./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2547025161

<...>
Warning: Permanently added '10.128.1.119' (ECDSA) to the list of known hosts.
execve("./syz-executor2547025161", ["./syz-executor2547025161"], 0x7ffebce863a0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555d92000
brk(0x555555d92c40)                     = 0x555555d92c40
arch_prctl(ARCH_SET_FS, 0x555555d92300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2547025161", 4096) = 28
brk(0x555555db3c40)                     = 0x555555db3c40
brk(0x555555db4000)                     = 0x555555db4000
mprotect(0x7fb43a772000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=680, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=3616}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x25\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 680
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3616}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
access("/proc/net", R_OK)               = 0
access("/proc/net/unix", R_OK)          = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3616}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3616}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3616}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3616}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5
ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0
close(5)                                = 0
sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=3616}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
close(3)                                = 0
close(4)                                = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d925d0) = 3618
./strace-static-x86_64: Process 3618 attached
[pid  3618] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3618] setsid()                    = 1
[pid  3618] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3618] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3618] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3618] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3618] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3618] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3618] unshare(CLONE_NEWNS)        = 0
[pid  3618] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3618] unshare(CLONE_NEWIPC)       = 0
[pid  3618] unshare(CLONE_NEWCGROUP)    = 0
[pid  3618] unshare(CLONE_NEWUTS)       = 0
[pid  3618] unshare(CLONE_SYSVSEM)      = 0
[pid  3618] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3618] write(3, "16777216", 8)     = 8
[pid  3618] close(3)                    = 0
[pid  3618] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3618] write(3, "536870912", 9)    = 9
[pid  3618] close(3)                    = 0
[pid  3618] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3618] write(3, "1024", 4)         = 4
[pid  3618] close(3)                    = 0
[pid  3618] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3618] write(3, "8192", 4)         = 4
[pid  3618] close(3)                    = 0
[pid  3618] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3618] write(3, "1024", 4)         = 4
[pid  3618] close(3)                    = 0
[pid  3618] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3618] write(3, "1024", 4)         = 4
[pid  3618] close(3)                    = 0
[pid  3618] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3618] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3618] close(3)                    = 0
[pid  3618] getpid()                    = 1
[pid  3618] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3618] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3618] unshare(CLONE_NEWNET)       = 0
[pid  3618] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3618] write(3, "0 65535", 7)      = 7
[pid  3618] close(3)                    = 0
[pid  3618] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  3618] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  3618] close(3)                    = 0
[pid  3618] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  3618] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  3618] recvfrom(3, [{nlmsg_len=224, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x18\x00\x00\x00\x7c\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 224
[pid  3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3618] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3618] recvfrom(3, [{nlmsg_len=2376, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x22\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x37\x01\x00\x00\x74\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2376
[pid  3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3618] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3618] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3618] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3618] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3618] close(4)                    = 0
[pid  3618] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3618] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3618] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3618] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3618] close(4)                    = 0
[pid  3618] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3618] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3618] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  3618] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3618] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3618] close(4)                    = 0
[pid  3618] sendto(3, [{nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3618] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  3618] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3618] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  3618] close(4)                    = 0
[pid  3618] sendto(3, [{nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  3618] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x22 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  3618] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3618] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  3618] close(4)                    = 0
syzkaller login: [   59.372515][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.372532][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.375087][  T146] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[pid  3618] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3618] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3618] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3618] close(4)                    = 0
[pid  3618] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  3618] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  3618] close(4)                    = 0
[pid  3618] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  3618] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  3618] recvfrom(4, [{nlmsg_len=1404, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x1f\x00\x04\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1404
[pid  3618] close(4)                    = 0
[pid  3618] close(3)                    = 0
[pid  3618] mkdir("/dev/binderfs", 0777) = 0
[pid  3618] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3618] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3618] openat(AT_FDCWD, "/sys/kernel/profiling", O_RDWR|O_CREAT|O_LARGEFILE|O_CLOEXEC, 000) = 3
[   59.415657][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.415674][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.417269][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   59.449684][ T3618] kernel profiling enabled (shift: 0)
[pid  3618] copy_file_range(3, NULL, 3, [46481], 8, 0) = 2
[pid  3618] exit_group(1)               = ?
