+0x1ae/0xd30
[  276.844559][T13843]  netlink_unicast+0x53a/0x7f0
[  276.844573][T13843]  ? __pfx_netlink_unicast+0x10/0x10
[  276.844590][T13843]  netlink_sendmsg+0x8d1/0xdd0
[  276.844604][T13843]  ? __pfx_netlink_sendmsg+0x10/0x10
[  276.844622][T13843]  ____sys_sendmsg+0xa95/0xc70
[  276.844637][T13843]  ? copy_msghdr_from_user+0x10a/0x160
[  276.844649][T13843]  ? __pfx_____sys_sendmsg+0x10/0x10
[  276.844668][T13843]  ___sys_sendmsg+0x134/0x1d0
[  276.844681][T13843]  ? __pfx____sys_sendmsg+0x10/0x10
[  276.844707][T13843]  __sys_sendmsg+0x16d/0x220
[  276.844719][T13843]  ? __pfx___sys_sendmsg+0x10/0x10
[  276.844734][T13843]  ? rcu_is_watching+0x12/0xc0
[  276.844750][T13843]  do_syscall_64+0xcd/0x260
[  276.844764][T13843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.844774][T13843] RIP: 0033:0x7f44feb8e169
[  276.844783][T13843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.844792][T13843] RSP: 002b:00007f44ff9c9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  276.844801][T13843] RAX: ffffffffffffffda RBX: 00007f44fedb5fa0 RCX: 00007f44feb8e169
[  276.844807][T13843] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003
[  276.844813][T13843] RBP: 00007f44ff9c9090 R08: 0000000000000000 R09: 0000000000000000
[  276.844818][T13843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.844823][T13843] R13: 0000000000000000 R14: 00007f44fedb5fa0 R15: 00007ffef2a5efd8
[  276.844835][T13843]  </TASK>
[  276.865217][ T1019] usb 12-1: new high-speed USB device number 4 using dummy_hcd
[  276.907381][T13848] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2720'.
[  276.916578][T13851] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2720'.
[  276.947541][T13853] IPVS: Scheduler module ip_vs_non	 not found
[  277.005905][T13860] ip6t_srh: unknown srh match flags  B153
[  277.011487][T13860] syzkaller1: entered promiscuous mode
[  277.013371][T13860] syzkaller1: entered allmulticast mode
[  277.085830][ T1019] usb 12-1: too many configurations: 9, using maximum allowed: 8
[  277.089437][ T1019] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.092698][ T1019] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.096166][ T1019] usb 12-1: config 0 interface 0 has no altsetting 0
[  277.099067][ T1019] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.101813][ T1019] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.105288][ T1019] usb 12-1: config 0 interface 0 has no altsetting 0
[  277.108534][ T1019] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.111310][ T1019] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.114680][ T1019] usb 12-1: config 0 interface 0 has no altsetting 0
[  277.119621][ T1019] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.122486][ T1019] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.126560][ T1019] usb 12-1: config 0 interface 0 has no altsetting 0
[  277.130631][ T1019] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.133447][ T1019] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.136851][ T1019] usb 12-1: config 0 interface 0 has no altsetting 0
[  277.143734][ T1019] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.146555][ T1019] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.149829][ T1019] usb 12-1: config 0 interface 0 has no altsetting 0
[  277.152805][ T1019] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.156171][ T1019] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.159520][ T1019] usb 12-1: config 0 interface 0 has no altsetting 0
[  277.162313][ T1019] usb 12-1: config 0 has 1 interface, different from the descriptor's value: 9
[  277.165067][ T1019] usb 12-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  277.168782][ T1019] usb 12-1: config 0 interface 0 has no altsetting 0
[  277.169211][T13863] fuse: Unknown parameter 'user_id00000000000000000000'
[  277.172291][ T1019] usb 12-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  277.175292][ T5955] Bluetooth: hci3: command 0x0c1a tx timeout
[  277.176510][ T1019] usb 12-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  277.181313][ T1019] usb 12-1: Product: syz
[  277.182782][ T1019] usb 12-1: Manufacturer: syz
[  277.184250][ T1019] usb 12-1: SerialNumber: syz
[  277.187897][ T1019] usb 12-1: config 0 descriptor??
[  277.193193][ T1019] yurex 12-1:0.0: USB YUREX device now attached to Yurex #0
[  277.255299][ T5955] Bluetooth: hci6: command 0x0c1a tx timeout
[  277.315692][ T5955] block nbd6: Receive control failed (result -107)
[  277.325265][ T5955] Bluetooth: hci5: command 0x0c1a tx timeout
[  277.325295][ T5294] Bluetooth: hci7: command 0x0c1a tx timeout
[  277.395355][T13865] nbd6: detected capacity change from 0 to 12
[  277.397895][ T8973] block nbd6: Dead connection, failed to find a fallback
[  277.398383][T13865] FAULT_INJECTION: forcing a failure.
[  277.398383][T13865] name failslab, interval 1, probability 0, space 0, times 0
[  277.400195][ T8973] block nbd6: shutting down sockets
[  277.404193][T13865] CPU: 2 UID: 0 PID: 13865 Comm: syz.6.2725 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  277.404207][T13865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  277.404213][T13865] Call Trace:
[  277.404217][T13865]  <TASK>
[  277.404221][T13865]  dump_stack_lvl+0x16c/0x1f0
[  277.404238][T13865]  should_fail_ex+0x512/0x640
[  277.404249][T13865]  ? fs_reclaim_acquire+0xae/0x150
[  277.404263][T13865]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  277.404278][T13865]  should_failslab+0xc2/0x120
[  277.404293][T13865]  __kmalloc_noprof+0xd2/0x510
[  277.404302][T13865]  ? trace_kmalloc+0x2b/0xd0
[  277.404314][T13865]  ? __kmalloc_noprof+0x242/0x510
[  277.404326][T13865]  tomoyo_realpath_from_path+0xc2/0x6e0
[  277.404342][T13865]  ? tomoyo_fill_path_info+0x233/0x420
[  277.404354][T13865]  tomoyo_mount_acl+0x1ae/0x850
[  277.404366][T13865]  ? kernel_text_address+0x8d/0x100
[  277.404379][T13865]  ? __kernel_text_address+0xd/0x40
[  277.404389][T13865]  ? unwind_get_return_address+0x59/0xa0
[  277.404402][T13865]  ? arch_stack_walk+0xa6/0x100
[  277.404416][T13865]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  277.404443][T13865]  ? tomoyo_domain+0xbb/0x150
[  277.404451][T13865]  ? tomoyo_profile+0x47/0x60
[  277.404461][T13865]  tomoyo_mount_permission+0x16d/0x420
[  277.404474][T13865]  ? tomoyo_mount_permission+0x14f/0x420
[  277.404487][T13865]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  277.404508][T13865]  security_sb_mount+0x9b/0x260
[  277.404522][T13865]  path_mount+0x128/0x1f30
[  277.404533][T13865]  ? kmem_cache_free+0x2d4/0x4d0
[  277.404542][T13865]  ? __pfx_path_mount+0x10/0x10
[  277.404555][T13865]  ? putname+0x154/0x1a0
[  277.404567][T13865]  __x64_sys_mount+0x28d/0x310
[  277.404579][T13865]  ? __pfx___x64_sys_mount+0x10/0x10
[  277.404589][T13865]  ? rcu_is_watching+0x12/0xc0
[  277.404604][T13865]  do_syscall_64+0xcd/0x260
[  277.404619][T13865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.404632][T13865] RIP: 0033:0x7f44feb8e169
[  277.404644][T13865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.404657][T13865] RSP: 002b:00007f44ff9c9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  277.404674][T13865] RAX: ffffffffffffffda RBX: 00007f44fedb5fa0 RCX: 00007f44feb8e169
[  277.404684][T13865] RDX: 0000200000000040 RSI: 0000200000004a00 RDI: 0000200000000500
[  277.404693][T13865] RBP: 00007f44ff9c9090 R08: 0000000000000000 R09: 0000000000000000
[  277.404702][T13865] R10: 0000000000008007 R11: 0000000000000246 R12: 0000000000000001
[  277.404712][T13865] R13: 0000000000000000 R14: 00007f44fedb5fa0 R15: 00007ffef2a5efd8
[  277.404729][T13865]  </TASK>
[  277.404734][T13865] ERROR: Out of memory at tomoyo_realpath_from_path.
[  277.405975][ T5961] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  277.409924][ T5959] Bluetooth: hci0: command 0x1003 tx timeout
[  277.413486][ T8973] blk_print_req_error: 248 callbacks suppressed
[  277.413494][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.475196][   T40] audit: type=1400 audit(1745049506.541:1047): avc:  denied  { setattr } for  pid=13867 comm="syz.4.2726" name="usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  277.477974][ T8973] buffer_io_error: 235 callbacks suppressed
[  277.477983][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.515726][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.518430][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.520835][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.523534][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.526023][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.528978][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.532150][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.535624][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.538117][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.540938][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.543454][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.546230][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.548614][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.551403][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.553802][ T8973] ldm_validate_partition_table(): Disk read failed.
[  277.555990][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.558862][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.561333][ T8973] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  277.564100][ T8973] Buffer I/O error on dev nbd6, logical block 0, async page read
[  277.566773][ T8973] Dev nbd6: unable to read RDB block 0
[  277.568606][ T8973]  nbd6: unable to read partition table
[  277.570402][ T8973] nbd6: partition table beyond EOD, truncated
[  277.575931][ T8973] ldm_validate_partition_table(): Disk read failed.
[  277.578472][ T8973] Dev nbd6: unable to read RDB block 0
[  277.580396][ T8973]  nbd6: unable to read partition table
[  277.582349][ T8973] nbd6: partition table beyond EOD, truncated
[  277.593032][T13874] FAULT_INJECTION: forcing a failure.
[  277.593032][T13874] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  277.597175][T13874] CPU: 2 UID: 0 PID: 13874 Comm: syz.4.2727 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  277.597189][T13874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  277.597195][T13874] Call Trace:
[  277.597198][T13874]  <TASK>
[  277.597202][T13874]  dump_stack_lvl+0x16c/0x1f0
[  277.597233][T13874]  should_fail_ex+0x512/0x640
[  277.597245][T13874]  ? folio_alloc_mpol_noprof+0x19c/0x2f0
[  277.597259][T13874]  _copy_from_user+0x2e/0xd0
[  277.597271][T13874]  shmem_mfill_atomic_pte+0x597/0x8d0
[  277.597287][T13874]  mfill_atomic_copy+0xe6f/0x1c20
[  277.597304][T13874]  ? find_held_lock+0x2b/0x80
[  277.597316][T13874]  ? __might_fault+0xe3/0x190
[  277.597326][T13874]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  277.597343][T13874]  userfaultfd_ioctl+0x20bb/0x3890
[  277.597359][T13874]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  277.597371][T13874]  ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450
[  277.597387][T13874]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  277.597411][T13874]  ? hook_file_ioctl_common+0x145/0x410
[  277.597427][T13874]  ? selinux_file_ioctl+0x180/0x270
[  277.597441][T13874]  ? selinux_file_ioctl+0xb4/0x270
[  277.597455][T13874]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  277.597469][T13874]  ? __x64_sys_ioctl+0x190/0x200
[  277.597482][T13874]  __x64_sys_ioctl+0x190/0x200
[  277.597496][T13874]  do_syscall_64+0xcd/0x260
[  277.597511][T13874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.597521][T13874] RIP: 0033:0x7f844318e169
[  277.597529][T13874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.597538][T13874] RSP: 002b:00007f844400e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  277.597547][T13874] RAX: ffffffffffffffda RBX: 00007f84433b6080 RCX: 00007f844318e169
[  277.597553][T13874] RDX: 0000200000000400 RSI: 00000000c028aa03 RDI: 0000000000000003
[  277.597559][T13874] RBP: 00007f844400e090 R08: 0000000000000000 R09: 0000000000000000
[  277.597564][T13874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.597569][T13874] R13: 0000000000000001 R14: 00007f84433b6080 R15: 00007fff4a554028
[  277.597582][T13874]  </TASK>
[  278.073270][T13901] FAULT_INJECTION: forcing a failure.
[  278.073270][T13901] name failslab, interval 1, probability 0, space 0, times 0
[  278.077891][T13901] CPU: 0 UID: 0 PID: 13901 Comm: syz.5.2739 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  278.077926][T13901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  278.077936][T13901] Call Trace:
[  278.077942][T13901]  <TASK>
[  278.077948][T13901]  dump_stack_lvl+0x16c/0x1f0
[  278.077973][T13901]  should_fail_ex+0x512/0x640
[  278.077990][T13901]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  278.078016][T13901]  ? __pfx_flow_classify+0x10/0x10
[  278.078037][T13901]  should_failslab+0xc2/0x120
[  278.078055][T13901]  __kmalloc_cache_noprof+0x6a/0x3e0
[  278.078084][T13901]  ? _raw_read_unlock+0x28/0x50
[  278.078103][T13901]  ? flow_init+0x43/0xf0
[  278.078125][T13901]  ? __pfx_flow_classify+0x10/0x10
[  278.078145][T13901]  flow_init+0x43/0xf0
[  278.078165][T13901]  tc_new_tfilter+0x1147/0x2340
[  278.078198][T13901]  ? avc_has_perm_noaudit+0x117/0x3b0
[  278.078216][T13901]  ? __pfx_tc_new_tfilter+0x10/0x10
[  278.078249][T13901]  ? __lock_acquire+0x5ca/0x1ba0
[  278.078278][T13901]  ? find_held_lock+0x2b/0x80
[  278.078298][T13901]  ? __pfx_tc_new_tfilter+0x10/0x10
[  278.078318][T13901]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  278.078338][T13901]  ? __pfx_tc_new_tfilter+0x10/0x10
[  278.078359][T13901]  rtnetlink_rcv_msg+0x95b/0xe90
[  278.078380][T13901]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  278.078412][T13901]  netlink_rcv_skb+0x16a/0x440
[  278.078435][T13901]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  278.078457][T13901]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  278.078492][T13901]  ? netlink_deliver_tap+0x1ae/0xd30
[  278.078517][T13901]  netlink_unicast+0x53a/0x7f0
[  278.078542][T13901]  ? __pfx_netlink_unicast+0x10/0x10
[  278.078571][T13901]  netlink_sendmsg+0x8d1/0xdd0
[  278.078597][T13901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  278.078629][T13901]  ____sys_sendmsg+0xa95/0xc70
[  278.078653][T13901]  ? copy_msghdr_from_user+0x10a/0x160
[  278.078672][T13901]  ? __pfx_____sys_sendmsg+0x10/0x10
[  278.078706][T13901]  ___sys_sendmsg+0x134/0x1d0
[  278.078726][T13901]  ? __pfx____sys_sendmsg+0x10/0x10
[  278.078773][T13901]  __sys_sendmsg+0x16d/0x220
[  278.078792][T13901]  ? __pfx___sys_sendmsg+0x10/0x10
[  278.078812][T13901]  do_syscall_64+0xcd/0x260
[  278.078827][T13901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.078837][T13901] RIP: 0033:0x7f46bcb8e169
[  278.078846][T13901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  278.078855][T13901] RSP: 002b:00007f46bda90038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  278.078865][T13901] RAX: ffffffffffffffda RBX: 00007f46bcdb5fa0 RCX: 00007f46bcb8e169
[  278.078871][T13901] RDX: 0000000020040054 RSI: 0000200000006040 RDI: 0000000000000004
[  278.078876][T13901] RBP: 00007f46bda90090 R08: 0000000000000000 R09: 0000000000000000
[  278.078882][T13901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  278.078887][T13901] R13: 0000000000000000 R14: 00007f46bcdb5fa0 R15: 00007fff72e7dde8
[  278.078899][T13901]  </TASK>
[  278.106286][T13902] FAULT_INJECTION: forcing a failure.
