last executing test programs:

15.530653747s ago: executing program 3 (id=1132):
getpid()
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000007c0)={0x52})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000580)=@filter={'filter\x00', 0x2, 0x4, 0x340, 0xffffffff, 0x0, 0xb, 0x0, 0xfeffffff, 0xffffffff, 0x270, 0x270, 0x270, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x6, 0x0, 0x7}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0)

14.124837331s ago: executing program 3 (id=1137):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x244, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, {0x9}}}]}}]}}, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x6)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)
r2 = add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0x48, 0xfffffffffffffffc)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, 0x0, &(0x7f0000000b80)=@keyring)

11.468412539s ago: executing program 2 (id=1145):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x14, 0x1d, 0x21, 0x0, 0xfffffffd, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4000884}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x400, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
getpid()
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffdb3)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000880)=ANY=[@ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\r'], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000900)={0xaa, 0x82})

10.394256906s ago: executing program 1 (id=1148):
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000007c0)={0x52})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000580)=@filter={'filter\x00', 0x2, 0x4, 0x340, 0xffffffff, 0x0, 0xb, 0x0, 0xfeffffff, 0xffffffff, 0x270, 0x270, 0x270, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x6, 0x0, 0x7}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0)

10.31668543s ago: executing program 2 (id=1149):
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x8, 0x0, 0x0, @ipv4, @local, {[@routing={0x29}]}}}}}, 0x0)

9.88870193s ago: executing program 3 (id=1150):
openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r1=>0x0})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000005c0)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r1, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5f1, @void, @value}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0)
write$sysctl(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xe)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

9.177860734s ago: executing program 2 (id=1151):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000080))
r2 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r2, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601618575e285af0100d41f215c0000883795c04a31ba377a1b2cc32b38d3440c6942cb76cab3000000", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="0404190c4feefd25ad2983456cc952"], 0xd)

9.070718275s ago: executing program 1 (id=1152):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
recvmmsg(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}, 0xffffff79}], 0x1, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
r1 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0xd922, 0x10100, 0x0, 0x14e}, &(0x7f0000000480), &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000340)=<r3=>0x0, &(0x7f00000005c0))
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f00000003c0)=@abs={0x1}, 0x2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r7, @ANYBLOB="0c000280"], 0x24}}, 0x0)
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
r8 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r8, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001, 0xfffffffd}, 0x8)
io_uring_enter(r1, 0x48e9, 0x0, 0x0, 0x0, 0x0)

8.730040204s ago: executing program 4 (id=1153):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0xa000000, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff06000700260a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10)
sendmsg$kcm(r3, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e0000004a008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000001850000002c00000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$TUNGETVNETLE(0xffffffffffffffff, 0x800454dd, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x5, 0x7}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0xfff1, 0xc}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200c0e9}, 0x20000004)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000200)={0x1, 0x6}, 0x0)
dup(r10)
openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x2080, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
bind$bt_hci(r5, &(0x7f0000000000)={0x27}, 0x62)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, &(0x7f00000002c0)=0x8, 0x4)

8.72837957s ago: executing program 3 (id=1154):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000000)={0xd8d, {{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x6e}}, {{0xa, 0x4e22, 0x8000000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, 0x108)
r1 = socket$inet(0x2, 0x6, 0x0)
listen(r1, 0x4)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
splice(r0, &(0x7f0000000140)=0x8000000000000001, r1, &(0x7f00000001c0)=0x6, 0xb, 0xa)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x3, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0xd1}]}, &(0x7f0000000180)='GPL\x00', 0xf, 0x0, 0x0, 0x40f00, 0x88, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x100008b}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x20006080)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000200)=ANY=[@ANYRESDEC=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r3, 0x5b01, 0x0)