[   60.659944][    C0] ==================================================================
[   60.659956][    C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0
[   60.659993][    C0] Read of size 8 at addr ffffc9000303fb20 by task syz-executor254/3618
[   60.660005][    C0] 
[   60.660010][    C0] CPU: 0 PID: 3618 Comm: syz-executor254 Not tainted 5.19.0-rc3-syzkaller-00048-gde5c208d533a #0
[   60.660024][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.660033][    C0] Call Trace:
[   60.660038][    C0]  <IRQ>
[   60.660043][    C0]  dump_stack_lvl+0x1e3/0x2cb
[   60.660067][    C0]  ? bfq_pos_tree_add_move+0x436/0x436
[   60.660080][    C0]  ? _printk+0xcf/0x10f
[   60.660090][    C0]  ? __wake_up_klogd+0xd6/0x100
[   60.660105][    C0]  ? __wake_up_klogd+0xcd/0x100
[   60.660118][    C0]  ? panic+0x782/0x782
[   60.660132][    C0]  ? _printk+0xcf/0x10f
[   60.660144][    C0]  print_address_description+0x65/0x4b0
[   60.660162][    C0]  print_report+0xf4/0x210
[   60.660175][    C0]  ? __raise_softirq_irqoff+0xb0/0xb0
[   60.660189][    C0]  ? rcu_read_lock_sched_held+0x89/0x130
[   60.660204][    C0]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   60.660219][    C0]  ? run_posix_cpu_timers+0x472/0x800
[   60.660235][    C0]  ? profile_pc+0xa4/0xe0
[   60.660247][    C0]  kasan_report+0xfb/0x130
[   60.660263][    C0]  ? profile_pc+0xa4/0xe0
[   60.660274][    C0]  ? trigger_load_balance+0x192/0xbd0
[   60.660287][    C0]  ? _raw_spin_unlock_irqrestore+0xd4/0x130
[   60.660305][    C0]  profile_pc+0xa4/0xe0
[   60.660318][    C0]  profile_tick+0xc8/0x110
[   60.660332][    C0]  tick_sched_timer+0x381/0x540
[   60.660349][    C0]  __hrtimer_run_queues+0x4cb/0xa60
[   60.660367][    C0]  ? tick_setup_sched_timer+0x2c0/0x2c0
[   60.660383][    C0]  ? hrtimer_interrupt+0xfd0/0xfd0
[   60.660396][    C0]  ? ktime_get_update_offsets_now+0x449/0x460
[   60.660411][    C0]  hrtimer_interrupt+0x3a6/0xfd0
[   60.660433][    C0]  ? irq_exit_rcu+0x20/0x20
[   60.660448][    C0]  __sysvec_apic_timer_interrupt+0xf9/0x280
[   60.660463][    C0]  sysvec_apic_timer_interrupt+0x8c/0xb0
[   60.660478][    C0]  </IRQ>
[   60.660483][    C0]  <TASK>
[   60.660487][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   60.660502][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130
[   60.660521][    C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 42 99 a6 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 37 1e 28 f7 65 8b 05 c8 77 ce 75 85 c0 74 3f 48 c7 04 24 0e 36
[   60.660532][    C0] RSP: 0018:ffffc9000303fb20 EFLAGS: 00000206
[   60.660546][    C0] RAX: a2410752ed2b9200 RBX: 1ffff92000607f68 RCX: ffffffff9153fe03
[   60.660557][    C0] RDX: dffffc0000000000 RSI: ffffffff8a8d22c0 RDI: 0000000000000001
[   60.660566][    C0] RBP: ffffc9000303fbb8 R08: dffffc0000000000 R09: fffffbfff22ea01f
[   60.660576][    C0] R10: fffffbfff22ea01f R11: 1ffffffff22ea01e R12: dffffc0000000000
[   60.660586][    C0] R13: 1ffff92000607f64 R14: ffffc9000303fb40 R15: 0000000000000246
[   60.660602][    C0]  ? _raw_spin_unlock+0x40/0x40
[   60.660618][    C0]  ? lockdep_hardirqs_on+0x95/0x140
[   60.660632][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   60.660658][    C0]  debug_object_activate+0x131/0x6a0
[   60.660677][    C0]  ? delayed_mntput+0x90/0x90
[   60.660693][    C0]  call_rcu+0x93/0x9c0
[   60.660708][    C0]  ? ida_alloc_range+0xa80/0xa80
[   60.660726][    C0]  ? rcu_force_quiescent_state+0x240/0x240
[   60.660744][    C0]  ? cleanup_mnt+0x47a/0x500
[   60.660758][    C0]  ? lockdep_hardirqs_on+0x95/0x140
[   60.660772][    C0]  task_work_run+0x146/0x1c0
[   60.660791][    C0]  do_exit+0x547/0x1ed0
[   60.660804][    C0]  ? _raw_spin_unlock_irq+0x2a/0x40
[   60.660822][    C0]  ? mm_update_next_owner+0x6d0/0x6d0
[   60.660834][    C0]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   60.660851][    C0]  ? print_irqtrace_events+0x220/0x220
[   60.660865][    C0]  ? vtime_user_exit+0x2b2/0x3e0
[   60.660880][    C0]  ? vtime_user_enter+0x1ea/0x2d0
[   60.660896][    C0]  do_group_exit+0x23b/0x2f0
[   60.660910][    C0]  __x64_sys_exit_group+0x3b/0x40
[   60.660923][    C0]  do_syscall_64+0x2b/0x70
[   60.660938][    C0]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   60.660952][    C0] RIP: 0033:0x7fb43a6fd629
[   60.660964][    C0] Code: Unable to access opcode bytes at RIP 0x7fb43a6fd5ff.