[  278.106286][T13902] name failslab, interval 1, probability 0, space 0, times 0
[  278.198793][T13902] CPU: 0 UID: 0 PID: 13902 Comm: syz.6.2738 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  278.198817][T13902] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  278.198826][T13902] Call Trace:
[  278.198832][T13902]  <TASK>
[  278.198839][T13902]  dump_stack_lvl+0x16c/0x1f0
[  278.198866][T13902]  should_fail_ex+0x512/0x640
[  278.198882][T13902]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  278.198924][T13902]  should_failslab+0xc2/0x120
[  278.198941][T13902]  __kmalloc_cache_noprof+0x6a/0x3e0
[  278.198965][T13902]  ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0
[  278.198993][T13902]  snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0
[  278.199021][T13902]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  278.199046][T13902]  ? snd_pcm_oss_change_params_locked+0x958/0x3b40
[  278.199082][T13902]  snd_pcm_oss_change_params_locked+0x9cd/0x3b40
[  278.199133][T13902]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  278.199160][T13902]  ? snd_pcm_oss_write+0x4a2/0xa10
[  278.199184][T13902]  ? find_held_lock+0x2b/0x80
[  278.199211][T13902]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  278.199238][T13902]  snd_pcm_oss_write+0x4c3/0xa10
[  278.199255][T13902]  ? bpf_lsm_file_permission+0x9/0x10
[  278.199278][T13902]  ? security_file_permission+0x71/0x210
[  278.199307][T13902]  vfs_write+0x25c/0x1180
[  278.199319][T13902]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  278.199348][T13902]  ? __pfx_vfs_write+0x10/0x10
[  278.199370][T13902]  ? find_held_lock+0x2b/0x80
[  278.199389][T13902]  ? __fget_files+0x204/0x3c0
[  278.199408][T13902]  ? __fget_files+0x20e/0x3c0
[  278.199429][T13902]  ksys_write+0x12a/0x240
[  278.199443][T13902]  ? __pfx_ksys_write+0x10/0x10
[  278.199465][T13902]  do_syscall_64+0xcd/0x260
[  278.199489][T13902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.199506][T13902] RIP: 0033:0x7f44feb8e169
[  278.199521][T13902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  278.199537][T13902] RSP: 002b:00007f44ff9a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  278.199553][T13902] RAX: ffffffffffffffda RBX: 00007f44fedb6080 RCX: 00007f44feb8e169
[  278.199563][T13902] RDX: 0000000000004060 RSI: 00002000000012c0 RDI: 0000000000000003
[  278.199573][T13902] RBP: 00007f44ff9a8090 R08: 0000000000000000 R09: 0000000000000000
[  278.199583][T13902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  278.199592][T13902] R13: 0000000000000001 R14: 00007f44fedb6080 R15: 00007ffef2a5efd8
[  278.199614][T13902]  </TASK>
[  278.378900][T13906] syz_tun: entered allmulticast mode
[  278.388259][T13906] dvmrp1: entered allmulticast mode
[  278.391517][T13906] SELinux: failure in sel_netif_sid_slow(), invalid network interface (0)
[  278.394614][T13906] mroute: pending queue full, dropping entries
[  278.397946][T13905] syz_tun: left allmulticast mode
[  278.506675][T13917] tc_dump_action: action bad kind
[  278.540828][   T40] audit: type=1400 audit(1745049507.611:1048): avc:  denied  { append } for  pid=13918 comm="syz.5.2747" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  278.642904][T13923] afs: Unknown parameter 'dyn0x000000000000000500000000000000000000000'
[  278.660991][   T40] audit: type=1326 audit(1745049507.731:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13924 comm="syz.5.2749" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46bcb8e169 code=0x7ffc0000
[  278.668342][   T40] audit: type=1326 audit(1745049507.741:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13924 comm="syz.5.2749" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46bcb8e169 code=0x7ffc0000
[  278.676207][   T40] audit: type=1326 audit(1745049507.751:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13924 comm="syz.5.2749" exe="/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f46bcb8e169 code=0x7ffc0000
[  278.685196][   T40] audit: type=1326 audit(1745049507.751:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13924 comm="syz.5.2749" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46bcb8e169 code=0x7ffc0000
[  278.685247][ T6090] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  278.692316][   T40] audit: type=1326 audit(1745049507.751:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13924 comm="syz.5.2749" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46bcb8e169 code=0x7ffc0000
[  278.692340][   T40] audit: type=1326 audit(1745049507.751:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13924 comm="syz.5.2749" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f46bcb8cad0 code=0x7ffc0000
[  278.855263][ T6090] usb 9-1: Using ep0 maxpacket: 16
[  278.860692][ T6090] usb 9-1: config 0 has an invalid interface number: 114 but max is 0
[  278.863217][ T6090] usb 9-1: config 0 has no interface number 0
[  278.865584][ T6090] usb 9-1: config 0 interface 114 has no altsetting 0
[  278.869303][ T6090] usb 9-1: New USB device found, idVendor=1c04, idProduct=0015, bcdDevice=f2.69
[  278.872211][ T6090] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.874702][ T6090] usb 9-1: Product: syz
[  278.876236][ T6090] usb 9-1: Manufacturer: syz
[  278.877709][ T6090] usb 9-1: SerialNumber: syz
[  278.880873][ T6090] usb 9-1: config 0 descriptor??
[  279.086043][ T5961] Bluetooth: hci3: unexpected event for opcode 0x1001
[  279.087489][ T6090] usb 9-1: USB disconnect, device number 2
[  279.092103][T13939] syz_tun: entered allmulticast mode
[  279.095612][T13939] IPv6: Can't replace route, no match found
[  279.106390][T13938] syz_tun: left allmulticast mode
[  279.174783][T13943] cifs: Unknown parameter 'no9� ��P��G!8�����E�8-�� ����Ŗ�Eeլ'
[  279.326641][T13953] fuse: Unknown parameter '�)�qo-<5hῈI�'
[  279.405263][ T5961] Bluetooth: hci7: command 0x0c1a tx timeout
[  279.543892][T13962] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  279.556861][T13962] random: crng reseeded on system resumption
[  279.751446][ T6802] usb 12-1: USB disconnect, device number 4
[  279.755869][ T6802] yurex 12-1:0.0: USB YUREX #0 now disconnected
[  279.780962][T13969] fuse: Bad value for 'fd'
[  279.873195][T13973] FAULT_INJECTION: forcing a failure.
[  279.873195][T13973] name failslab, interval 1, probability 0, space 0, times 0
[  279.879062][T13973] CPU: 0 UID: 0 PID: 13973 Comm: syz.4.2769 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  279.879078][T13973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  279.879084][T13973] Call Trace:
[  279.879088][T13973]  <TASK>
[  279.879092][T13973]  dump_stack_lvl+0x16c/0x1f0
[  279.879110][T13973]  should_fail_ex+0x512/0x640
[  279.879120][T13973]  ? __kmalloc_cache_node_noprof+0x5a/0x420
[  279.879132][T13973]  should_failslab+0xc2/0x120
[  279.879144][T13973]  __kmalloc_cache_node_noprof+0x6d/0x420
[  279.879153][T13973]  ? __alloc_workqueue+0x506/0x1810
[  279.879171][T13973]  __alloc_workqueue+0x506/0x1810
[  279.879189][T13973]  alloc_workqueue+0xd2/0x200
[  279.879204][T13973]  ? __pfx_alloc_workqueue+0x10/0x10
[  279.879225][T13973]  hci_register_dev+0x1cf/0xc60
[  279.879243][T13973]  hci_uart_tty_ioctl+0x7e2/0xc30
[  279.879254][T13973]  ? __pfx_hci_uart_tty_ioctl+0x10/0x10
[  279.879262][T13973]  tty_ioctl+0x6f6/0x1610
[  279.879277][T13973]  ? __pfx_tty_ioctl+0x10/0x10
[  279.879291][T13973]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  279.879311][T13973]  ? hook_file_ioctl_common+0x145/0x410
[  279.879324][T13973]  ? selinux_file_ioctl+0x180/0x270
[  279.879338][T13973]  ? selinux_file_ioctl+0xb4/0x270
[  279.879353][T13973]  ? __pfx_tty_ioctl+0x10/0x10
[  279.879367][T13973]  __x64_sys_ioctl+0x190/0x200
[  279.879381][T13973]  do_syscall_64+0xcd/0x260
[  279.879396][T13973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.879406][T13973] RIP: 0033:0x7f844318e169
[  279.879415][T13973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.879424][T13973] RSP: 002b:00007f844402f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.879434][T13973] RAX: ffffffffffffffda RBX: 00007f84433b5fa0 RCX: 00007f844318e169
[  279.879440][T13973] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[  279.879445][T13973] RBP: 00007f844402f090 R08: 0000000000000000 R09: 0000000000000000
[  279.879451][T13973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.879457][T13973] R13: 0000000000000000 R14: 00007f84433b5fa0 R15: 00007fff4a554028
[  279.879469][T13973]  </TASK>
[  279.879486][T13973] Bluetooth: Can't register HCI device
[  280.047024][T13993] syz.4.2777: attempt to access beyond end of device
[  280.047024][T13993] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  280.051083][T13993] syz.4.2777: attempt to access beyond end of device
[  280.051083][T13993] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0
[  280.055208][T13993] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  280.058224][T13993] syz.4.2777: attempt to access beyond end of device
[  280.058224][T13993] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0
[  280.062372][T13993] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  280.065760][T13993] syz.4.2777: attempt to access beyond end of device
[  280.065760][T13993] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0
[  280.070213][T13993] syz.4.2777: attempt to access beyond end of device
[  280.070213][T13993] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0
[  280.074127][T13993] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  280.077423][T13993] syz.4.2777: attempt to access beyond end of device
[  280.077423][T13993] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0
[  280.081402][T13993] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  280.084450][T13993] syz.4.2777: attempt to access beyond end of device
[  280.084450][T13993] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  280.089022][T13993] syz.4.2777: attempt to access beyond end of device
[  280.089022][T13993] nbd4: rw=0, sector=2048, nr_sectors = 8 limit=0
[  280.092848][T13993] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  280.096296][T13993] syz.4.2777: attempt to access beyond end of device
[  280.096296][T13993] nbd4: rw=0, sector=4096, nr_sectors = 8 limit=0
[  280.100261][T13993] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  280.103024][T13993] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  280.165420][ T6802] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  280.241159][T13999] fuse: Bad value for 'fd'
[  280.261390][ T5961] Bluetooth: hci3: Unable to find connection for big 0x00
[  280.315259][ T6802] usb 10-1: Using ep0 maxpacket: 8
[  280.318179][ T6802] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  280.321585][ T6802] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  280.324556][ T6802] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  280.328387][ T6802] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  280.332431][ T6802] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  280.335221][ T6802] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.339787][T14003] xt_SECMARK: invalid mode: 0
[  280.425794][ T5961] block nbd6: Receive control failed (result -107)
[  280.515376][T14006] nbd6: detected capacity change from 0 to 12
[  280.518234][T12280] block nbd6: Dead connection, failed to find a fallback
[  280.520437][T12280] block nbd6: shutting down sockets
[  280.522486][T12280] ldm_validate_partition_table(): Disk read failed.
[  280.524758][T12280] Dev nbd6: unable to read RDB block 0
[  280.526862][T12280]  nbd6: unable to read partition table
[  280.528681][T12280] nbd6: partition table beyond EOD, truncated
[  280.533878][T14006] ldm_validate_partition_table(): Disk read failed.
[  280.537037][T14006] Dev nbd6: unable to read RDB block 0
[  280.539332][T14006]  nbd6: unable to read partition table
[  280.541665][T14006] nbd6: partition table beyond EOD, truncated
[  280.542691][ T6802] usb 10-1: GET_CAPABILITIES returned 0
[  280.545974][ T6802] usbtmc 10-1:16.0: can't read capabilities
[  280.546034][T14006] (syz.6.2781,14006,3):ocfs2_get_sector:1714 ERROR: status = -5
[  280.551378][T14006] (syz.6.2781,14006,3):ocfs2_sb_probe:753 ERROR: status = -5
[  280.553136][T12280] ldm_validate_partition_table(): Disk read failed.
[  280.554157][T14006] (syz.6.2781,14006,3):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  280.554176][T14006] (syz.6.2781,14006,3):ocfs2_fill_super:1177 ERROR: status = -5
[  280.562428][T12280] Dev nbd6: unable to read RDB block 0
[  280.564760][T12280]  nbd6: unable to read partition table
[  280.566572][T12280] nbd6: partition table beyond EOD, truncated
[  280.746434][    C1] usbtmc 10-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  280.752019][T13984] usbtmc 10-1:16.0: Unable to send data, error -71
[  280.758795][ T6090] usb 10-1: USB disconnect, device number 3
[  280.937308][ T5961] block nbd7: Receive control failed (result -107)
[  281.025275][T14014] nbd7: detected capacity change from 0 to 12
[  281.028493][ T8973] block nbd7: Dead connection, failed to find a fallback
[  281.029086][T14014] FAULT_INJECTION: forcing a failure.
[  281.029086][T14014] name failslab, interval 1, probability 0, space 0, times 0
[  281.030777][T14016] bridge0: entered promiscuous mode
[  281.030898][T14016] macvlan2: entered promiscuous mode
[  281.030931][ T8973] block nbd7: shutting down sockets
[  281.032022][T14016] bridge0: port 3(macvlan2) entered blocking state
[  281.032103][T14016] bridge0: port 3(macvlan2) entered disabled state
[  281.032208][T14016] macvlan2: entered allmulticast mode
[  281.032221][T14016] bridge0: entered allmulticast mode
[  281.035142][T14014] CPU: 1 UID: 0 PID: 14014 Comm: syz.7.2783 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  281.035164][T14014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  281.035174][T14014] Call Trace:
[  281.035180][T14014]  <TASK>
[  281.035186][T14014]  dump_stack_lvl+0x16c/0x1f0
[  281.035213][T14014]  should_fail_ex+0x512/0x640
[  281.035246][T14014]  ? fs_reclaim_acquire+0xae/0x150
[  281.035271][T14014]  ? tomoyo_encode2+0x100/0x3e0
[  281.035293][T14014]  should_failslab+0xc2/0x120
[  281.035318][T14014]  __kmalloc_noprof+0xd2/0x510
[  281.035333][T14014]  ? d_absolute_path+0x136/0x1a0
[  281.035359][T14014]  tomoyo_encode2+0x100/0x3e0
[  281.035385][T14014]  tomoyo_encode+0x29/0x50
[  281.035407][T14014]  tomoyo_realpath_from_path+0x18f/0x6e0
[  281.035438][T14014]  tomoyo_mount_acl+0x1ae/0x850
[  281.035458][T14014]  ? kernel_text_address+0x8d/0x100
[  281.035477][T14014]  ? __kernel_text_address+0xd/0x40
[  281.035496][T14014]  ? unwind_get_return_address+0x59/0xa0
[  281.035518][T14014]  ? arch_stack_walk+0xa6/0x100
[  281.035541][T14014]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  281.035591][T14014]  ? tomoyo_domain+0xbb/0x150
[  281.035606][T14014]  ? tomoyo_profile+0x47/0x60
[  281.035624][T14014]  tomoyo_mount_permission+0x16d/0x420
[  281.035645][T14014]  ? tomoyo_mount_permission+0x14f/0x420
[  281.035668][T14014]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  281.035706][T14014]  security_sb_mount+0x9b/0x260
[  281.035729][T14014]  path_mount+0x128/0x1f30
[  281.035750][T14014]  ? kmem_cache_free+0x2d4/0x4d0
[  281.035765][T14014]  ? __pfx_path_mount+0x10/0x10
[  281.035787][T14014]  ? putname+0x154/0x1a0
[  281.035810][T14014]  __x64_sys_mount+0x28d/0x310
[  281.035829][T14014]  ? __pfx___x64_sys_mount+0x10/0x10
[  281.035847][T14014]  ? rcu_is_watching+0x12/0xc0
[  281.035874][T14014]  do_syscall_64+0xcd/0x260
[  281.035899][T14014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.035915][T14014] RIP: 0033:0x7f027f98e169
[  281.035928][T14014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.035943][T14014] RSP: 002b:00007f028088e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  281.035960][T14014] RAX: ffffffffffffffda RBX: 00007f027fbb5fa0 RCX: 00007f027f98e169
[  281.035971][T14014] RDX: 0000200000000040 RSI: 0000200000004a00 RDI: 0000200000000500
[  281.035981][T14014] RBP: 00007f028088e090 R08: 0000000000000000 R09: 0000000000000000
[  281.035991][T14014] R10: 0000000000008007 R11: 0000000000000246 R12: 0000000000000001
[  281.036001][T14014] R13: 0000000000000000 R14: 00007f027fbb5fa0 R15: 00007ffde304c6b8
[  281.036024][T14014]  </TASK>
[  281.036154][T14014] ERROR: Out of memory at tomoyo_realpath_from_path.
[  281.039247][T14016] macvlan2: left allmulticast mode
[  281.040809][ T8973] ldm_validate_partition_table(): Disk read failed.
[  281.041181][ T8973] Dev nbd7: unable to read RDB block 0
[  281.043228][T14016] bridge0: left allmulticast mode
[  281.043849][T14016] bridge0: left promiscuous mode
[  281.045877][ T8973]  nbd7: unable to read partition table
[  281.158826][ T8973] nbd7: partition table beyond EOD, truncated
[  281.166406][ T8973] ldm_validate_partition_table(): Disk read failed.
[  281.169257][ T8973] Dev nbd7: unable to read RDB block 0
[  281.171253][ T8973]  nbd7: unable to read partition table
[  281.173140][ T8973] nbd7: partition table beyond EOD, truncated
[  281.408391][T14032] syz.4.2790: attempt to access beyond end of device
[  281.408391][T14032] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  281.412580][T14032] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  281.416005][T14032] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  281.419453][T14032] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  281.422492][T14032] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  281.426225][T14032] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  281.429222][T14032] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  281.432149][T14032] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  281.436339][T14031] block nbd4: shutting down sockets
[  281.486814][T14036] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2793'.
[  281.572443][T14044] IPVS: set_ctl: invalid protocol: 1 0.0.0.0:20002
[  281.675648][T14050] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2796'.