8.341760733s ago: executing program 1 (id=1155):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000009e0000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ADD_IFACE(r1, 0x0, 0x24000001)
socket$kcm(0x10, 0x2, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r3}, 0x10)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8)
close(r5)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000005100000000000000000a200000000900010073797a300000000014000000100001"], 0x48}}, 0x20050800)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="900000", @ANYRES16=r7, @ANYBLOB="01000000000000000000010000000c000597ff000000000000000c0002000000000000000000040007800c000800000000000000000008000a00000000004400078008000100", @ANYRES32, @ANYBLOB="32000100", @ANYRES32=r8], 0x90}}, 0x0)

8.218130704s ago: executing program 4 (id=1156):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYRESDEC=r0], 0x444)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_clone(0x5948000, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_open_dev$video4linux(&(0x7f0000000100), 0x5, 0x20000)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r10, 0xc040563d, &(0x7f0000000140)={0x0, 0x0, 0x103, 0x0, {0x8, 0x0, 0x9, 0x109a}})
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x14, 0x5, 0xd})

7.914117441s ago: executing program 1 (id=1157):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0x7, 0x4)
r1 = syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r3}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ppoll(&(0x7f0000000080)=[{r1, 0x1600}, {r1, 0x100}], 0x2, 0x0, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000240)=0xf2b, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

6.954543533s ago: executing program 4 (id=1158):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x18, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000000004, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x3, 0x0, 0x0, 0x5, 0xb2, &(0x7f000000cf3d)=""/178, 0x41100, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$unix(r0, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x40, @remote, 'batadv_slave_1\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r2, 0x4008b100, &(0x7f0000000040)={0x18, 0x4000000, {0x4, @remote, 'caif0\x00'}})
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETGAMMA(r3, 0xc02064a4, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0})
sendto(0xffffffffffffffff, 0x0, 0x0, 0x8000, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x8000003d)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000180))
ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000540)=<r5=>0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000580)=0x1)
write$dsp(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
close(r6)

6.046857518s ago: executing program 0 (id=1159):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
bind$ax25(r0, &(0x7f0000000000)={{0x3, @null, 0x2}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x48)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x363002, 0x0)
stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100))
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4607032005000000000000000002003e0000000000012a000038000000000000000f00000000002000"], 0x31)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(r1)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000180)=0xfffffff7)
syz_emit_ethernet(0x7a, &(0x7f0000000340)=ANY=[@ANYBLOB="ffffffffffff6c7621d7cc9486dd60fec00000443a00fe880000000000000000000000000001ff02000000000000000000000000000102009078000000006098a300fe800000000000000000000000000000fc0100000000000000000000000000001100000000000000fafb17c103001c193eb4c625"], 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000780)={{{@in=@broadcast, @in6=@initdev}}, {{@in6=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000300)=0xe8)
getgroups(0x4, &(0x7f0000000380)=[0xffffffffffffffff, 0xee00, 0xffffffffffffffff, 0x0])
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r5, 0x1, 0x7, &(0x7f0000000340), 0x4)
sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa7}, 0x30004001)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000640)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0xffffffffffffffff}}, './file0\x00'})
r6 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000000c0)={0x5, 0xfffffffa, 0x4, {0x9, @pix_mp={0x5, 0x3, 0x6e066f2b, 0xc, 0xa, [{0x5, 0x80000000}, {0x3, 0xc}, {0x2, 0x4}, {0xb0, 0x10000}, {0x81, 0x5}, {0x4, 0x1}, {0xe5, 0x80000001}, {0x8, 0x9}], 0x2, 0x5, 0x3, 0x0, 0x2}}, 0x3})
ioctl$VT_ACTIVATE(r0, 0x5606, 0x4)

5.907627918s ago: executing program 4 (id=1160):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) (fail_nth: 2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa08000600010000005a9297b7"], 0x30}}, 0x0)