[   60.660971][    C0] RSP: 002b:00007fff091b4dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   60.660986][    C0] RAX: ffffffffffffffda RBX: 00007fb43a778350 RCX: 00007fb43a6fd629
[   60.660996][    C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   60.661005][    C0] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   60.661013][    C0] R10: 0000000020000040 R11: 0000000000000246 R12: 00007fb43a778350
[   60.661022][    C0] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   60.661036][    C0]  </TASK>
[   60.661040][    C0] 
[   60.661042][    C0] The buggy address belongs to stack of task syz-executor254/3618
[   60.661050][    C0]  and is located at offset 0 in frame:
[   60.661055][    C0]  _raw_spin_unlock_irqrestore+0x0/0x130
[   60.661070][    C0] 
[   60.661072][    C0] This frame has 1 object:
[   60.661079][    C0]  [32, 40) 'flags.i.i.i.i'
[   60.661086][    C0] 
[   60.661092][    C0] The buggy address belongs to the virtual mapping at
[   60.661092][    C0]  [ffffc90003038000, ffffc90003041000) created by:
[   60.661092][    C0]  dup_task_struct+0x8b/0x490
[   60.661112][    C0] 
[   60.661115][    C0] The buggy address belongs to the physical page:
[   60.661122][    C0] page:ffffea0001c92780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7249e
[   60.661137][    C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   60.661152][    C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   60.661162][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   60.661168][    C0] page dumped because: kasan: bad access detected
[   60.661173][    C0] page_owner tracks the page as allocated
[   60.661177][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 3613, tgid 3613 (strace-static-x), ts 59209667020, free_ts 53809100330
[   60.661199][    C0]  get_page_from_freelist+0x72b/0x7a0
[   60.661214][    C0]  __alloc_pages+0x259/0x560
[   60.661225][    C0]  __vmalloc_node_range+0x904/0x12e0
[   60.661235][    C0]  alloc_thread_stack_node+0x307/0x500
[   60.661248][    C0]  dup_task_struct+0x8b/0x490
[   60.661260][    C0]  copy_process+0x637/0x3fa0
[   60.661269][    C0]  kernel_clone+0x22f/0x7a0
[   60.661280][    C0]  __x64_sys_clone+0x276/0x2e0
[   60.661297][    C0]  do_syscall_64+0x2b/0x70
[   60.661311][    C0]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   60.661323][    C0] page last free stack trace:
[   60.661327][    C0]  free_pcp_prepare+0x812/0x900
[   60.661341][    C0]  free_unref_page+0x7d/0x390
[   60.661352][    C0]  pipe_read+0x6f4/0x12a0
[   60.661364][    C0]  vfs_read+0xa01/0xd10
[   60.661374][    C0]  ksys_read+0x19b/0x2c0
[   60.661383][    C0]  do_syscall_64+0x2b/0x70
[   60.661396][    C0]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   60.661408][    C0] 
[   60.661410][    C0] Memory state around the buggy address:
[   60.661417][    C0]  ffffc9000303fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.661425][    C0]  ffffc9000303fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.661433][    C0] >ffffc9000303fb00: 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00
[   60.661439][    C0]                                ^
[   60.661446][    C0]  ffffc9000303fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.661454][    C0]  ffffc9000303fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.661460][    C0] ==================================================================
[   60.661467][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   61.397747][    C0] CPU: 0 PID: 3618 Comm: syz-executor254 Not tainted 5.19.0-rc3-syzkaller-00048-gde5c208d533a #0
[   61.408239][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   61.418289][    C0] Call Trace:
[   61.421569][    C0]  <IRQ>
[   61.424403][    C0]  dump_stack_lvl+0x1e3/0x2cb
[   61.429101][    C0]  ? bfq_pos_tree_add_move+0x436/0x436
[   61.434549][    C0]  ? panic+0x782/0x782
[   61.438605][    C0]  ? vscnprintf+0x59/0x80
[   61.442923][    C0]  panic+0x312/0x782