[  281.778505][T14044] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  281.780520][T14044] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  281.783472][T14044] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  281.787126][T14044] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  281.918005][T14062] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  281.921035][T14062] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  281.924434][T14062] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  281.928944][T14062] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  281.932165][T14062] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  281.938426][T14062] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  281.941341][T14062] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  281.945567][T14061] block nbd4: shutting down sockets
[  281.975778][T14070] FAULT_INJECTION: forcing a failure.
[  281.975778][T14070] name failslab, interval 1, probability 0, space 0, times 0
[  281.979713][T14070] CPU: 1 UID: 0 PID: 14070 Comm: syz.4.2804 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  281.979727][T14070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  281.979733][T14070] Call Trace:
[  281.979737][T14070]  <TASK>
[  281.979741][T14070]  dump_stack_lvl+0x16c/0x1f0
[  281.979759][T14070]  should_fail_ex+0x512/0x640
[  281.979770][T14070]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  281.979782][T14070]  should_failslab+0xc2/0x120
[  281.979793][T14070]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  281.979803][T14070]  ? ptlock_alloc+0x1f/0x70
[  281.979819][T14070]  ptlock_alloc+0x1f/0x70
[  281.979833][T14070]  pte_alloc_one+0x6d/0x380
[  281.979847][T14070]  __pte_alloc+0x6d/0x3c0
[  281.979858][T14070]  ? __pfx___pte_alloc+0x10/0x10
[  281.979871][T14070]  ? mm_alloc_pmd+0x15c/0x240
[  281.979883][T14070]  mfill_atomic_copy+0xedf/0x1c20
[  281.979899][T14070]  ? find_held_lock+0x2b/0x80
[  281.979911][T14070]  ? __might_fault+0xe3/0x190
[  281.979921][T14070]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  281.979937][T14070]  userfaultfd_ioctl+0x20bb/0x3890
[  281.979953][T14070]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  281.979966][T14070]  ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450
[  281.979982][T14070]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  281.980002][T14070]  ? hook_file_ioctl_common+0x145/0x410
[  281.980016][T14070]  ? selinux_file_ioctl+0x180/0x270
[  281.980030][T14070]  ? selinux_file_ioctl+0xb4/0x270
[  281.980047][T14070]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  281.980062][T14070]  ? __x64_sys_ioctl+0x190/0x200
[  281.980075][T14070]  __x64_sys_ioctl+0x190/0x200
[  281.980089][T14070]  do_syscall_64+0xcd/0x260
[  281.980104][T14070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.980114][T14070] RIP: 0033:0x7f844318e169
[  281.980123][T14070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.980133][T14070] RSP: 002b:00007f844402f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  281.980142][T14070] RAX: ffffffffffffffda RBX: 00007f84433b5fa0 RCX: 00007f844318e169
[  281.980149][T14070] RDX: 0000200000000400 RSI: 00000000c028aa03 RDI: 0000000000000003
[  281.980155][T14070] RBP: 00007f844402f090 R08: 0000000000000000 R09: 0000000000000000
[  281.980160][T14070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.980166][T14070] R13: 0000000000000000 R14: 00007f84433b5fa0 R15: 00007fff4a554028
[  281.980179][T14070]  </TASK>
[  282.060421][    C1] vkms_vblank_simulate: vblank timer overrun
[  282.157912][T14075] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2806'.
[  282.217403][T14078] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2807'.
[  282.231289][ T5959] Bluetooth: hci5: unexpected event for opcode 0x1001
[  282.318242][T14085] FAULT_INJECTION: forcing a failure.
[  282.318242][T14085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  282.322901][T14085] CPU: 2 UID: 0 PID: 14085 Comm: syz.5.2810 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  282.322915][T14085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  282.322922][T14085] Call Trace:
[  282.322926][T14085]  <TASK>
[  282.322931][T14085]  dump_stack_lvl+0x16c/0x1f0
[  282.322948][T14085]  should_fail_ex+0x512/0x640
[  282.322962][T14085]  _copy_to_user+0x32/0xd0
[  282.322975][T14085]  cgroup_bpf_prog_query+0x756/0x12b0
[  282.322991][T14085]  ? __pfx_cgroup_bpf_prog_query+0x10/0x10
[  282.323004][T14085]  ? cap_capable+0xb3/0x250
[  282.323021][T14085]  ? bpf_lsm_capable+0x9/0x10
[  282.323030][T14085]  ? security_capable+0x7e/0x260
[  282.323043][T14085]  __sys_bpf+0x1b9a/0x4d80
[  282.323058][T14085]  ? __pfx___sys_bpf+0x10/0x10
[  282.323071][T14085]  ? ksys_write+0x190/0x240
[  282.323082][T14085]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  282.323104][T14085]  ? fput+0x70/0xf0
[  282.323115][T14085]  ? ksys_write+0x1b9/0x240
[  282.323123][T14085]  ? __pfx_ksys_write+0x10/0x10
[  282.323134][T14085]  __x64_sys_bpf+0x78/0xc0
[  282.323147][T14085]  ? lockdep_hardirqs_on+0x7c/0x110
[  282.323159][T14085]  do_syscall_64+0xcd/0x260
[  282.323174][T14085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.323184][T14085] RIP: 0033:0x7f46bcb8e169
[  282.323193][T14085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.323202][T14085] RSP: 002b:00007f46bda90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  282.323212][T14085] RAX: ffffffffffffffda RBX: 00007f46bcdb5fa0 RCX: 00007f46bcb8e169
[  282.323218][T14085] RDX: 0000000000000040 RSI: 00002000000002c0 RDI: 0000000000000010
[  282.323224][T14085] RBP: 00007f46bda90090 R08: 0000000000000000 R09: 0000000000000000
[  282.323230][T14085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  282.323236][T14085] R13: 0000000000000000 R14: 00007f46bcdb5fa0 R15: 00007fff72e7dde8
[  282.323249][T14085]  </TASK>
[  282.479821][T14093] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22)
[  282.514547][T14098] FAULT_INJECTION: forcing a failure.
[  282.514547][T14098] name failslab, interval 1, probability 0, space 0, times 0
[  282.519023][T14098] CPU: 0 UID: 0 PID: 14098 Comm: syz.7.2816 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  282.519038][T14098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  282.519048][T14098] Call Trace:
[  282.519052][T14098]  <TASK>
[  282.519056][T14098]  dump_stack_lvl+0x16c/0x1f0
[  282.519073][T14098]  should_fail_ex+0x512/0x640
[  282.519084][T14098]  ? __kmalloc_cache_node_noprof+0x5a/0x420
[  282.519096][T14098]  should_failslab+0xc2/0x120
[  282.519107][T14098]  __kmalloc_cache_node_noprof+0x6d/0x420
[  282.519116][T14098]  ? lockdep_init_map_type+0x5c/0x280
[  282.519126][T14098]  ? __alloc_workqueue+0x506/0x1810
[  282.519143][T14098]  __alloc_workqueue+0x506/0x1810
[  282.519162][T14098]  alloc_workqueue+0xd2/0x200
[  282.519176][T14098]  ? __pfx_alloc_workqueue+0x10/0x10
[  282.519198][T14098]  hci_register_dev+0x1cf/0xc60
[  282.519215][T14098]  hci_uart_tty_ioctl+0x7e2/0xc30
[  282.519227][T14098]  ? __pfx_hci_uart_tty_ioctl+0x10/0x10
[  282.519236][T14098]  tty_ioctl+0x6f6/0x1610
[  282.519251][T14098]  ? __pfx_tty_ioctl+0x10/0x10
[  282.519265][T14098]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  282.519285][T14098]  ? hook_file_ioctl_common+0x145/0x410
[  282.519299][T14098]  ? selinux_file_ioctl+0x180/0x270
[  282.519313][T14098]  ? selinux_file_ioctl+0xb4/0x270
[  282.519327][T14098]  ? __pfx_tty_ioctl+0x10/0x10
[  282.519342][T14098]  __x64_sys_ioctl+0x190/0x200
[  282.519356][T14098]  do_syscall_64+0xcd/0x260
[  282.519371][T14098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.519381][T14098] RIP: 0033:0x7f027f98e169
[  282.519390][T14098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.519400][T14098] RSP: 002b:00007f028088e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  282.519410][T14098] RAX: ffffffffffffffda RBX: 00007f027fbb5fa0 RCX: 00007f027f98e169
[  282.519416][T14098] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[  282.519422][T14098] RBP: 00007f028088e090 R08: 0000000000000000 R09: 0000000000000000
[  282.519427][T14098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  282.519433][T14098] R13: 0000000000000000 R14: 00007f027fbb5fa0 R15: 00007ffde304c6b8
[  282.519445][T14098]  </TASK>
[  282.519467][T14098] Bluetooth: Can't register HCI device
[  282.945905][T14111] FAULT_INJECTION: forcing a failure.
[  282.945905][T14111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  282.951097][T14111] CPU: 2 UID: 0 PID: 14111 Comm: syz.4.2821 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  282.951119][T14111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  282.951129][T14111] Call Trace:
[  282.951135][T14111]  <TASK>
[  282.951142][T14111]  dump_stack_lvl+0x16c/0x1f0
[  282.951169][T14111]  should_fail_ex+0x512/0x640
[  282.951191][T14111]  _copy_to_user+0x32/0xd0
[  282.951217][T14111]  simple_read_from_buffer+0xcb/0x170
[  282.951245][T14111]  proc_fail_nth_read+0x197/0x270
[  282.951272][T14111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  282.951299][T14111]  ? rw_verify_area+0xcf/0x680
[  282.951322][T14111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  282.951347][T14111]  vfs_read+0x1de/0xc70
[  282.951375][T14111]  ? __pfx___mutex_lock+0x10/0x10
[  282.951398][T14111]  ? __pfx_vfs_read+0x10/0x10
[  282.951429][T14111]  ? __fget_files+0x20e/0x3c0
[  282.951453][T14111]  ksys_read+0x12a/0x240
[  282.951468][T14111]  ? __pfx_ksys_read+0x10/0x10
[  282.951490][T14111]  do_syscall_64+0xcd/0x260
[  282.951515][T14111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.951531][T14111] RIP: 0033:0x7f844318cb7c
[  282.951545][T14111] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  282.951560][T14111] RSP: 002b:00007f844402f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  282.951576][T14111] RAX: ffffffffffffffda RBX: 00007f84433b5fa0 RCX: 00007f844318cb7c
[  282.951587][T14111] RDX: 000000000000000f RSI: 00007f844402f0a0 RDI: 0000000000000004
[  282.951597][T14111] RBP: 00007f844402f090 R08: 0000000000000000 R09: 0000000000000000
[  282.951607][T14111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  282.951617][T14111] R13: 0000000000000000 R14: 00007f84433b5fa0 R15: 00007fff4a554028
[  282.951639][T14111]  </TASK>
[  283.387227][ T5294] block nbd4: Receive control failed (result -32)
[  283.391303][T14123] block nbd4: shutting down sockets
[  283.466044][ T5294] block nbd4: Receive control failed (result -107)
[  283.565700][T14128] nbd4: detected capacity change from 0 to 12
[  283.568461][ T8973] block nbd4: Dead connection, failed to find a fallback
[  283.570842][ T8973] block nbd4: shutting down sockets
[  283.572588][ T8973] blk_print_req_error: 171 callbacks suppressed
[  283.572595][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.578168][ T8973] buffer_io_error: 170 callbacks suppressed
[  283.578176][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.582603][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.585516][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.588025][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.590882][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.593499][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.596466][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.597700][   T40] kauditd_printk_skb: 18 callbacks suppressed
[  283.597708][   T40] audit: type=1326 audit(1745049512.671:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14129 comm="syz.7.2829" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f027f98e169 code=0x0
[  283.599001][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.610654][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.613166][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.616105][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.618592][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.621501][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.623960][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.626931][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.629375][ T8973] ldm_validate_partition_table(): Disk read failed.
[  283.631528][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.634331][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.636852][ T8973] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.639661][ T8973] Buffer I/O error on dev nbd4, logical block 0, async page read
[  283.642254][ T8973] Dev nbd4: unable to read RDB block 0
[  283.644109][ T8973]  nbd4: unable to read partition table
[  283.646090][ T8973] nbd4: partition table beyond EOD, truncated
[  283.657586][ T8973] ldm_validate_partition_table(): Disk read failed.
[  283.659896][ T8973] Dev nbd4: unable to read RDB block 0
[  283.661915][ T8973]  nbd4: unable to read partition table
[  283.663747][ T8973] nbd4: partition table beyond EOD, truncated
[  283.685934][ T5294] block nbd7: Receive control failed (result -107)
[  283.735495][ T5294] Bluetooth: hci3: command 0x0c1a tx timeout
[  283.748929][   T40] audit: type=1400 audit(1745049512.821:1074): avc:  denied  { getopt } for  pid=14135 comm="syz.4.2831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  283.795608][T14132] nbd7: detected capacity change from 0 to 12
[  283.798087][ T8973] block nbd7: Dead connection, failed to find a fallback
[  283.800348][ T8973] block nbd7: shutting down sockets
[  283.802944][ T8973] ldm_validate_partition_table(): Disk read failed.
[  283.805356][ T8973] Dev nbd7: unable to read RDB block 0
[  283.805528][ T5294] Bluetooth: hci7: command 0x0c1a tx timeout
[  283.805550][ T5955] Bluetooth: hci6: command 0x0c1a tx timeout
[  283.807294][ T8973]  nbd7: unable to read partition table
[  283.813568][ T8973] nbd7: partition table beyond EOD, truncated
[  283.818149][ T8973] ldm_validate_partition_table(): Disk read failed.
[  283.820443][ T8973] Dev nbd7: unable to read RDB block 0
[  283.822322][ T8973]  nbd7: unable to read partition table
[  283.824146][ T8973] nbd7: partition table beyond EOD, truncated
[  283.965435][ T5294] Bluetooth: hci0: command 0x1003 tx timeout
[  283.967942][ T5961] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  284.095862][ T5961] block nbd4: Receive control failed (result -107)
[  284.206649][T14158] nbd4: detected capacity change from 0 to 12
[  284.209917][ T8973] block nbd4: Dead connection, failed to find a fallback
[  284.212580][ T8973] block nbd4: shutting down sockets
[  284.214777][ T8973] ldm_validate_partition_table(): Disk read failed.
[  284.217237][ T8973] Dev nbd4: unable to read RDB block 0
[  284.219296][ T8973]  nbd4: unable to read partition table
[  284.221222][ T8973] nbd4: partition table beyond EOD, truncated
[  284.226056][ T8973] ldm_validate_partition_table(): Disk read failed.
[  284.228568][ T8973] Dev nbd4: unable to read RDB block 0
[  284.230624][ T8973]  nbd4: unable to read partition table
[  284.232752][ T8973] nbd4: partition table beyond EOD, truncated
[  284.362792][   T40] audit: type=1400 audit(1745049513.431:1075): avc:  denied  { getopt } for  pid=14167 comm="syz.4.2842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  284.365763][T14168] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2842'.
[  284.426208][T14172] netlink: 'syz.4.2844': attribute type 1 has an invalid length.
[  284.428889][T14172] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2844'.
[  284.537075][ T5961] block nbd4: Receive control failed (result -107)
[  284.605245][ T5959] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  284.605307][ T5961] Bluetooth: hci1: command 0x1003 tx timeout
[  284.619649][T14179] nbd4: detected capacity change from 0 to 12
[  284.622366][ T8973] block nbd4: Dead connection, failed to find a fallback
[  284.624573][ T8973] block nbd4: shutting down sockets
[  284.629289][ T8973] ldm_validate_partition_table(): Disk read failed.
[  284.630671][T14186] batadv_slave_0: entered allmulticast mode
[  284.631557][ T8973] Dev nbd4: unable to read RDB block 0
[  284.635786][ T8973]  nbd4: unable to read partition table
[  284.638035][ T8973] nbd4: partition table beyond EOD, truncated
[  284.641910][ T8973] ldm_validate_partition_table(): Disk read failed.
[  284.644190][ T8973] Dev nbd4: unable to read RDB block 0
[  284.648363][ T8973]  nbd4: unable to read partition table
[  284.650283][ T8973] nbd4: partition table beyond EOD, truncated
[  284.725947][T14185] batadv_slave_0: left allmulticast mode
[  284.906270][T14206] FAULT_INJECTION: forcing a failure.