4.774994687s ago: executing program 0 (id=1161):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
bind$ax25(r0, &(0x7f0000000000)={{0x3, @null, 0x2}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x48)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x363002, 0x0)
stat(0x0, &(0x7f0000000100))
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4607032005000000000000000002003e0000000000012a000038000000000000000f00000000002000"], 0x31)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(r1)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
syz_emit_ethernet(0x7a, &(0x7f0000000340)=ANY=[@ANYBLOB="ffffffffffff6c7621d7cc9486dd60fec00000443a00fe880000000000000000000000000001ff02000000000000000000000000000102009078000000006098a300fe800000000000000000000000000000fc0100000000000000000000000000001100000000000000fafb17c103001c193eb4c625"], 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000780)={{{@in=@broadcast, @in6=@initdev}}, {{@in6=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000300)=0xe8)
getgroups(0x4, &(0x7f0000000380)=[0xffffffffffffffff, 0xee00, 0xffffffffffffffff, 0x0])
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r5, 0x1, 0x7, &(0x7f0000000340), 0x4)
sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa7}, 0x30004001)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000640)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0xffffffffffffffff}}, './file0\x00'})
r6 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000000c0)={0x5, 0xfffffffa, 0x4, {0x9, @pix_mp={0x5, 0x3, 0x6e066f2b, 0xc, 0xa, [{0x5, 0x80000000}, {0x3, 0xc}, {0x2, 0x4}, {0xb0, 0x10000}, {0x81, 0x5}, {0x4, 0x1}, {0xe5, 0x80000001}, {0x8, 0x9}], 0x2, 0x5, 0x3, 0x0, 0x2}}, 0x3})
ioctl$VT_ACTIVATE(r0, 0x5606, 0x4)

4.647459509s ago: executing program 4 (id=1162):
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000007c0)={0x52})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000580)=@filter={'filter\x00', 0x2, 0x4, 0x340, 0xffffffff, 0x0, 0xb, 0x0, 0xfeffffff, 0xffffffff, 0x270, 0x270, 0x270, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x6, 0x0, 0x7}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0)

4.615802192s ago: executing program 1 (id=1163):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000009e0000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000005100000000000000000a200000000900010073797a300000000014000000100001"], 0x48}}, 0x20050800)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r3, @ANYBLOB="01000000000000000000010000000c000597ff000000000000000c0002000000000000000000040007800c000800000000000000000008000a00000000004400078008000100", @ANYRES32, @ANYBLOB="32000100"], 0x90}}, 0x0)

3.416279978s ago: executing program 0 (id=1164):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)

3.084234823s ago: executing program 3 (id=1165):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
recvmmsg(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}, 0xffffff79}], 0x1, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
r1 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0xd922, 0x10100, 0x0, 0x14e}, &(0x7f0000000480), &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000340)=<r3=>0x0, &(0x7f00000005c0))
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f00000003c0)=@abs={0x1}, 0x2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32, @ANYBLOB="0c000280"], 0x24}}, 0x0)
close(0x3)
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001, 0xfffffffd}, 0x8)
io_uring_enter(r1, 0x48e9, 0x0, 0x0, 0x0, 0x0)

2.885738767s ago: executing program 2 (id=1166):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x3a)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
sendmmsg(r1, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0}}], 0x400000000000113, 0x0)

2.760837512s ago: executing program 0 (id=1167):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
dup3(r0, r1, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x24, r2, 0x1, 0xfffffffa, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x2}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0xc800) (fail_nth: 2)

2.656756661s ago: executing program 3 (id=1168):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000440)='./file1\x00', 0x1a0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xffffffff)
syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
recvmsg(r0, &(0x7f00000002c0)={&(0x7f0000000340)=@hci, 0x80, &(0x7f0000001980)=[{&(0x7f00000004c0)=""/223, 0xdf}, {&(0x7f00000005c0)=""/170, 0xaa}, {&(0x7f0000000680)=""/255, 0xff}, {&(0x7f0000000780)=""/247, 0xf7}, {&(0x7f00000003c0)=""/98, 0x62}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000200)=""/53, 0x35}, {&(0x7f0000001880)=""/217, 0xd9}], 0x8}, 0x142)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r3, 0xffffffff80000801, 0xee01, &(0x7f00000000c0)={0x0, 0x1, 0x2000000000a960, 0x0, 0x201, 0x80000001, 0x48cd, 0xfffffffffffffffc, 0xdf})
write$FUSE_NOTIFY_RESEND(r3, &(0x7f0000000180)={0x14}, 0x14)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
dup3(r0, r4, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x24, r5, 0x1, 0xfffffffa, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x2}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0xc800)