[   61.446816][    C0]  ? fb_is_primary_device+0xcc/0xcc
[   61.452194][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   61.458079][    C0]  ? profile_pc+0xa4/0xe0
[   61.462395][    C0]  end_report+0x91/0xa0
[   61.466545][    C0]  kasan_report+0x108/0x130
[   61.471036][    C0]  ? profile_pc+0xa4/0xe0
[   61.475352][    C0]  ? trigger_load_balance+0x192/0xbd0
[   61.480718][    C0]  ? _raw_spin_unlock_irqrestore+0xd4/0x130
[   61.486597][    C0]  profile_pc+0xa4/0xe0
[   61.490736][    C0]  profile_tick+0xc8/0x110
[   61.495140][    C0]  tick_sched_timer+0x381/0x540
[   61.499984][    C0]  __hrtimer_run_queues+0x4cb/0xa60
[   61.505193][    C0]  ? tick_setup_sched_timer+0x2c0/0x2c0
[   61.510740][    C0]  ? hrtimer_interrupt+0xfd0/0xfd0
[   61.515839][    C0]  ? ktime_get_update_offsets_now+0x449/0x460
[   61.521958][    C0]  hrtimer_interrupt+0x3a6/0xfd0
[   61.526886][    C0]  ? irq_exit_rcu+0x20/0x20
[   61.531374][    C0]  __sysvec_apic_timer_interrupt+0xf9/0x280
[   61.537264][    C0]  sysvec_apic_timer_interrupt+0x8c/0xb0
[   61.542894][    C0]  </IRQ>
[   61.545829][    C0]  <TASK>
[   61.548746][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   61.554735][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130
[   61.561234][    C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 42 99 a6 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 37 1e 28 f7 65 8b 05 c8 77 ce 75 85 c0 74 3f 48 c7 04 24 0e 36
[   61.580827][    C0] RSP: 0018:ffffc9000303fb20 EFLAGS: 00000206
[   61.586880][    C0] RAX: a2410752ed2b9200 RBX: 1ffff92000607f68 RCX: ffffffff9153fe03
[   61.594840][    C0] RDX: dffffc0000000000 RSI: ffffffff8a8d22c0 RDI: 0000000000000001
[   61.602794][    C0] RBP: ffffc9000303fbb8 R08: dffffc0000000000 R09: fffffbfff22ea01f
[   61.610752][    C0] R10: fffffbfff22ea01f R11: 1ffffffff22ea01e R12: dffffc0000000000
[   61.618714][    C0] R13: 1ffff92000607f64 R14: ffffc9000303fb40 R15: 0000000000000246
[   61.626681][    C0]  ? _raw_spin_unlock+0x40/0x40
[   61.631522][    C0]  ? lockdep_hardirqs_on+0x95/0x140
[   61.636705][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   61.642583][    C0]  debug_object_activate+0x131/0x6a0
[   61.647856][    C0]  ? delayed_mntput+0x90/0x90
[   61.652522][    C0]  call_rcu+0x93/0x9c0
[   61.656581][    C0]  ? ida_alloc_range+0xa80/0xa80
[   61.661506][    C0]  ? rcu_force_quiescent_state+0x240/0x240
[   61.667302][    C0]  ? cleanup_mnt+0x47a/0x500
[   61.671877][    C0]  ? lockdep_hardirqs_on+0x95/0x140
[   61.677061][    C0]  task_work_run+0x146/0x1c0
[   61.681640][    C0]  do_exit+0x547/0x1ed0
[   61.685778][    C0]  ? _raw_spin_unlock_irq+0x2a/0x40
[   61.690961][    C0]  ? mm_update_next_owner+0x6d0/0x6d0
[   61.696315][    C0]  ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[   61.702280][    C0]  ? print_irqtrace_events+0x220/0x220
[   61.707723][    C0]  ? vtime_user_exit+0x2b2/0x3e0
[   61.712645][    C0]  ? vtime_user_enter+0x1ea/0x2d0
[   61.717654][    C0]  do_group_exit+0x23b/0x2f0
[   61.722236][    C0]  __x64_sys_exit_group+0x3b/0x40
[   61.727260][    C0]  do_syscall_64+0x2b/0x70
[   61.731666][    C0]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   61.737547][    C0] RIP: 0033:0x7fb43a6fd629
[   61.741946][    C0] Code: Unable to access opcode bytes at RIP 0x7fb43a6fd5ff.
[   61.749294][    C0] RSP: 002b:00007fff091b4dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   61.757702][    C0] RAX: ffffffffffffffda RBX: 00007fb43a778350 RCX: 00007fb43a6fd629
[   61.765658][    C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   61.773612][    C0] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[   61.781581][    C0] R10: 0000000020000040 R11: 0000000000000246 R12: 00007fb43a778350
[   61.789537][    C0] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   61.797498][    C0]  </TASK>
[   61.800563][    C0] Kernel Offset: disabled
[   61.804877][    C0] Rebooting in 86400 seconds..