[  284.906270][T14206] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.910305][T14206] CPU: 3 UID: 0 PID: 14206 Comm: syz.6.2857 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  284.910319][T14206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  284.910325][T14206] Call Trace:
[  284.910329][T14206]  <TASK>
[  284.910333][T14206]  dump_stack_lvl+0x16c/0x1f0
[  284.910350][T14206]  should_fail_ex+0x512/0x640
[  284.910363][T14206]  _copy_from_iter+0x2a4/0x15b0
[  284.910377][T14206]  ? __lock_acquire+0xaa4/0x1ba0
[  284.910387][T14206]  ? __pfx__copy_from_iter+0x10/0x10
[  284.910399][T14206]  ? _kstrtoull+0x145/0x200
[  284.910412][T14206]  ? __pfx__kstrtoull+0x10/0x10
[  284.910428][T14206]  tun_get_user+0x240/0x3b10
[  284.910446][T14206]  ? __lock_acquire+0x5ca/0x1ba0
[  284.910455][T14206]  ? __pfx_tun_get_user+0x10/0x10
[  284.910467][T14206]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  284.910481][T14206]  ? find_held_lock+0x2b/0x80
[  284.910493][T14206]  ? tun_get+0x191/0x370
[  284.910507][T14206]  tun_chr_write_iter+0xdc/0x210
[  284.910522][T14206]  vfs_write+0x5ba/0x1180
[  284.910532][T14206]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  284.910546][T14206]  ? __pfx_vfs_write+0x10/0x10
[  284.910559][T14206]  ? find_held_lock+0x2b/0x80
[  284.910578][T14206]  ksys_write+0x12a/0x240
[  284.910587][T14206]  ? __pfx_ksys_write+0x10/0x10
[  284.910594][T14206]  ? rcu_is_watching+0x12/0xc0
[  284.910610][T14206]  do_syscall_64+0xcd/0x260
[  284.910624][T14206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.910634][T14206] RIP: 0033:0x7f44feb8e169
[  284.910643][T14206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.910652][T14206] RSP: 002b:00007f44ff9c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  284.910662][T14206] RAX: ffffffffffffffda RBX: 00007f44fedb5fa0 RCX: 00007f44feb8e169
[  284.910668][T14206] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  284.910674][T14206] RBP: 00007f44ff9c9090 R08: 0000000000000000 R09: 0000000000000000
[  284.910680][T14206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.910686][T14206] R13: 0000000000000000 R14: 00007f44fedb5fa0 R15: 00007ffef2a5efd8
[  284.910698][T14206]  </TASK>
[  285.023114][T14212] netlink: 'syz.7.2859': attribute type 9 has an invalid length.
[  285.025682][T14212] netlink: 'syz.7.2859': attribute type 7 has an invalid length.
[  285.028193][T14212] netlink: 'syz.7.2859': attribute type 8 has an invalid length.
[  285.029745][T14214] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2860'.
[  285.034299][T14214] tc_dump_action: action bad kind
[  285.035321][T14212] program syz.7.2859 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  285.119037][T14226] FAULT_INJECTION: forcing a failure.
[  285.119037][T14226] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  285.122910][T14223] netlink: zone id is out of range
[  285.123107][T14226] CPU: 0 UID: 0 PID: 14226 Comm: syz.5.2865 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  285.123121][T14226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  285.123127][T14226] Call Trace:
[  285.123132][T14226]  <TASK>
[  285.123136][T14226]  dump_stack_lvl+0x16c/0x1f0
[  285.123153][T14226]  should_fail_ex+0x512/0x640
[  285.123167][T14226]  should_fail_alloc_page+0xe7/0x130
[  285.123180][T14226]  prepare_alloc_pages+0x3c2/0x610
[  285.123196][T14226]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  285.123207][T14226]  ? kasan_save_stack+0x33/0x60
[  285.123216][T14226]  ? kasan_save_track+0x14/0x30
[  285.123225][T14226]  ? __kasan_slab_alloc+0x89/0x90
[  285.123234][T14226]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  285.123243][T14226]  ? ptlock_alloc+0x1f/0x70
[  285.123257][T14226]  ? pte_alloc_one+0x6d/0x380
[  285.123269][T14226]  ? __pte_alloc+0x6d/0x3c0
[  285.123279][T14226]  ? mfill_atomic_copy+0xedf/0x1c20
[  285.123290][T14226]  ? userfaultfd_ioctl+0x20bb/0x3890
[  285.123303][T14226]  ? __x64_sys_ioctl+0x190/0x200
[  285.123315][T14226]  ? do_syscall_64+0xcd/0x260
[  285.123328][T14226]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.123340][T14226]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  285.123357][T14226]  ? __lock_acquire+0xaa4/0x1ba0
[  285.123368][T14226]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  285.123380][T14226]  ? policy_nodemask+0xea/0x4e0
[  285.123392][T14226]  alloc_pages_mpol+0x1fb/0x550
[  285.123403][T14226]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  285.123415][T14226]  ? find_held_lock+0x2b/0x80
[  285.123429][T14226]  folio_alloc_mpol_noprof+0x36/0x2f0
[  285.123442][T14226]  vma_alloc_folio_noprof+0xed/0x1e0
[  285.123455][T14226]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  285.123471][T14226]  mfill_atomic_copy+0xf61/0x1c20
[  285.123487][T14226]  ? find_held_lock+0x2b/0x80
[  285.123499][T14226]  ? __might_fault+0xe3/0x190
[  285.123509][T14226]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  285.123525][T14226]  userfaultfd_ioctl+0x20bb/0x3890
[  285.123541][T14226]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  285.123553][T14226]  ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450
[  285.123569][T14226]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  285.123589][T14226]  ? hook_file_ioctl_common+0x145/0x410
[  285.123603][T14226]  ? selinux_file_ioctl+0x180/0x270
[  285.123617][T14226]  ? selinux_file_ioctl+0xb4/0x270
[  285.123631][T14226]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  285.123645][T14226]  ? __x64_sys_ioctl+0x190/0x200
[  285.123657][T14226]  __x64_sys_ioctl+0x190/0x200
[  285.123672][T14226]  do_syscall_64+0xcd/0x260
[  285.123686][T14226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.123695][T14226] RIP: 0033:0x7f46bcb8e169
[  285.123704][T14226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  285.123713][T14226] RSP: 002b:00007f46bda90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  285.123723][T14226] RAX: ffffffffffffffda RBX: 00007f46bcdb5fa0 RCX: 00007f46bcb8e169
[  285.123729][T14226] RDX: 0000200000000400 RSI: 00000000c028aa03 RDI: 0000000000000003
[  285.123735][T14226] RBP: 00007f46bda90090 R08: 0000000000000000 R09: 0000000000000000
[  285.123741][T14226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.123746][T14226] R13: 0000000000000000 R14: 00007f46bcdb5fa0 R15: 00007fff72e7dde8
[  285.123759][T14226]  </TASK>
[  285.231469][T14223] netlink: zone id is out of range
[  285.233145][T14223] netlink: zone id is out of range
[  285.238512][T14223] netlink: zone id is out of range
[  285.269793][T14236] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2869'.
[  285.421244][ T5959] Bluetooth: hci6: unexpected event for opcode 0x1001
[  285.488546][T14247] sg_write: data in/out 53/10 bytes for SCSI command 0xff-- guessing data in;
[  285.488546][T14247]    program syz.4.2873 not setting count and/or reply_len properly
[  286.160179][   T40] audit: type=1400 audit(1745049515.231:1076): avc:  denied  { create } for  pid=14259 comm="syz.5.2879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  286.184558][T14262] FAULT_INJECTION: forcing a failure.
[  286.184558][T14262] name failslab, interval 1, probability 0, space 0, times 0
[  286.189147][T14262] CPU: 2 UID: 0 PID: 14262 Comm: syz.5.2880 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  286.189161][T14262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  286.189168][T14262] Call Trace:
[  286.189172][T14262]  <TASK>
[  286.189176][T14262]  dump_stack_lvl+0x16c/0x1f0
[  286.189193][T14262]  should_fail_ex+0x512/0x640
[  286.189205][T14262]  ? __kmalloc_noprof+0xbf/0x510
[  286.189217][T14262]  ? memcg_list_lru_alloc+0x4e9/0x740
[  286.189228][T14262]  should_failslab+0xc2/0x120
[  286.189241][T14262]  __kmalloc_noprof+0xd2/0x510
[  286.189250][T14262]  ? __lock_acquire+0x5ca/0x1ba0
[  286.189260][T14262]  ? __update_ref_ctr+0x4f2/0x520
[  286.189275][T14262]  memcg_list_lru_alloc+0x4e9/0x740
[  286.189289][T14262]  ? __pfx_memcg_list_lru_alloc+0x10/0x10
[  286.189304][T14262]  ? get_mem_cgroup_from_objcg+0xd3/0x330
[  286.189321][T14262]  __memcg_slab_post_alloc_hook+0x131/0x940
[  286.189335][T14262]  ? kasan_save_track+0x14/0x30
[  286.189346][T14262]  kmem_cache_alloc_lru_noprof+0x30f/0x3b0
[  286.189357][T14262]  ? mqueue_alloc_inode+0x25/0x50
[  286.189369][T14262]  ? __pfx_mqueue_fill_super+0x10/0x10
[  286.189379][T14262]  ? __pfx_mqueue_alloc_inode+0x10/0x10
[  286.189388][T14262]  mqueue_alloc_inode+0x25/0x50
[  286.189398][T14262]  alloc_inode+0x61/0x240
[  286.189411][T14262]  new_inode+0x22/0x1c0
[  286.189424][T14262]  ? __pfx_mqueue_fill_super+0x10/0x10
[  286.189433][T14262]  mqueue_get_inode+0x2e/0xdd0
[  286.189443][T14262]  ? sget_fc+0x808/0xc20
[  286.189459][T14262]  ? __pfx_mqueue_fill_super+0x10/0x10
[  286.189468][T14262]  mqueue_fill_super+0x112/0x210
[  286.189479][T14262]  get_tree_nodev+0xda/0x190
[  286.189488][T14262]  mqueue_get_tree+0xf1/0x130
[  286.189498][T14262]  vfs_get_tree+0x8b/0x340
[  286.189512][T14262]  fc_mount+0x16/0xc0
[  286.189525][T14262]  mq_init_ns+0x426/0x620
[  286.189538][T14262]  copy_ipcs+0x383/0x610
[  286.189549][T14262]  ? copy_utsname+0xab/0x470
[  286.189560][T14262]  create_new_namespaces+0x20a/0xad0
[  286.189575][T14262]  ? security_capable+0x7e/0x260
[  286.189588][T14262]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  286.189630][T14262]  ksys_unshare+0x45b/0xa40
[  286.189647][T14262]  ? __pfx_ksys_unshare+0x10/0x10
[  286.189661][T14262]  ? ksys_write+0x1b9/0x240
[  286.189674][T14262]  __x64_sys_unshare+0x31/0x40
[  286.189688][T14262]  do_syscall_64+0xcd/0x260
[  286.189703][T14262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.189713][T14262] RIP: 0033:0x7f46bcb8e169
[  286.189722][T14262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.189731][T14262] RSP: 002b:00007f46bda90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  286.189741][T14262] RAX: ffffffffffffffda RBX: 00007f46bcdb5fa0 RCX: 00007f46bcb8e169
[  286.189747][T14262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000
[  286.189753][T14262] RBP: 00007f46bda90090 R08: 0000000000000000 R09: 0000000000000000
[  286.189759][T14262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  286.189764][T14262] R13: 0000000000000001 R14: 00007f46bcdb5fa0 R15: 00007fff72e7dde8
[  286.189777][T14262]  </TASK>
[  286.268867][   T40] audit: type=1400 audit(1745049515.341:1077): avc:  denied  { nlmsg_read } for  pid=14263 comm="syz.5.2881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  286.385960][ T5961] block nbd4: Receive control failed (result -107)
[  286.466191][T14270] nbd4: detected capacity change from 0 to 12
[  286.469214][T12285] block nbd4: Dead connection, failed to find a fallback
[  286.471514][T12285] block nbd4: shutting down sockets
[  286.473610][T12285] ldm_validate_partition_table(): Disk read failed.
[  286.481571][T12285] Dev nbd4: unable to read RDB block 0
[  286.483493][T12285]  nbd4: unable to read partition table
[  286.486013][T12285] nbd4: partition table beyond EOD, truncated
[  286.491477][T12285] ldm_validate_partition_table(): Disk read failed.
[  286.493808][T12285] Dev nbd4: unable to read RDB block 0
[  286.496032][T12285]  nbd4: unable to read partition table
[  286.498218][T12285] nbd4: partition table beyond EOD, truncated
[  286.519380][T14286] misc userio: Can't change port type on an already running userio instance
[  286.566216][ T5961] block nbd6: Receive control failed (result -107)
[  286.667753][T14288] bio_check_eod: 17 callbacks suppressed
[  286.667763][T14288] syz.6.2891: attempt to access beyond end of device
[  286.667763][T14288] nbd6: rw=0, sector=64, nr_sectors = 2 limit=0
[  286.673651][T14288] syz.6.2891: attempt to access beyond end of device
[  286.673651][T14288] nbd6: rw=0, sector=512, nr_sectors = 2 limit=0
[  286.675237][T14290] nbd6: detected capacity change from 0 to 12
[  286.677764][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  286.682678][T14288] block nbd6: Dead connection, failed to find a fallback
[  286.684921][T14288] block nbd6: shutting down sockets
[  286.686732][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=0, location=0
[  286.689618][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=1, location=1
[  286.692460][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  286.695866][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  286.698874][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=2, location=2
[  286.701758][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=1, location=1
[  286.704599][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=0, location=0
[  286.707637][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  286.710804][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  286.713783][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=0, location=0
[  286.716709][T14288] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  286.719711][T14288] UDF-fs: warning (device nbd6): udf_fill_super: No partition found (1)
[  286.778353][ T7071] Bluetooth: hci0: Frame reassembly failed (-84)
[  286.802725][T14298] lo: entered allmulticast mode
[  286.809144][T14297] lo: left allmulticast mode
[  286.850300][   T40] audit: type=1400 audit(1745049515.921:1078): avc:  denied  { lock } for  pid=14299 comm="syz.4.2896" path="socket:[41672]" dev="sockfs" ino=41672 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  286.902449][T14307] PKCS7: Unknown OID: [4] 5.25.43204.122
[  286.904586][T14307] PKCS7: Only support pkcs7_signedData type
[  286.907626][T14307] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2898'.
[  286.910574][T14307] netlink: 'syz.4.2898': attribute type 7 has an invalid length.
[  286.913708][T14307] netlink: 'syz.4.2898': attribute type 8 has an invalid length.
[  286.916658][T14307] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2898'.
[  287.034837][T14314] nfs4: Unknown parameter '
PL'
[  287.103929][   T40] audit: type=1400 audit(1745049516.171:1079): avc:  denied  { create } for  pid=14324 comm="syz.4.2905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  287.106597][T14325] netlink: 'syz.4.2905': attribute type 1 has an invalid length.
[  287.106608][ T5959] Bluetooth: hci3: Unknown advertising packet type: 0x18
[  287.106622][ T5959] Bluetooth: hci3: Unknown advertising packet type: 0x1e
[  287.106631][ T5959] Bluetooth: hci3: Unknown advertising packet type: 0x30
[  287.106637][ T5959] Bluetooth: hci3: Unknown advertising packet type: 0x36
[  287.106644][ T5959] Bluetooth: hci3: Malformed LE Event: 0x0d
[  287.124293][T14325] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2905'.
[  287.221408][T14328] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4.
[  287.377787][T14338] FAULT_INJECTION: forcing a failure.
[  287.377787][T14338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.382239][T14338] CPU: 1 UID: 0 PID: 14338 Comm: syz.7.2910 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  287.382253][T14338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  287.382259][T14338] Call Trace:
[  287.382264][T14338]  <TASK>
[  287.382268][T14338]  dump_stack_lvl+0x16c/0x1f0
[  287.382284][T14338]  should_fail_ex+0x512/0x640
[  287.382298][T14338]  _copy_from_iter+0x2a4/0x15b0
[  287.382311][T14338]  ? __lock_acquire+0xaa4/0x1ba0
[  287.382321][T14338]  ? __pfx__copy_from_iter+0x10/0x10
[  287.382333][T14338]  ? _kstrtoull+0x145/0x200
[  287.382347][T14338]  ? __pfx__kstrtoull+0x10/0x10
[  287.382363][T14338]  tun_get_user+0x13da/0x3b10
[  287.382379][T14338]  ? __lock_acquire+0x5ca/0x1ba0
[  287.382389][T14338]  ? __pfx_tun_get_user+0x10/0x10
[  287.382401][T14338]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  287.382416][T14338]  ? find_held_lock+0x2b/0x80
[  287.382428][T14338]  ? tun_get+0x191/0x370
[  287.382442][T14338]  tun_chr_write_iter+0xdc/0x210
[  287.382456][T14338]  vfs_write+0x5ba/0x1180
[  287.382465][T14338]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  287.382480][T14338]  ? __pfx_vfs_write+0x10/0x10
[  287.382493][T14338]  ? find_held_lock+0x2b/0x80
[  287.382512][T14338]  ksys_write+0x12a/0x240
[  287.382521][T14338]  ? __pfx_ksys_write+0x10/0x10
[  287.382533][T14338]  do_syscall_64+0xcd/0x260
[  287.382548][T14338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.382558][T14338] RIP: 0033:0x7f027f98e169
[  287.382567][T14338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.382577][T14338] RSP: 002b:00007f028088e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  287.382586][T14338] RAX: ffffffffffffffda RBX: 00007f027fbb5fa0 RCX: 00007f027f98e169
[  287.382593][T14338] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  287.382598][T14338] RBP: 00007f028088e090 R08: 0000000000000000 R09: 0000000000000000
[  287.382604][T14338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.382610][T14338] R13: 0000000000000000 R14: 00007f027fbb5fa0 R15: 00007ffde304c6b8
[  287.382622][T14338]  </TASK>
[  287.586265][T14349] FAULT_INJECTION: forcing a failure.