2.617137129s ago: executing program 4 (id=1169):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xe)
r0 = socket(0x28, 0x5, 0x0)
socket(0x9, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10)
syz_open_dev$sg(0x0, 0x2, 0x4ce681)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/mdstat\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='erofs\x00', 0x8002, 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})

2.51837582s ago: executing program 1 (id=1170):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
pipe(&(0x7f00000001c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
io_setup(0x8, &(0x7f0000004200)=<r3=>0x0)
io_pgetevents(r3, 0x1, 0x1, &(0x7f0000000400)=[{}], &(0x7f0000000200)={0x0, 0x989680}, 0x0)
splice(r1, 0x0, r2, 0x0, 0xf3a, 0x1)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='subflow_check_data_avail\x00', r5}, 0x18)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)

2.151036909s ago: executing program 0 (id=1171):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
bind$ax25(r0, &(0x7f0000000000)={{0x3, @null, 0x2}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x48)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x363002, 0x0)
stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100))
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4607032005000000000000000002003e0000000000012a000038000000000000000f00000000002000"], 0x31)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(r1)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000180)=0xfffffff7)
syz_emit_ethernet(0x7a, &(0x7f0000000340)=ANY=[@ANYBLOB="ffffffffffff6c7621d7cc9486dd60fec00000443a00fe880000000000000000000000000001ff02000000000000000000000000000102009078000000006098a300fe800000000000000000000000000000fc0100000000000000000000000000001100000000000000fafb17c103001c193eb4c625"], 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000780)={{{@in=@broadcast, @in6=@initdev}}, {{@in6=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000300)=0xe8)
getgroups(0x4, &(0x7f0000000380)=[0xffffffffffffffff, 0xee00, 0xffffffffffffffff, 0x0])
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r5, 0x1, 0x7, &(0x7f0000000340), 0x4)
sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa7}, 0x30004001)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000640)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0xffffffffffffffff}}, './file0\x00'})
r6 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000000c0)={0x5, 0xfffffffa, 0x4, {0x9, @pix_mp={0x5, 0x3, 0x6e066f2b, 0xc, 0xa, [{0x5, 0x80000000}, {0x3, 0xc}, {0x2, 0x4}, {0xb0, 0x10000}, {0x81, 0x5}, {0x4, 0x1}, {0xe5, 0x80000001}, {0x8, 0x9}], 0x2, 0x5, 0x3, 0x0, 0x2}}, 0x3})
ioctl$VT_ACTIVATE(r0, 0x5606, 0x4)

2.14620009s ago: executing program 2 (id=1172):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x4, 0xe, &(0x7f0000001340)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a7645100b2ffbdb0ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14faecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9cf53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b2f113ad4c7915c8f82c333a7b350802f03b0057010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55a8a89b60317cd78ea1dc8e0f77f2c1e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f842cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2beaf4510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44be9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2002045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed8c631be6411f9927fe9f6b43ec83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea5919ffff72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d4196"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xfffffffc}, 0x8, 0x10, &(0x7f0000000880), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r1, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x8, 0x0, 0x0}}, 0xffffffffffffff20)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_pidfd_open(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000006000000000000000000040095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000180)={0xffff1000, 0x5000, 0x4781, 0x1, 0xffffffc0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='setgroups\x00')
writev(r5, &(0x7f0000003740)=[{&(0x7f0000001440)='deny', 0x4}], 0x1)