[  287.586265][T14349] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.590045][T14349] CPU: 0 UID: 0 PID: 14349 Comm: syz.7.2914 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  287.590060][T14349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  287.590066][T14349] Call Trace:
[  287.590071][T14349]  <TASK>
[  287.590075][T14349]  dump_stack_lvl+0x16c/0x1f0
[  287.590092][T14349]  should_fail_ex+0x512/0x640
[  287.590106][T14349]  _copy_from_user+0x2e/0xd0
[  287.590118][T14349]  mfill_atomic_copy+0xff7/0x1c20
[  287.590135][T14349]  ? find_held_lock+0x2b/0x80
[  287.590149][T14349]  ? __might_fault+0xe3/0x190
[  287.590160][T14349]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  287.590178][T14349]  userfaultfd_ioctl+0x20bb/0x3890
[  287.590194][T14349]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  287.590206][T14349]  ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450
[  287.590223][T14349]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  287.590244][T14349]  ? hook_file_ioctl_common+0x145/0x410
[  287.590257][T14349]  ? selinux_file_ioctl+0x180/0x270
[  287.590271][T14349]  ? selinux_file_ioctl+0xb4/0x270
[  287.590285][T14349]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  287.590300][T14349]  ? __x64_sys_ioctl+0x190/0x200
[  287.590312][T14349]  __x64_sys_ioctl+0x190/0x200
[  287.590326][T14349]  do_syscall_64+0xcd/0x260
[  287.590341][T14349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.590352][T14349] RIP: 0033:0x7f027f98e169
[  287.590360][T14349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.590370][T14349] RSP: 002b:00007f028088e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  287.590380][T14349] RAX: ffffffffffffffda RBX: 00007f027fbb5fa0 RCX: 00007f027f98e169
[  287.590386][T14349] RDX: 0000200000000400 RSI: 00000000c028aa03 RDI: 0000000000000003
[  287.590392][T14349] RBP: 00007f028088e090 R08: 0000000000000000 R09: 0000000000000000
[  287.590398][T14349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.590403][T14349] R13: 0000000000000000 R14: 00007f027fbb5fa0 R15: 00007ffde304c6b8
[  287.590416][T14349]  </TASK>
[  287.821440][T14367] FAULT_INJECTION: forcing a failure.
[  287.821440][T14367] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.826062][T14367] CPU: 3 UID: 0 PID: 14367 Comm: syz.7.2920 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  287.826087][T14367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  287.826098][T14367] Call Trace:
[  287.826104][T14367]  <TASK>
[  287.826111][T14367]  dump_stack_lvl+0x16c/0x1f0
[  287.826152][T14367]  should_fail_ex+0x512/0x640
[  287.826176][T14367]  _copy_to_user+0x32/0xd0
[  287.826203][T14367]  bpf_prog_array_copy_to_user+0x183/0x280
[  287.826230][T14367]  cgroup_bpf_prog_query+0x8f1/0x12b0
[  287.826258][T14367]  ? __pfx_cgroup_bpf_prog_query+0x10/0x10
[  287.826278][T14367]  ? cap_capable+0xb3/0x250
[  287.826299][T14367]  ? bpf_lsm_capable+0x9/0x10
[  287.826313][T14367]  ? security_capable+0x7e/0x260
[  287.826335][T14367]  __sys_bpf+0x1b9a/0x4d80
[  287.826360][T14367]  ? __pfx___sys_bpf+0x10/0x10
[  287.826381][T14367]  ? ksys_write+0x190/0x240
[  287.826400][T14367]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  287.826439][T14367]  ? fput+0x70/0xf0
[  287.826457][T14367]  ? ksys_write+0x1b9/0x240
[  287.826471][T14367]  ? __pfx_ksys_write+0x10/0x10
[  287.826490][T14367]  __x64_sys_bpf+0x78/0xc0
[  287.826511][T14367]  ? lockdep_hardirqs_on+0x7c/0x110
[  287.826532][T14367]  do_syscall_64+0xcd/0x260
[  287.826556][T14367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.826573][T14367] RIP: 0033:0x7f027f98e169
[  287.826587][T14367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.826603][T14367] RSP: 002b:00007f028088e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  287.826619][T14367] RAX: ffffffffffffffda RBX: 00007f027fbb5fa0 RCX: 00007f027f98e169
[  287.826630][T14367] RDX: 0000000000000040 RSI: 00002000000002c0 RDI: 0000000000000010
[  287.826641][T14367] RBP: 00007f028088e090 R08: 0000000000000000 R09: 0000000000000000
[  287.826650][T14367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.826660][T14367] R13: 0000000000000000 R14: 00007f027fbb5fa0 R15: 00007ffde304c6b8
[  287.826683][T14367]  </TASK>
[  287.834665][   T40] audit: type=1400 audit(1745049516.901:1080): avc:  denied  { append } for  pid=14368 comm="syz.4.2921" name="hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  287.878462][ T5987] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=5987 comm=kworker/3:4
[  287.880423][   T40] audit: type=1400 audit(1745049516.901:1081): avc:  denied  { map } for  pid=14368 comm="syz.4.2921" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  287.888095][T14374] netlink: 'syz.4.2923': attribute type 3 has an invalid length.
[  287.890407][   T40] audit: type=1400 audit(1745049516.901:1082): avc:  denied  { execute } for  pid=14368 comm="syz.4.2921" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  287.936706][T14374] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2923'.
[  287.967378][T14379] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  287.973010][T14379] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2925'.
[  288.049577][T14385] FAULT_INJECTION: forcing a failure.
[  288.049577][T14385] name failslab, interval 1, probability 0, space 0, times 0
[  288.054514][T14385] CPU: 3 UID: 0 PID: 14385 Comm: syz.4.2927 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  288.054529][T14385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  288.054536][T14385] Call Trace:
[  288.054541][T14385]  <TASK>
[  288.054545][T14385]  dump_stack_lvl+0x16c/0x1f0
[  288.054562][T14385]  should_fail_ex+0x512/0x640
[  288.054577][T14385]  ? __kmalloc_noprof+0xbf/0x510
[  288.054593][T14385]  ? apply_wqattrs_prepare+0xf8/0xbd0
[  288.054612][T14385]  should_failslab+0xc2/0x120
[  288.054626][T14385]  __kmalloc_noprof+0xd2/0x510
[  288.054639][T14385]  apply_wqattrs_prepare+0xf8/0xbd0
[  288.054657][T14385]  apply_workqueue_attrs_locked+0x64/0xe0
[  288.054671][T14385]  __alloc_workqueue+0xf41/0x1810
[  288.054691][T14385]  alloc_workqueue+0xd2/0x200
[  288.054705][T14385]  ? __pfx_alloc_workqueue+0x10/0x10
[  288.054727][T14385]  hci_register_dev+0x1cf/0xc60
[  288.054745][T14385]  hci_uart_tty_ioctl+0x7e2/0xc30
[  288.054757][T14385]  ? __pfx_hci_uart_tty_ioctl+0x10/0x10
[  288.054766][T14385]  tty_ioctl+0x6f6/0x1610
[  288.054781][T14385]  ? __pfx_tty_ioctl+0x10/0x10
[  288.054795][T14385]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  288.054816][T14385]  ? hook_file_ioctl_common+0x145/0x410
[  288.054830][T14385]  ? selinux_file_ioctl+0x180/0x270
[  288.054844][T14385]  ? selinux_file_ioctl+0xb4/0x270
[  288.054859][T14385]  ? __pfx_tty_ioctl+0x10/0x10
[  288.054873][T14385]  __x64_sys_ioctl+0x190/0x200
[  288.054888][T14385]  do_syscall_64+0xcd/0x260
[  288.054903][T14385]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.054913][T14385] RIP: 0033:0x7f844318e169
[  288.054923][T14385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.054932][T14385] RSP: 002b:00007f844402f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  288.054943][T14385] RAX: ffffffffffffffda RBX: 00007f84433b5fa0 RCX: 00007f844318e169
[  288.054955][T14385] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[  288.054961][T14385] RBP: 00007f844402f090 R08: 0000000000000000 R09: 0000000000000000
[  288.054967][T14385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  288.054973][T14385] R13: 0000000000000000 R14: 00007f84433b5fa0 R15: 00007fff4a554028
[  288.054986][T14385]  </TASK>
[  288.128668][T14385] Bluetooth: Can't register HCI device
[  288.206355][T14391] FAULT_INJECTION: forcing a failure.
[  288.206355][T14391] name failslab, interval 1, probability 0, space 0, times 0
[  288.210699][T14391] CPU: 3 UID: 0 PID: 14391 Comm: syz.4.2930 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  288.210713][T14391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  288.210719][T14391] Call Trace:
[  288.210723][T14391]  <TASK>
[  288.210728][T14391]  dump_stack_lvl+0x16c/0x1f0
[  288.210745][T14391]  should_fail_ex+0x512/0x640
[  288.210756][T14391]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  288.210768][T14391]  should_failslab+0xc2/0x120
[  288.210780][T14391]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  288.210793][T14391]  ? ptlock_alloc+0x1f/0x70
[  288.210812][T14391]  ptlock_alloc+0x1f/0x70
[  288.210826][T14391]  pte_alloc_one+0x6d/0x380
[  288.210841][T14391]  do_pte_missing+0x1c0b/0x3fb0
[  288.210856][T14391]  ? mtree_range_walk+0x718/0xc00
[  288.210869][T14391]  ? find_held_lock+0x2b/0x80
[  288.210883][T14391]  __handle_mm_fault+0x103d/0x2a40
[  288.210901][T14391]  ? __pfx___handle_mm_fault+0x10/0x10
[  288.210923][T14391]  ? find_vma+0xbf/0x140
[  288.210935][T14391]  ? __pfx_find_vma+0x10/0x10
[  288.210954][T14391]  handle_mm_fault+0x3fe/0xad0
[  288.210971][T14391]  do_user_addr_fault+0x7a6/0x1370
[  288.210984][T14391]  ? rcu_is_watching+0x12/0xc0
[  288.210998][T14391]  exc_page_fault+0x5c/0xc0
[  288.211011][T14391]  asm_exc_page_fault+0x26/0x30
[  288.211021][T14391] RIP: 0010:_copy_from_user+0x93/0xd0
[  288.211033][T14391] Code: 89 eb fc 89 ee 4c 89 ef 48 b8 00 f0 ff ff ff 7f 00 00 48 39 c3 48 0f 47 d8 e8 59 0a 51 fd 0f 01 cb 4c 89 ef 48 89 de 48 89 e9 <f3> a4 0f 1f 00 49 89 cc 48 89 cb 0f 01 ca 31 ff 48 89 ce e8 d5 84
[  288.211042][T14391] RSP: 0018:ffffc90006597b80 EFLAGS: 00050246
[  288.211050][T14391] RAX: 0000000000000001 RBX: 0000200000ffb000 RCX: 0000000000001000
[  288.211057][T14391] RDX: 0000000000000000 RSI: 0000200000ffb000 RDI: ffff888037143000
[  288.211063][T14391] RBP: 0000000000001000 R08: 0000000000000001 R09: ffffed1006e287ff
[  288.211069][T14391] R10: ffff888037143fff R11: 0000000000000000 R12: 0000000000000000
[  288.211074][T14391] R13: ffff888037143000 R14: ffff88802b1f2320 R15: 000020000092c000
[  288.211089][T14391]  mfill_atomic_copy+0x11ae/0x1c20
[  288.211105][T14391]  ? find_held_lock+0x2b/0x80
[  288.211117][T14391]  ? __might_fault+0xe3/0x190
[  288.211126][T14391]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  288.211143][T14391]  userfaultfd_ioctl+0x20bb/0x3890
[  288.211159][T14391]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  288.211171][T14391]  ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450
[  288.211187][T14391]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  288.211209][T14391]  ? hook_file_ioctl_common+0x145/0x410
[  288.211222][T14391]  ? selinux_file_ioctl+0x180/0x270
[  288.211236][T14391]  ? selinux_file_ioctl+0xb4/0x270
[  288.211249][T14391]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  288.211264][T14391]  ? __x64_sys_ioctl+0x190/0x200
[  288.211277][T14391]  __x64_sys_ioctl+0x190/0x200
[  288.211290][T14391]  do_syscall_64+0xcd/0x260
[  288.211305][T14391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.211314][T14391] RIP: 0033:0x7f844318e169
[  288.211322][T14391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.211331][T14391] RSP: 002b:00007f844400e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  288.211340][T14391] RAX: ffffffffffffffda RBX: 00007f84433b6080 RCX: 00007f844318e169
[  288.211346][T14391] RDX: 0000200000000400 RSI: 00000000c028aa03 RDI: 0000000000000003
[  288.211351][T14391] RBP: 00007f844400e090 R08: 0000000000000000 R09: 0000000000000000
[  288.211357][T14391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  288.211363][T14391] R13: 0000000000000001 R14: 00007f84433b6080 R15: 00007fff4a554028
[  288.211375][T14391]  </TASK>
[  288.718079][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  288.718089][   T40] audit: type=1400 audit(1745049517.791:1084): avc:  denied  { unmount } for  pid=12291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  288.845248][ T5961] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  288.845529][ T5959] Bluetooth: hci0: command 0x1003 tx timeout
[  289.011796][ T5959] Bluetooth: hci3: unexpected event 0x2f length: 763 > 260
[  289.291600][ T5959] block nbd5: Receive control failed (result -107)
[  289.314969][T14434] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2946'.
[  289.384895][T14430] syz.5.2943: attempt to access beyond end of device
[  289.384895][T14430] nbd5: rw=0, sector=64, nr_sectors = 2 limit=0
[  289.389118][T14430] syz.5.2943: attempt to access beyond end of device
[  289.389118][T14430] nbd5: rw=0, sector=512, nr_sectors = 2 limit=0
[  289.390235][T14426] nbd5: detected capacity change from 0 to 12
[  289.393260][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  289.398555][T14430] block nbd5: Dead connection, failed to find a fallback
[  289.400778][T14430] block nbd5: shutting down sockets
[  289.402478][T14430] blk_print_req_error: 171 callbacks suppressed
[  289.402486][T14430] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.407436][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=0, location=0
[  289.410278][T14430] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.413485][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=1, location=1
[  289.413654][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.416619][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  289.419316][ T8973] buffer_io_error: 165 callbacks suppressed
[  289.419324][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  289.427649][ T8973] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.431388][ T8973] Buffer I/O error on dev nbd5, logical block 1, async page read
[  289.434787][ T8973] I/O error, dev nbd5, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.438036][ T8973] Buffer I/O error on dev nbd5, logical block 2, async page read
[  289.440591][ T8973] I/O error, dev nbd5, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.443870][ T8973] Buffer I/O error on dev nbd5, logical block 3, async page read
[  289.447870][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  289.448140][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.452306][T14430] I/O error, dev nbd5, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.454759][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  289.454884][ T8973] I/O error, dev nbd5, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.457761][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=2, location=2
[  289.461519][ T8973] Buffer I/O error on dev nbd5, logical block 1, async page read
[  289.471873][T14430] I/O error, dev nbd5, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  289.475102][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=1, location=1
[  289.475218][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  289.481267][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=0, location=0
[  289.481281][ T8973] Buffer I/O error on dev nbd5, logical block 1, async page read
[  289.484220][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  289.487071][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  289.492353][ T8973] Buffer I/O error on dev nbd5, logical block 1, async page read
[  289.497846][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  289.498009][ T8973] ldm_validate_partition_table(): Disk read failed.
[  289.500989][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=0, location=0
[  289.503087][ T8973] Dev nbd5: unable to read RDB block 0
[  289.506605][T14430] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  289.509155][ T8973]  nbd5: unable to read partition table
[  289.510926][T14430] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1)
[  289.512729][ T8973] nbd5: partition table beyond EOD, truncated
[  289.523765][ T8973] ldm_validate_partition_table(): Disk read failed.
[  289.526348][ T8973] Dev nbd5: unable to read RDB block 0
[  289.528212][ T8973]  nbd5: unable to read partition table
[  289.530032][ T8973] nbd5: partition table beyond EOD, truncated
[  289.826090][T14454] libceph: resolve '40' (ret=-3): failed
[  289.828600][T14454] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2954'.
[  289.870967][T14460] FAULT_INJECTION: forcing a failure.
[  289.870967][T14460] name failslab, interval 1, probability 0, space 0, times 0
[  289.874906][T14460] CPU: 2 UID: 0 PID: 14460 Comm: syz.4.2956 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  289.874920][T14460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  289.874929][T14460] Call Trace:
[  289.874933][T14460]  <TASK>
[  289.874936][T14460]  dump_stack_lvl+0x16c/0x1f0
[  289.874958][T14460]  should_fail_ex+0x512/0x640
[  289.874969][T14460]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  289.874981][T14460]  should_failslab+0xc2/0x120
[  289.874993][T14460]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  289.875003][T14460]  ? __alloc_skb+0x2b2/0x380
[  289.875017][T14460]  __alloc_skb+0x2b2/0x380
[  289.875028][T14460]  ? __pfx___alloc_skb+0x10/0x10
[  289.875043][T14460]  alloc_skb_with_frags+0xe0/0x860
[  289.875056][T14460]  ? __might_fault+0xe3/0x190
[  289.875066][T14460]  ? __might_fault+0xe3/0x190
[  289.875078][T14460]  sock_alloc_send_pskb+0x7fb/0x990
[  289.875090][T14460]  ? _copy_from_iter+0x161/0x15b0
[  289.875104][T14460]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  289.875116][T14460]  ? _kstrtoull+0x145/0x200
[  289.875142][T14460]  ? __pfx__kstrtoull+0x10/0x10
[  289.875156][T14460]  ? iov_iter_advance+0x7d/0x6c0
[  289.875169][T14460]  tun_get_user+0x502/0x3b10
[  289.875188][T14460]  ? __pfx_tun_get_user+0x10/0x10
[  289.875200][T14460]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  289.875215][T14460]  ? find_held_lock+0x2b/0x80
[  289.875229][T14460]  ? tun_get+0x191/0x370
[  289.875243][T14460]  tun_chr_write_iter+0xdc/0x210
[  289.875257][T14460]  vfs_write+0x5ba/0x1180
[  289.875266][T14460]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  289.875280][T14460]  ? __pfx_vfs_write+0x10/0x10
[  289.875294][T14460]  ? find_held_lock+0x2b/0x80
[  289.875314][T14460]  ksys_write+0x12a/0x240
[  289.875322][T14460]  ? __pfx_ksys_write+0x10/0x10
[  289.875330][T14460]  ? rcu_is_watching+0x12/0xc0
[  289.875346][T14460]  do_syscall_64+0xcd/0x260
[  289.875360][T14460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.875371][T14460] RIP: 0033:0x7f844318e169
[  289.875379][T14460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.875389][T14460] RSP: 002b:00007f844402f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  289.875398][T14460] RAX: ffffffffffffffda RBX: 00007f84433b5fa0 RCX: 00007f844318e169
[  289.875405][T14460] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  289.875410][T14460] RBP: 00007f844402f090 R08: 0000000000000000 R09: 0000000000000000
[  289.875416][T14460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  289.875422][T14460] R13: 0000000000000000 R14: 00007f84433b5fa0 R15: 00007fff4a554028
[  289.875434][T14460]  </TASK>
[  289.882741][T14461] delete_channel: no stack
[  290.030180][T14466] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2959'.
[  290.219860][T14477] FAULT_INJECTION: forcing a failure.
[  290.219860][T14477] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.225607][T14477] CPU: 1 UID: 0 PID: 14477 Comm: syz.7.2962 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  290.225629][T14477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  290.225640][T14477] Call Trace:
[  290.225646][T14477]  <TASK>
[  290.225653][T14477]  dump_stack_lvl+0x16c/0x1f0
[  290.225681][T14477]  should_fail_ex+0x512/0x640
[  290.225703][T14477]  _copy_to_user+0x32/0xd0
[  290.225724][T14477]  simple_read_from_buffer+0xcb/0x170
[  290.225752][T14477]  proc_fail_nth_read+0x197/0x270
[  290.225778][T14477]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.225805][T14477]  ? rw_verify_area+0xcf/0x680
[  290.225827][T14477]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  290.225853][T14477]  vfs_read+0x1de/0xc70
[  290.225888][T14477]  ? __pfx___mutex_lock+0x10/0x10
[  290.225912][T14477]  ? __pfx_vfs_read+0x10/0x10
[  290.225943][T14477]  ? __fget_files+0x20e/0x3c0
[  290.225966][T14477]  ksys_read+0x12a/0x240
[  290.225980][T14477]  ? __pfx_ksys_read+0x10/0x10
[  290.225993][T14477]  ? rcu_is_watching+0x12/0xc0
[  290.226021][T14477]  do_syscall_64+0xcd/0x260
[  290.226045][T14477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.226062][T14477] RIP: 0033:0x7f027f98cb7c
[  290.226075][T14477] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  290.226091][T14477] RSP: 002b:00007f028088e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  290.226107][T14477] RAX: ffffffffffffffda RBX: 00007f027fbb5fa0 RCX: 00007f027f98cb7c
[  290.226118][T14477] RDX: 000000000000000f RSI: 00007f028088e0a0 RDI: 0000000000000007
[  290.226128][T14477] RBP: 00007f028088e090 R08: 0000000000000000 R09: 0000000000000000
[  290.226138][T14477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.226148][T14477] R13: 0000000000000000 R14: 00007f027fbb5fa0 R15: 00007ffde304c6b8
[  290.226177][T14477]  </TASK>
[  290.308667][    C1] vkms_vblank_simulate: vblank timer overrun
[  290.367122][   T40] audit: type=1400 audit(1745049519.441:1085): avc:  denied  { remount } for  pid=14487 comm="syz.5.2966" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  290.368262][T14488] option changes via remount are deprecated (pid=14487 comm=syz.5.2966)
[  290.387835][   T40] audit: type=1400 audit(1745049519.461:1086): avc:  denied  { write } for  pid=14489 comm="syz.4.2967" name="file1" dev="9p" ino=36831315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  290.395635][   T40] audit: type=1400 audit(1745049519.461:1087): avc:  denied  { remove_name } for  pid=14489 comm="syz.4.2967" name="file1" dev="9p" ino=36831315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  290.402935][   T40] audit: type=1400 audit(1745049519.461:1088): avc:  denied  { rename } for  pid=14489 comm="syz.4.2967" name="file1" dev="9p" ino=36831315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  290.458630][ T5959] block nbd5: Receive control failed (result -107)
[  290.472826][T14498] sp0: Synchronizing with TNC
[  290.477033][T14497] [U] �
[  290.499214][ T5959] block nbd6: Receive control failed (result -107)
[  290.595355][T14499] nbd5: detected capacity change from 0 to 12
[  290.598145][T14491] block nbd5: shutting down sockets
[  290.600728][T14496] syz.6.2970: attempt to access beyond end of device
[  290.600728][T14496] nbd6: rw=0, sector=64, nr_sectors = 2 limit=0
[  290.604800][T14496] syz.6.2970: attempt to access beyond end of device
[  290.604800][T14496] nbd6: rw=0, sector=512, nr_sectors = 2 limit=0
[  290.609297][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  290.613101][T14496] syz.6.2970: attempt to access beyond end of device
[  290.613101][T14496] nbd6: rw=0, sector=1024, nr_sectors = 2 limit=0
[  290.618146][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  290.622334][T14496] syz.6.2970: attempt to access beyond end of device
[  290.622334][T14496] nbd6: rw=0, sector=64, nr_sectors = 4 limit=0
[  290.624988][   T40] audit: type=1400 audit(1745049519.691:1089): avc:  denied  { ioctl } for  pid=14503 comm="syz.5.2973" path="socket:[43562]" dev="sockfs" ino=43562 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  290.625249][T14500] nbd6: detected capacity change from 0 to 12
[  290.629599][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  290.637054][ T8973] block nbd6: Dead connection, failed to find a fallback
[  290.644006][T14496] block nbd6: Dead connection, failed to find a fallback
[  290.647278][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=2, location=2
[  290.647548][ T8973] block nbd6: shutting down sockets
[  290.652772][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=1, location=1
[  290.653865][ T8973] ldm_validate_partition_table(): Disk read failed.
[  290.656494][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=0, location=0
[  290.659223][ T8973] Dev nbd6: unable to read RDB block 0
[  290.662012][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  290.663950][ T8973]  nbd6: unable to read partition table
[  290.669484][ T8973] nbd6: partition table beyond EOD, truncated
[  290.669907][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  290.675839][ T8973] ldm_validate_partition_table(): Disk read failed.
[  290.676080][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=0, location=0
[  290.678131][ T8973] Dev nbd6: unable to read RDB block 0
[  290.682766][ T8973]  nbd6: unable to read partition table
[  290.684577][ T8973] nbd6: partition table beyond EOD, truncated
[  290.685315][T14496] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  290.689554][T14496] UDF-fs: warning (device nbd6): udf_fill_super: No partition found (1)
[  290.707915][ T5959] Bluetooth: hci7: unexpected event for opcode 0x080b
[  290.730063][T14513] FAULT_INJECTION: forcing a failure.
[  290.730063][T14513] name failslab, interval 1, probability 0, space 0, times 0
[  290.733595][T14513] CPU: 2 UID: 0 PID: 14513 Comm: syz.6.2976 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  290.733609][T14513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  290.733615][T14513] Call Trace:
[  290.733619][T14513]  <TASK>
[  290.733623][T14513]  dump_stack_lvl+0x16c/0x1f0
[  290.733640][T14513]  should_fail_ex+0x512/0x640
[  290.733652][T14513]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  290.733668][T14513]  should_failslab+0xc2/0x120
[  290.733680][T14513]  __kmalloc_cache_noprof+0x6a/0x3e0
[  290.733695][T14513]  ? apply_wqattrs_prepare+0x130/0xbd0
[  290.733711][T14513]  apply_wqattrs_prepare+0x130/0xbd0
[  290.733728][T14513]  apply_workqueue_attrs_locked+0x64/0xe0
[  290.733742][T14513]  __alloc_workqueue+0xf41/0x1810
[  290.733762][T14513]  alloc_workqueue+0xd2/0x200
[  290.733777][T14513]  ? __pfx_alloc_workqueue+0x10/0x10
[  290.733799][T14513]  hci_register_dev+0x1cf/0xc60
[  290.733816][T14513]  hci_uart_tty_ioctl+0x7e2/0xc30
[  290.733828][T14513]  ? __pfx_hci_uart_tty_ioctl+0x10/0x10
[  290.733836][T14513]  tty_ioctl+0x6f6/0x1610
[  290.733851][T14513]  ? __pfx_tty_ioctl+0x10/0x10
[  290.733866][T14513]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  290.733886][T14513]  ? hook_file_ioctl_common+0x145/0x410
[  290.733904][T14513]  ? selinux_file_ioctl+0x180/0x270
[  290.733918][T14513]  ? selinux_file_ioctl+0xb4/0x270
[  290.733933][T14513]  ? __pfx_tty_ioctl+0x10/0x10
[  290.733947][T14513]  __x64_sys_ioctl+0x190/0x200
[  290.733962][T14513]  do_syscall_64+0xcd/0x260
[  290.733977][T14513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.733987][T14513] RIP: 0033:0x7f44feb8e169
[  290.733995][T14513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.734005][T14513] RSP: 002b:00007f44ff9c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  290.734014][T14513] RAX: ffffffffffffffda RBX: 00007f44fedb5fa0 RCX: 00007f44feb8e169
[  290.734021][T14513] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[  290.734026][T14513] RBP: 00007f44ff9c9090 R08: 0000000000000000 R09: 0000000000000000
[  290.734032][T14513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  290.734038][T14513] R13: 0000000000000000 R14: 00007f44fedb5fa0 R15: 00007ffef2a5efd8
[  290.734051][T14513]  </TASK>
[  290.735015][T14513] Bluetooth: Can't register HCI device
[  290.790836][ T5959] Bluetooth: hci5: unexpected event for opcode 0x1001
[  290.841895][T14521] FAULT_INJECTION: forcing a failure.
[  290.841895][T14521] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  290.846175][T14521] CPU: 0 UID: 0 PID: 14521 Comm: syz.7.2979 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  290.846190][T14521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  290.846196][T14521] Call Trace:
[  290.846200][T14521]  <TASK>
[  290.846204][T14521]  dump_stack_lvl+0x16c/0x1f0
[  290.846221][T14521]  should_fail_ex+0x512/0x640
[  290.846234][T14521]  _copy_from_user+0x2e/0xd0
[  290.846246][T14521]  restore_altstack+0x93/0x170
[  290.846256][T14521]  ? __pfx_restore_altstack+0x10/0x10
[  290.846266][T14521]  ? _raw_spin_unlock_irq+0x23/0x50
[  290.846278][T14521]  ? lockdep_hardirqs_on+0x7c/0x110
[  290.846291][T14521]  ? _raw_spin_unlock_irq+0x2e/0x50
[  290.846302][T14521]  ? set_current_blocked+0xdd/0x120
[  290.846313][T14521]  __do_sys_rt_sigreturn+0x13c/0x230
[  290.846329][T14521]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  290.846347][T14521]  do_syscall_64+0xcd/0x260
[  290.846361][T14521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.846371][T14521] RIP: 0033:0x7f027f92a359
[  290.846380][T14521] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  290.846390][T14521] RSP: 002b:00007f028088d340 EFLAGS: 00000206 ORIG_RAX: 000000000000000f
[  290.846399][T14521] RAX: ffffffffffffffda RBX: 00007f027fbb5fa0 RCX: 00007f027f92a359
[  290.846405][T14521] RDX: 00007f028088d340 RSI: 00007f028088d470 RDI: 0000000000000021
[  290.846411][T14521] RBP: 00007f028088e090 R08: 0000000000000000 R09: 0000000000000000
[  290.846417][T14521] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  290.846423][T14521] R13: 0000000000000000 R14: 00007f027fbb5fa0 R15: 00007ffde304c6b8
[  290.846435][T14521]  </TASK>
[  290.861901][T14526] FAULT_INJECTION: forcing a failure.
[  290.861901][T14526] name failslab, interval 1, probability 0, space 0, times 0
[  290.874227][T14531] 9pnet_virtio: no channels available for device syz
[  290.875495][T14526] CPU: 2 UID: 0 PID: 14526 Comm: syz.5.2981 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  290.875509][T14526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  290.875515][T14526] Call Trace:
[  290.875519][T14526]  <TASK>
[  290.875523][T14526]  dump_stack_lvl+0x16c/0x1f0
[  290.875540][T14526]  should_fail_ex+0x512/0x640
[  290.875551][T14526]  ? fs_reclaim_acquire+0xae/0x150
[  290.875566][T14526]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  290.875581][T14526]  should_failslab+0xc2/0x120
[  290.875592][T14526]  __kmalloc_noprof+0xd2/0x510
[  290.875605][T14526]  tomoyo_realpath_from_path+0xc2/0x6e0
[  290.875620][T14526]  ? tomoyo_profile+0x47/0x60
[  290.875631][T14526]  tomoyo_path_number_perm+0x245/0x580
[  290.875643][T14526]  ? tomoyo_path_number_perm+0x237/0x580
[  290.875656][T14526]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  290.875669][T14526]  ? find_held_lock+0x2b/0x80
[  290.875692][T14526]  ? find_held_lock+0x2b/0x80
[  290.875703][T14526]  ? hook_file_ioctl_common+0x145/0x410
[  290.875716][T14526]  ? __fget_files+0x20e/0x3c0
[  290.875728][T14526]  security_file_ioctl+0x9b/0x240
[  290.875742][T14526]  __x64_sys_ioctl+0xb7/0x200
[  290.875757][T14526]  do_syscall_64+0xcd/0x260
[  290.875772][T14526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.875782][T14526] RIP: 0033:0x7f46bcb8e169
[  290.875790][T14526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.875799][T14526] RSP: 002b:00007f46bda90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  290.875809][T14526] RAX: ffffffffffffffda RBX: 00007f46bcdb5fa0 RCX: 00007f46bcb8e169
[  290.875815][T14526] RDX: 0000200000000080 RSI: 000000004008af30 RDI: 0000000000000007
[  290.875821][T14526] RBP: 00007f46bda90090 R08: 0000000000000000 R09: 0000000000000000
[  290.875827][T14526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.875833][T14526] R13: 0000000000000000 R14: 00007f46bcdb5fa0 R15: 00007fff72e7dde8
[  290.875845][T14526]  </TASK>
[  290.875849][T14526] ERROR: Out of memory at tomoyo_realpath_from_path.
[  290.877846][T14531] netlink: 244 bytes leftover after parsing attributes in process `syz.7.2983'.
[  291.180920][T14552] FAULT_INJECTION: forcing a failure.