794.645104ms ago: executing program 0 (id=1173):
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x129c81, 0x0)
ppoll(&(0x7f0000000280)=[{r1, 0x2000}], 0x1, 0x0, 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200)={0x0, 0x6, 0x6, 0x6, 0x1, "42341f9b1000007e4f00"})
r2 = syz_open_pts(r1, 0x0)
dup3(r2, r1, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x161842, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
futex(0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x100)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2e}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r6, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f00000005c0)='\x00H\xeb', 0x0, 0xffffffffffffffff)
close(0xffffffffffffffff)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)

0s ago: executing program 2 (id=1174):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x370, 0xffffffff, 0xb0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0, 0x0, {0x100000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x9}}}, {{@uncond, 0x0, 0xc8, 0x128, 0x0, {}, [@common=@inet=@socket3={{0x28, 'socket\x00', 0x2}}, @common=@unspec=@cluster={{0x30}, {0x4, 0x4, 0x183e, 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote, 0x4ca, 0xb, [0x10, 0x2a, 0x36, 0xe, 0x7, 0xf, 0xb, 0x22, 0x39, 0x12, 0x17, 0x36, 0x6, 0xe, 0xa, 0x10], 0x0, 0xb, 0x681}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'wlan1\x00', 'pim6reg1\x00', {0xff}}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x4, 0x4, 0x4, 0x1, 0x4, 0x7], 0x0, 0x2}}}, @common=@ttl={{0x28}, {0x0, 0x40}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0)
r1 = socket(0x840000000002, 0x3, 0xff)
setsockopt$inet_int(r0, 0x0, 0x16, &(0x7f0000000400)=0x805, 0x4)
sendmmsg$inet(r1, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @local}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000001140)="174640b6d80fb2eedc81ba60ccbb9d", 0xf}], 0x2}}], 0x1, 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f0000000500)={0x4098f905, 0x101, "f256ff5141a2c4847732eb1580c9fd12cc52d635d21594470000000011c0bf30", 0x5, 0x4, 0x0, 0x22, 0x8})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x34}, [@ldst={0x6}]}, &(0x7f0000000180)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x84, 0x10, 0x30}, 0x18)
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f00000000c0)={0x0, 0xffffffff, 0xa6, 0xd, 0x2, [<r4=>0x0], [0x0, 0x8, 0x9, 0x8], [0x3, 0x1, 0x2, 0x2], [0x10, 0xf, 0x98e, 0x7f]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000140)={r4, 0x80000})

kernel console output (not intermixed with test programs):