[  291.180920][T14552] name failslab, interval 1, probability 0, space 0, times 0
[  291.185067][T14552] CPU: 0 UID: 0 PID: 14552 Comm: syz.4.2990 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  291.185082][T14552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  291.185088][T14552] Call Trace:
[  291.185092][T14552]  <TASK>
[  291.185096][T14552]  dump_stack_lvl+0x16c/0x1f0
[  291.185113][T14552]  should_fail_ex+0x512/0x640
[  291.185136][T14552]  ? io_cqring_event_overflow+0xcb/0x6f0
[  291.185150][T14552]  should_failslab+0xc2/0x120
[  291.185166][T14552]  __kmalloc_noprof+0xd2/0x510
[  291.185175][T14552]  ? __pfx_do_epoll_ctl+0x10/0x10
[  291.185194][T14552]  io_cqring_event_overflow+0xcb/0x6f0
[  291.185206][T14552]  io_req_cqe_overflow+0x101/0x1e0
[  291.185218][T14552]  __io_submit_flush_completions+0x94a/0x1750
[  291.185236][T14552]  io_submit_sqes+0x9e2/0x25d0
[  291.185257][T14552]  __do_sys_io_uring_enter+0xd6a/0x1630
[  291.185274][T14552]  ? __fget_files+0x20e/0x3c0
[  291.185283][T14552]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  291.185300][T14552]  ? fput+0x70/0xf0
[  291.185311][T14552]  ? ksys_write+0x1b9/0x240
[  291.185319][T14552]  ? __pfx_ksys_write+0x10/0x10
[  291.185332][T14552]  do_syscall_64+0xcd/0x260
[  291.185346][T14552]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.185356][T14552] RIP: 0033:0x7f844318e169
[  291.185365][T14552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  291.185375][T14552] RSP: 002b:00007f844402f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  291.185385][T14552] RAX: ffffffffffffffda RBX: 00007f84433b5fa0 RCX: 00007f844318e169
[  291.185391][T14552] RDX: 0000000000000000 RSI: 0000000000002d3e RDI: 0000000000000003
[  291.185397][T14552] RBP: 00007f844402f090 R08: 0000000000000000 R09: 0000000000000000
[  291.185403][T14552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  291.185409][T14552] R13: 0000000000000000 R14: 00007f84433b5fa0 R15: 00007fff4a554028
[  291.185421][T14552]  </TASK>
[  291.194150][T14555] evm: overlay not supported
[  291.317628][T14563] overlayfs: missing 'lowerdir'
[  291.419339][T14569] syzkaller1: entered promiscuous mode
[  291.425250][T14569] syzkaller1: entered allmulticast mode
[  291.520944][T14573] FAULT_INJECTION: forcing a failure.
[  291.520944][T14573] name failslab, interval 1, probability 0, space 0, times 0
[  291.525137][T14573] CPU: 3 UID: 0 PID: 14573 Comm: syz.4.2998 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  291.525152][T14573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  291.525158][T14573] Call Trace:
[  291.525163][T14573]  <TASK>
[  291.525167][T14573]  dump_stack_lvl+0x16c/0x1f0
[  291.525184][T14573]  should_fail_ex+0x512/0x640
[  291.525195][T14573]  ? fs_reclaim_acquire+0xae/0x150
[  291.525210][T14573]  should_failslab+0xc2/0x120
[  291.525222][T14573]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  291.525233][T14573]  ? security_inode_alloc+0x3b/0x2b0
[  291.525248][T14573]  security_inode_alloc+0x3b/0x2b0
[  291.525261][T14573]  inode_init_always_gfp+0xce4/0x1030
[  291.525273][T14573]  ? __pfx_mqueue_fill_super+0x10/0x10
[  291.525283][T14573]  alloc_inode+0x86/0x240
[  291.525296][T14573]  new_inode+0x22/0x1c0
[  291.525309][T14573]  ? __pfx_mqueue_fill_super+0x10/0x10
[  291.525319][T14573]  mqueue_get_inode+0x2e/0xdd0
[  291.525329][T14573]  ? sget_fc+0x808/0xc20
[  291.525344][T14573]  ? __pfx_mqueue_fill_super+0x10/0x10
[  291.525354][T14573]  mqueue_fill_super+0x112/0x210
[  291.525365][T14573]  get_tree_nodev+0xda/0x190
[  291.525374][T14573]  mqueue_get_tree+0xf1/0x130
[  291.525384][T14573]  vfs_get_tree+0x8b/0x340
[  291.525397][T14573]  fc_mount+0x16/0xc0
[  291.525410][T14573]  mq_init_ns+0x426/0x620
[  291.525423][T14573]  copy_ipcs+0x383/0x610
[  291.525434][T14573]  ? copy_utsname+0xab/0x470
[  291.525446][T14573]  create_new_namespaces+0x20a/0xad0
[  291.525460][T14573]  ? security_capable+0x7e/0x260
[  291.525473][T14573]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  291.525487][T14573]  ksys_unshare+0x45b/0xa40
[  291.525502][T14573]  ? __pfx_ksys_unshare+0x10/0x10
[  291.525517][T14573]  ? ksys_write+0x1b9/0x240
[  291.525530][T14573]  __x64_sys_unshare+0x31/0x40
[  291.525544][T14573]  do_syscall_64+0xcd/0x260
[  291.525582][T14573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.525593][T14573] RIP: 0033:0x7f844318e169
[  291.525602][T14573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  291.525611][T14573] RSP: 002b:00007f844402f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  291.525621][T14573] RAX: ffffffffffffffda RBX: 00007f84433b5fa0 RCX: 00007f844318e169
[  291.525627][T14573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000
[  291.525633][T14573] RBP: 00007f844402f090 R08: 0000000000000000 R09: 0000000000000000
[  291.525639][T14573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  291.525645][T14573] R13: 0000000000000001 R14: 00007f84433b5fa0 R15: 00007fff4a554028
[  291.525657][T14573]  </TASK>
[  291.898004][T14591] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3004'.
[  292.192487][T14600] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14600 comm=syz.6.3006
[  292.198992][   T40] audit: type=1400 audit(1745049521.271:1090): avc:  denied  { read } for  pid=14599 comm="syz.6.3006" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  292.445337][    T9] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  292.473136][T14613] xt_hashlimit: max too large, truncated to 1048576
[  292.575276][    T9] usb 11-1: device descriptor read/64, error -71
[  292.815258][    T9] usb 11-1: new high-speed USB device number 5 using dummy_hcd
[  292.945288][    T9] usb 11-1: device descriptor read/64, error -71
[  293.066421][    T9] usb usb11-port1: attempt power cycle
[  293.345675][T14628] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  293.406688][ T5961] Bluetooth: hci0: command 0x1003 tx timeout
[  293.406698][ T5959] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  293.417238][    T9] usb 11-1: new high-speed USB device number 6 using dummy_hcd
[  293.445603][    T9] usb 11-1: device descriptor read/8, error -71
[  293.579178][T14640] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3017'.
[  293.685204][    T9] usb 11-1: new high-speed USB device number 7 using dummy_hcd
[  293.705588][    T9] usb 11-1: device descriptor read/8, error -71
[  293.816447][    T9] usb usb11-port1: unable to enumerate USB device
[  294.479474][T14650] FAULT_INJECTION: forcing a failure.
[  294.479474][T14650] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  294.483504][T14650] CPU: 1 UID: 0 PID: 14650 Comm: syz.5.3020 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  294.483518][T14650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  294.483524][T14650] Call Trace:
[  294.483528][T14650]  <TASK>
[  294.483532][T14650]  dump_stack_lvl+0x16c/0x1f0
[  294.483549][T14650]  should_fail_ex+0x512/0x640
[  294.483562][T14650]  _copy_from_user+0x2e/0xd0
[  294.483575][T14650]  copy_msghdr_from_user+0x98/0x160
[  294.483588][T14650]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  294.483605][T14650]  ___sys_sendmsg+0xfe/0x1d0
[  294.483618][T14650]  ? __pfx____sys_sendmsg+0x10/0x10
[  294.483644][T14650]  __sys_sendmsg+0x16d/0x220
[  294.483656][T14650]  ? __pfx___sys_sendmsg+0x10/0x10
[  294.483676][T14650]  do_syscall_64+0xcd/0x260
[  294.483691][T14650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.483701][T14650] RIP: 0033:0x7f46bcb8e169
[  294.483710][T14650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.483719][T14650] RSP: 002b:00007f46bda90038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  294.483729][T14650] RAX: ffffffffffffffda RBX: 00007f46bcdb5fa0 RCX: 00007f46bcb8e169
[  294.483735][T14650] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003
[  294.483741][T14650] RBP: 00007f46bda90090 R08: 0000000000000000 R09: 0000000000000000
[  294.483747][T14650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  294.483753][T14650] R13: 0000000000000000 R14: 00007f46bcdb5fa0 R15: 00007fff72e7dde8
[  294.483765][T14650]  </TASK>
[  294.534884][    C1] vkms_vblank_simulate: vblank timer overrun
[  294.665935][ T6802] usb 12-1: new high-speed USB device number 5 using dummy_hcd
[  294.765268][ T5959] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0
[  294.768046][ T5959] Bluetooth: hci7: Injecting HCI hardware error event
[  294.771942][ T5961] Bluetooth: hci7: hardware error 0x00
[  294.820114][ T6802] usb 12-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  294.823023][ T6802] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.826704][ T6802] usb 12-1: Product: syz
[  294.828071][ T6802] usb 12-1: Manufacturer: syz
[  294.828736][T14656] syz.4.3023: attempt to access beyond end of device
[  294.828736][T14656] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  294.829703][ T6802] usb 12-1: SerialNumber: syz
[  294.834079][T14656] EXT4-fs (nbd4): unable to read superblock
[  294.844523][ T6802] usb 12-1: config 0 descriptor??
[  294.867989][T14656] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  294.892313][   T40] audit: type=1400 audit(1745049523.961:1091): avc:  denied  { watch } for  pid=14651 comm="syz.5.3021" path="pipe:[42972]" dev="pipefs" ino=42972 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  295.075041][T14648] syzkaller0: entered promiscuous mode
[  295.076819][T14648] syzkaller0: entered allmulticast mode
[  295.170176][   T40] audit: type=1400 audit(1745049524.241:1092): avc:  denied  { read } for  pid=14666 comm="syz.6.3027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  295.172533][T14667] sctp: [Deprecated]: syz.6.3027 (pid 14667) Use of struct sctp_assoc_value in delayed_ack socket option.
[  295.172533][T14667] Use struct sctp_sack_info instead
[  295.206218][ T5959] block nbd5: Receive control failed (result -107)
[  295.307141][T14671] FAULT_INJECTION: forcing a failure.
[  295.307141][T14671] name failslab, interval 1, probability 0, space 0, times 0
[  295.311093][T14671] CPU: 3 UID: 0 PID: 14671 Comm: syz.5.3028 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  295.311108][T14671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  295.311117][T14671] Call Trace:
[  295.311121][T14671]  <TASK>
[  295.311125][T14671]  dump_stack_lvl+0x16c/0x1f0
[  295.311142][T14671]  should_fail_ex+0x512/0x640
[  295.311153][T14671]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  295.311170][T14671]  should_failslab+0xc2/0x120
[  295.311181][T14671]  __kmalloc_cache_noprof+0x6a/0x3e0
[  295.311196][T14671]  ? alloc_fs_context+0x57/0x9c0
[  295.311209][T14671]  alloc_fs_context+0x57/0x9c0
[  295.311222][T14671]  path_mount+0xb06/0x1f30
[  295.311234][T14671]  ? kmem_cache_free+0x2d4/0x4d0
[  295.311243][T14671]  ? __pfx_path_mount+0x10/0x10
[  295.311255][T14671]  ? putname+0x154/0x1a0
[  295.311269][T14671]  __x64_sys_mount+0x28d/0x310
[  295.311280][T14671]  ? __pfx___x64_sys_mount+0x10/0x10
[  295.311295][T14671]  do_syscall_64+0xcd/0x260
[  295.311309][T14671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.311320][T14671] RIP: 0033:0x7f46bcb8e169
[  295.311329][T14671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.311338][T14671] RSP: 002b:00007f46bda6f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  295.311348][T14671] RAX: ffffffffffffffda RBX: 00007f46bcdb6080 RCX: 00007f46bcb8e169
[  295.311354][T14671] RDX: 0000200000000040 RSI: 0000200000004a00 RDI: 0000200000000500
[  295.311360][T14671] RBP: 00007f46bda6f090 R08: 0000000000000000 R09: 0000000000000000
[  295.311366][T14671] R10: 0000000000008007 R11: 0000000000000246 R12: 0000000000000002
[  295.311371][T14671] R13: 0000000000000001 R14: 00007f46bcdb6080 R15: 00007fff72e7dde8
[  295.311384][T14671]  </TASK>
[  295.318296][T14669] nbd5: detected capacity change from 0 to 12
[  295.375577][ T8973] block nbd5: Dead connection, failed to find a fallback
[  295.377800][ T8973] block nbd5: shutting down sockets
[  295.379494][ T8973] blk_print_req_error: 92 callbacks suppressed
[  295.379502][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.384239][ T8973] buffer_io_error: 82 callbacks suppressed
[  295.384246][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.390354][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.393122][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.395782][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.398587][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.401111][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.403896][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.407743][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.410551][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.412950][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.415821][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.418293][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.421212][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.423648][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.426699][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.429111][ T8973] ldm_validate_partition_table(): Disk read failed.
[  295.431142][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.433932][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.436487][ T8973] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  295.439376][ T8973] Buffer I/O error on dev nbd5, logical block 0, async page read
[  295.441958][ T8973] Dev nbd5: unable to read RDB block 0
[  295.443734][ T8973]  nbd5: unable to read partition table
[  295.445601][ T8973] nbd5: partition table beyond EOD, truncated
[  295.454446][ T8973] ldm_validate_partition_table(): Disk read failed.
[  295.456856][ T8973] Dev nbd5: unable to read RDB block 0
[  295.458737][ T8973]  nbd5: unable to read partition table
[  295.460628][ T8973] nbd5: partition table beyond EOD, truncated
[  296.032613][   T40] audit: type=1400 audit(1745049525.101:1093): avc:  denied  { remount } for  pid=14677 comm="syz.6.3030" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  296.250467][T14686] fuse: Unknown parameter '0x0000000000000006'
[  296.289449][ T6006] usb 12-1: USB disconnect, device number 5
[  296.353984][   T40] audit: type=1400 audit(1745049525.421:1094): avc:  denied  { ioctl } for  pid=14687 comm="syz.5.3033" path="socket:[42994]" dev="sockfs" ino=42994 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  296.380391][   T40] audit: type=1400 audit(1745049525.451:1095): avc:  denied  { map } for  pid=14687 comm="syz.5.3033" path="socket:[42994]" dev="sockfs" ino=42994 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  296.388078][   T40] audit: type=1400 audit(1745049525.451:1096): avc:  denied  { read } for  pid=14687 comm="syz.5.3033" path="socket:[42994]" dev="sockfs" ino=42994 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  296.413248][   T40] audit: type=1400 audit(1745049525.481:1097): avc:  denied  { read } for  pid=14689 comm="iou-sqp-14697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  296.420220][   T40] audit: type=1400 audit(1745049525.491:1098): avc:  denied  { read } for  pid=14695 comm="syz.5.3036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  296.460449][T14700] 
[  296.461259][T14700] ======================================================
[  296.463664][T14700] WARNING: possible circular locking dependency detected
[  296.466346][T14700] 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 Not tainted
SYZFAIL: failed to recv rpc
[  296.469375][T14700] ------------------------------------------------------
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  296.472166][T14700] syz.6.3037/14700 is trying to acquire lock:
[  296.474115][T14700] ffffffff9037e078 (nr_neigh_list_lock){+...}-{3:3}, at: nr_remove_neigh+0x1a/0x290
[  296.477036][T14700] 
[  296.477036][T14700] but task is already holding lock:
[  296.479460][T14700] ffff888031cc5c70 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0x60b/0x2c00
[  296.482329][T14700] 
[  296.482329][T14700] which lock already depends on the new lock.
[  296.482329][T14700] 
[  296.485619][T14700] 
[  296.485619][T14700] the existing dependency chain (in reverse order) is:
[  296.488407][T14700] 
[  296.488407][T14700] -> #2 (&nr_node->node_lock){+...}-{3:3}:
[  296.490895][T14700]        _raw_spin_lock_bh+0x33/0x40
[  296.492556][T14700]        nr_rt_device_down+0x18e/0x810
[  296.494281][T14700]        nr_device_event+0x126/0x170
[  296.495945][T14700]        notifier_call_chain+0xb9/0x410
[  296.497695][T14700]        call_netdevice_notifiers_info+0xbe/0x140
[  296.499736][T14700]        dev_close_many+0x319/0x630
[  296.501376][T14700]        netif_close+0x17f/0x230
[  296.502956][T14700]        dev_close+0xaa/0x240
[  296.504443][T14700]        bpq_device_event+0x601/0x840
[  296.506159][T14700]        notifier_call_chain+0xb9/0x410
[  296.507911][T14700]        call_netdevice_notifiers_info+0xbe/0x140
[  296.509911][T14700]        dev_close_many+0x319/0x630
[  296.511536][T14700]        netif_close+0x17f/0x230
[  296.513089][T14700]        dev_close+0xaa/0x240
[  296.514591][T14700]        bond_enslave+0x1f67/0x6050
[  296.516226][T14700]        bond_do_ioctl+0x601/0x6c0
[  296.517833][T14700]        dev_ifsioc+0xe99/0x1f70
[  296.519400][T14700]        dev_ioctl+0x223/0x10e0
[  296.520930][T14700]        sock_do_ioctl+0x19d/0x280
[  296.522551][T14700]        sock_ioctl+0x227/0x6b0
[  296.524081][T14700]        __x64_sys_ioctl+0x190/0x200
[  296.525783][T14700]        do_syscall_64+0xcd/0x260
[  296.527365][T14700]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.529300][T14700] 
[  296.529300][T14700] -> #1 (nr_node_list_lock){+...}-{3:3}:
[  296.531711][T14700]        _raw_spin_lock_bh+0x33/0x40
[  296.533423][T14700]        nr_rt_device_down+0xd3/0x810
[  296.535150][T14700]        nr_device_event+0x126/0x170
[  296.536804][T14700]        notifier_call_chain+0xb9/0x410
[  296.538557][T14700]        call_netdevice_notifiers_info+0xbe/0x140
[  296.540602][T14700]        dev_close_many+0x319/0x630
[  296.542245][T14700]        netif_close+0x17f/0x230
[  296.543800][T14700]        dev_close+0xaa/0x240
[  296.545288][T14700]        bpq_device_event+0x601/0x840
[  296.546981][T14700]        notifier_call_chain+0xb9/0x410
[  296.548726][T14700]        call_netdevice_notifiers_info+0xbe/0x140
[  296.550725][T14700]        dev_close_many+0x319/0x630
[  296.552350][T14700]        netif_close+0x17f/0x230
[  296.553913][T14700]        dev_close+0xaa/0x240
[  296.555346][T14700]        bond_enslave+0x1f67/0x6050
[  296.556953][T14700]        bond_do_ioctl+0x601/0x6c0
[  296.558557][T14700]        dev_ifsioc+0xe99/0x1f70
[  296.560142][T14700]        dev_ioctl+0x223/0x10e0
[  296.561612][T14700]        sock_do_ioctl+0x19d/0x280
[  296.563187][T14700]        sock_ioctl+0x227/0x6b0
[  296.564705][T14700]        __x64_sys_ioctl+0x190/0x200
[  296.566363][T14700]        do_syscall_64+0xcd/0x260
[  296.567927][T14700]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.569939][T14700] 
[  296.569939][T14700] -> #0 (nr_neigh_list_lock){+...}-{3:3}:
[  296.572379][T14700]        __lock_acquire+0x1173/0x1ba0
[  296.574070][T14700]        lock_acquire+0x179/0x350
[  296.575655][T14700]        _raw_spin_lock_bh+0x33/0x40
[  296.577334][T14700]        nr_remove_neigh+0x1a/0x290
[  296.578995][T14700]        nr_add_node+0x2408/0x2c00
[  296.580618][T14700]        nr_rt_ioctl+0x11b7/0x29b0
[  296.582230][T14700]        nr_ioctl+0x19a/0x2e0
[  296.583771][T14700]        sock_do_ioctl+0x115/0x280
[  296.585420][T14700]        sock_ioctl+0x227/0x6b0
[  296.586980][T14700]        __x64_sys_ioctl+0x190/0x200
[  296.588646][T14700]        do_syscall_64+0xcd/0x260
[  296.590243][T14700]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.592278][T14700] 
[  296.592278][T14700] other info that might help us debug this:
[  296.592278][T14700] 
[  296.595433][T14700] Chain exists of:
[  296.595433][T14700]   nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock
[  296.595433][T14700] 
[  296.599703][T14700]  Possible unsafe locking scenario:
[  296.599703][T14700] 
[  296.602017][T14700]        CPU0                    CPU1
[  296.603691][T14700]        ----                    ----
[  296.605399][T14700]   lock(&nr_node->node_lock);
[  296.606998][T14700]                                lock(nr_node_list_lock);
[  296.609193][T14700]                                lock(&nr_node->node_lock);
[  296.611471][T14700]   lock(nr_neigh_list_lock);
[  296.613012][T14700] 
[  296.613012][T14700]  *** DEADLOCK ***
[  296.613012][T14700] 
[  296.615520][T14700] 1 lock held by syz.6.3037/14700:
[  296.617126][T14700]  #0: ffff888031cc5c70 (&nr_node->node_lock){+...}-{3:3}, at: nr_add_node+0x60b/0x2c00
[  296.620197][T14700] 
[  296.620197][T14700] stack backtrace:
[  296.622044][T14700] CPU: 3 UID: 0 PID: 14700 Comm: syz.6.3037 Not tainted 6.15.0-rc2-syzkaller-00400-g3088d26962e8 #0 PREEMPT(full) 
[  296.622058][T14700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  296.622064][T14700] Call Trace:
[  296.622069][T14700]  <TASK>
[  296.622074][T14700]  dump_stack_lvl+0x116/0x1f0
[  296.622089][T14700]  print_circular_bug+0x275/0x350
[  296.622104][T14700]  check_noncircular+0x14c/0x170
[  296.622121][T14700]  __lock_acquire+0x1173/0x1ba0
[  296.622133][T14700]  lock_acquire+0x179/0x350
[  296.622142][T14700]  ? nr_remove_neigh+0x1a/0x290
[  296.622151][T14700]  ? do_raw_spin_lock+0x12c/0x2b0
[  296.622162][T14700]  _raw_spin_lock_bh+0x33/0x40
[  296.622174][T14700]  ? nr_remove_neigh+0x1a/0x290
[  296.622183][T14700]  nr_remove_neigh+0x1a/0x290
[  296.622192][T14700]  nr_add_node+0x2408/0x2c00
[  296.622202][T14700]  nr_rt_ioctl+0x11b7/0x29b0
[  296.622212][T14700]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  296.622225][T14700]  ? bpf_lsm_capable+0x9/0x10
[  296.622234][T14700]  ? security_capable+0x7e/0x260
[  296.622246][T14700]  nr_ioctl+0x19a/0x2e0
[  296.622259][T14700]  sock_do_ioctl+0x115/0x280
[  296.622272][T14700]  ? __pfx_sock_do_ioctl+0x10/0x10
[  296.622287][T14700]  ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450
[  296.622303][T14700]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[  296.622318][T14700]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  296.622340][T14700]  sock_ioctl+0x227/0x6b0
[  296.622349][T14700]  ? __pfx_sock_ioctl+0x10/0x10
[  296.622364][T14700]  ? hook_file_ioctl_common+0x145/0x410
[  296.622376][T14700]  ? selinux_file_ioctl+0x180/0x270
[  296.622391][T14700]  ? selinux_file_ioctl+0xb4/0x270
[  296.622405][T14700]  ? __pfx_sock_ioctl+0x10/0x10
[  296.622421][T14700]  __x64_sys_ioctl+0x190/0x200
[  296.622435][T14700]  do_syscall_64+0xcd/0x260
[  296.622448][T14700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.622459][T14700] RIP: 0033:0x7f44feb8e169
[  296.622468][T14700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.622478][T14700] RSP: 002b:00007f44ff9c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  296.622487][T14700] RAX: ffffffffffffffda RBX: 00007f44fedb5fa0 RCX: 00007f44feb8e169
[  296.622493][T14700] RDX: 0000200000000280 RSI: 000000000000890b RDI: 0000000000000008
[  296.622499][T14700] RBP: 00007f44fec10a68 R08: 0000000000000000 R09: 0000000000000000
[  296.622505][T14700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  296.622510][T14700] R13: 0000000000000000 R14: 00007f44fedb5fa0 R15: 00007ffef2a5efd8
[  296.622519][T14700]  </TASK>
[  296.774712][T14698] bond0: (slave syz_tun): Releasing backup interface
[  296.802210][T14700] bond0: (slave syz_tun): Releasing backup interface
[  296.845297][ T5961] Bluetooth: hci7: Opcode 0x0c03 failed: -110
[  296.948038][ T7071] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.040034][ T7071] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.107869][ T7071] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.179179][ T7071] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  297.271930][ T7071] bridge_slave_1: left allmulticast mode
[  297.273693][ T7071] bridge_slave_1: left promiscuous mode
[  297.276235][ T7071] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.279156][ T7071] bridge_slave_0: left allmulticast mode
[  297.280928][ T7071] bridge_slave_0: left promiscuous mode
[  297.282705][ T7071] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.307324][ T7071] dvmrp1 (unregistering): left allmulticast mode
[  297.340090][ T7071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  297.343524][ T7071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  297.346771][ T7071] bond0 (unregistering): Released all slaves
[  297.350303][ T7071] bond1 (unregistering): Released all slaves
[  297.415256][ T7071] tipc: Disabling bearer <udp:syz2>
[  297.416987][ T7071] tipc: Left network mode
[  297.549580][ T7071] hsr_slave_0: left promiscuous mode
[  297.551558][ T7071] hsr_slave_1: left promiscuous mode
[  297.553388][ T7071] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  297.555805][ T7071] batman_adv: batadv0: Removing interface: batadv_slave_0
[  297.558263][ T7071] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  297.560555][ T7071] batman_adv: batadv0: Removing interface: batadv_slave_1
[  297.564509][ T7071] veth1_macvtap: left promiscuous mode
[  297.566541][ T7071] veth0_macvtap: left promiscuous mode
[  297.568310][ T7071] veth1_vlan: left promiscuous mode
[  297.569965][ T7071] veth0_vlan: left promiscuous mode
[  297.743349][ T7071] team0 (unregistering): Port device team_slave_1 removed
[  297.778686][ T7071] team0 (unregistering): Port device team_slave_0 removed
[  298.269720][ T7071] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.349645][ T7071] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.418744][ T7071] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.477472][ T7071] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.560868][ T7071] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.618046][ T7071] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.677935][ T7071] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.749457][ T7071] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  298.840768][ T7071] bridge_slave_1: left allmulticast mode
[  298.842578][ T7071] bridge_slave_1: left promiscuous mode
[  298.844412][ T7071] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.848067][ T7071] bridge_slave_0: left allmulticast mode
[  298.849883][ T7071] bridge_slave_0: left promiscuous mode
[  298.851715][ T7071] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.855191][ T7071] bridge_slave_1: left allmulticast mode
[  298.857240][ T7071] bridge_slave_1: left promiscuous mode
[  298.859065][ T7071] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.861939][ T7071] bridge_slave_0: left allmulticast mode
[  298.863747][ T7071] bridge_slave_0: left promiscuous mode
[  298.866393][ T7071] bridge0: port 1(bridge_slave_0) entered disabled state
[  298.917822][ T7071] dvmrp1 (unregistering): left allmulticast mode
[  298.921890][ T7071] dvmrp1 (unregistering): left allmulticast mode
[  299.080495][ T7071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  299.085727][ T7071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  299.090185][ T7071] bond0 (unregistering): Released all slaves
[  299.098601][ T7071] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  299.103382][ T7071] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  299.108018][ T7071] bond0 (unregistering): Released all slaves
[  299.114364][ T7071] bond1 (unregistering): (slave batadv1): Releasing backup interface
[  299.119009][ T7071] bond1 (unregistering): (slave batadv2): Releasing backup interface
[  299.123228][ T7071] bond1 (unregistering): Released all slaves
[  299.569416][ T7071] hsr_slave_0: left promiscuous mode
[  299.571461][ T7071] hsr_slave_1: left promiscuous mode
[  299.573319][ T7071] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  299.576718][ T7071] batman_adv: batadv0: Removing interface: batadv_slave_0
[  299.579259][ T7071] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  299.581568][ T7071] batman_adv: batadv0: Removing interface: batadv_slave_1
[  299.586040][ T7071] hsr_slave_0: left promiscuous mode
[  299.587945][ T7071] hsr_slave_1: left promiscuous mode
[  299.589819][ T7071] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  299.592120][ T7071] batman_adv: batadv0: Removing interface: batadv_slave_0
[  299.594604][ T7071] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  299.597013][ T7071] batman_adv: batadv0: Removing interface: batadv_slave_1
[  299.602151][ T7071] veth1_macvtap: left promiscuous mode
[  299.603893][ T7071] veth0_macvtap: left promiscuous mode
[  299.605712][ T7071] veth1_vlan: left promiscuous mode
[  299.607380][ T7071] veth0_vlan: left promiscuous mode
[  299.609448][ T7071] veth1_macvtap: left promiscuous mode
[  299.611182][ T7071] veth0_macvtap: left promiscuous mode
[  299.612931][ T7071] veth1_vlan: left promiscuous mode
[  299.614716][ T7071] veth0_vlan: left promiscuous mode
[  299.741763][ T7071] team0 (unregistering): Port device team_slave_1 removed
[  299.780203][ T7071] team0 (unregistering): Port device team_slave_0 removed
[  300.061101][ T7071] team0 (unregistering): Port device team_slave_1 removed
[  300.094641][ T7071] team0 (unregistering): Port device team_slave_0 removed
[  300.944445][ T7071] IPVS: stop unused estimator thread 0...

VM DIAGNOSIS:
07:58:45  Registers:
info registers vcpu 0

CPU#0
RAX=00000000006b6afc RBX=0000000000000000 RCX=ffffffff8b729419 RDX=ffffed100d4865be
RSI=ffffffff8bf463c0 RDI=ffffffff8191b751 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10
R8 =0000000000000000 R9 =ffffed100d4865bd R10=ffff88806a432deb R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90864610 R15=0000000000000000
RIP=ffffffff8b727caf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d69b2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b33210ff8 CR3=00000000328f0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8443211a4a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8443211a57
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8443211a51
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8443211a65
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8443211aeb
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8443211bc9
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0008000f0010000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 0000000000000000 0000000000000000 00000000000000a0
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000087f3ec RBX=0000000000000001 RCX=ffffffff8b729419 RDX=ffffed100d4a65be
RSI=ffffffff8bf463c0 RDI=ffffffff8191b751 RBP=ffffed1003ad2488 RSP=ffffc90000177df8
R8 =0000000000000000 R9 =ffffed100d4a65bd R10=ffff88806a532deb R11=0000000000000000
R12=0000000000000001 R13=ffff88801d692440 R14=ffffffff90864610 R15=0000000000000000
RIP=ffffffff8b727caf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6ab2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000005a708000 CR4=00352ef0
DR0=0008000000002f1b DR1=0000200000000005 DR2=0000000100000081 DR3=0000000000000002 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffde304ca40 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f027fa11a4a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f027fa11a57
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f027fa11a51
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f027fa11a65
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f027fa11aeb
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f027fa11bc9
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ec
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000000000000000 0000000000000000 00000000000000ec
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000002 RBX=ffff88806a634cc0 RCX=1ffffffff356c6bc RDX=1ffff1100d4c699d
RSI=ffffffff82289ee9 RDI=ffff88806a634cc0 RBP=ffffffff908675b4 RSP=ffffc9000772f928
R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff90864617 R11=0000000000002be0
R12=ffffffff82289ee9 R13=ffff88806a634cc0 R14=0000000000000000 R15=ffff88806a634d20
RIP=ffffffff81982965 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f844400e6c0 ffffffff 00c00000
GS =0000 ffff8880d6bb2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c3d4661 CR3=00000000328f0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=e235cb0de235cb0d e235cb0de235cb0d e235cb0de235cb0d e235cb0de235cb0d e235cb0de235cb0d e235cb0de235cb0d e235cb0de235cb0d e235cb0de235cb0d
ZMM22=6187740461877404 6187740461877404 6187740461877404 6187740461877404 6187740461877404 6187740461877404 6187740461877404 6187740461877404
ZMM23=7d0ea2f97d0ea2f9 7d0ea2f97d0ea2f9 7d0ea2f97d0ea2f9 7d0ea2f97d0ea2f9 7d0ea2f97d0ea2f9 7d0ea2f97d0ea2f9 7d0ea2f97d0ea2f9 7d0ea2f97d0ea2f9
ZMM24=5edebbc55edebbc5 5edebbc55edebbc5 5edebbc55edebbc5 5edebbc55edebbc5 5edebbc55edebbc5 5edebbc55edebbc5 5edebbc55edebbc5 5edebbc55edebbc5
ZMM25=85e51da885e51da8 85e51da885e51da8 85e51da885e51da8 85e51da885e51da8 85e51da885e51da8 85e51da885e51da8 85e51da885e51da8 85e51da885e51da8
ZMM26=9fba4f069fba4f06 9fba4f069fba4f06 9fba4f069fba4f06 9fba4f069fba4f06 9fba4f069fba4f06 9fba4f069fba4f06 9fba4f069fba4f06 9fba4f069fba4f06
ZMM27=7cc5b7aa7cc5b7aa 7cc5b7aa7cc5b7aa 7cc5b7aa7cc5b7aa 7cc5b7aa7cc5b7aa 7cc5b7aa7cc5b7aa 7cc5b7aa7cc5b7aa 7cc5b7aa7cc5b7aa 7cc5b7aa7cc5b7aa
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=340e0000340e0000 340e0000340e0000 340e0000340e0000 340e0000340e0000 340e0000340e0000 340e0000340e0000 340e0000340e0000 340e0000340e0000
info registers vcpu 3

CPU#3
RAX=0000000000000034 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854e2db5 RDI=ffffffff9ae264a0 RBP=ffffffff9ae26460 RSP=ffffc90007eaf328
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000034 R14=ffffffff9ae26460 R15=ffffffff854e2d50
RIP=ffffffff854e2ddf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f44ff9c96c0 ffffffff 00c00000
GS =0000 ffff8880d6cb2000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f44feb71f20 CR3=0000000025006000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffff800 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44fec11a4a
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44fec11a57
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44fec11a51
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44fec11a65
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44fec11aeb
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f44fec11bc9
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000306f65 6469762f7665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000134c46 474a550c5546470c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000