-71
[  366.225052][ T5884] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  366.236394][ T5883] usb 4-1: unable to get BOS descriptor or descriptor too short
[  366.244131][ T5883] usb 4-1: too many configurations: 27, using maximum allowed: 8
[  366.265452][ T5883] usb 4-1: unable to read config index 0 descriptor/start: -71
[  366.275396][ T5883] usb 4-1: can't read configurations, error -71
[  366.503561][ T5884] usb 2-1: device descriptor read/64, error -71
[  366.628135][ T5884] usb usb2-port1: attempt power cycle
[  366.640183][ T8373] Cannot find del_set index 286 as target
[  366.997184][  T976] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  367.028866][ T8383] (unnamed net_device) (uninitialized): peer notification delay (3) is not a multiple of miimon (9), value rounded to 0 ms
[  367.165489][  T976] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  367.178433][ T5884] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  367.499133][  T976] usb 5-1: config 0 interface 0 has no altsetting 0
[  367.706605][ T5884] usb 2-1: device descriptor read/8, error -71
[  367.716754][  T976] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  367.730566][  T976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.739043][  T976] usb 5-1: Product: syz
[  367.743235][  T976] usb 5-1: Manufacturer: syz
[  367.748248][  T976] usb 5-1: SerialNumber: syz
[  367.785172][  T976] usb 5-1: config 0 descriptor??
[  367.911177][  T976] usb 5-1: selecting invalid altsetting 0
[  367.997782][ T8388] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.195253][ T8388] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.450379][ T8388] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.622838][ T8411] FAULT_INJECTION: forcing a failure.
[  370.622838][ T8411] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  370.636465][ T8411] CPU: 0 UID: 0 PID: 8411 Comm: syz.2.649 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  370.636494][ T8411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  370.636507][ T8411] Call Trace:
[  370.636516][ T8411]  <TASK>
[  370.636524][ T8411]  dump_stack_lvl+0x241/0x360
[  370.636560][ T8411]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.636586][ T8411]  ? __pfx__printk+0x10/0x10
[  370.636625][ T8411]  should_fail_ex+0x424/0x570
[  370.636666][ T8411]  _copy_from_user+0x2d/0xb0
[  370.636696][ T8411]  kstrtouint_from_user+0xce/0x1a0
[  370.636724][ T8411]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  370.636751][ T8411]  ? __lock_acquire+0xad5/0xd80
[  370.636782][ T8411]  proc_fail_nth_write+0xac/0x2d0
[  370.636808][ T8411]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  370.636835][ T8411]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  370.636868][ T8411]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  370.636896][ T8411]  vfs_write+0x2bc/0xd10
[  370.636930][ T8411]  ? fdget_pos+0x247/0x310
[  370.636958][ T8411]  ? __pfx_vfs_write+0x10/0x10
[  370.636989][ T8411]  ? __fget_files+0x2a/0x420
[  370.637015][ T8411]  ? __fget_files+0x39d/0x420
[  370.637036][ T8411]  ? __fget_files+0x2a/0x420
[  370.637069][ T8411]  ksys_write+0x19d/0x2d0
[  370.637100][ T8411]  ? __pfx_ksys_write+0x10/0x10
[  370.637135][ T8411]  ? do_syscall_64+0xb6/0x230
[  370.637163][ T8411]  do_syscall_64+0xf3/0x230
[  370.637187][ T8411]  ? clear_bhb_loop+0x45/0xa0
[  370.637212][ T8411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.637232][ T8411] RIP: 0033:0x7fe43a18bc1f
[  370.637251][ T8411] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  370.637268][ T8411] RSP: 002b:00007fe43af61030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  370.637290][ T8411] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe43a18bc1f
[  370.637305][ T8411] RDX: 0000000000000001 RSI: 00007fe43af610a0 RDI: 0000000000000004
[  370.637318][ T8411] RBP: 00007fe43af61090 R08: 0000000000000000 R09: 0000000000000000
[  370.637330][ T8411] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  370.637342][ T8411] R13: 0000000000000000 R14: 00007fe43a3a6080 R15: 00007fffc480f268
[  370.637373][ T8411]  </TASK>
[  371.546605][ T8388] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.656951][ T5893] usb 5-1: USB disconnect, device number 27
[  372.018638][ T8422] overlayfs: failed to resolve './file0': -2
[  373.200032][ T8388] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  373.215150][ T8388] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  373.229690][ T8388] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  373.243823][ T8388] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.770121][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.776553][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  380.465078][ T8477] can0: slcan on ttyS3.
[  380.488504][ T8482] netlink: 20 bytes leftover after parsing attributes in process `syz.0.671'.
[  380.596908][ T8479] can0 (unregistered): slcan off ttyS3.
[  380.681267][ T8488] netlink: 'syz.3.672': attribute type 5 has an invalid length.
[  381.990642][ T8502] can0: slcan on ttyS3.
[  382.107880][ T8472] netlink: 64 bytes leftover after parsing attributes in process `syz.2.667'.
[  382.130792][ T8472] usb usb1: usbfs: process 8472 (syz.2.667) did not claim interface 0 before use
[  382.869960][ T8502] can0 (unregistered): slcan off ttyS3.
[  383.848461][ T8523] FAULT_INJECTION: forcing a failure.
[  383.848461][ T8523] name failslab, interval 1, probability 0, space 0, times 0
[  383.878485][ T8523] CPU: 0 UID: 0 PID: 8523 Comm: syz.4.683 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  383.878525][ T8523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  383.878545][ T8523] Call Trace:
[  383.878558][ T8523]  <TASK>
[  383.878572][ T8523]  dump_stack_lvl+0x241/0x360
[  383.878607][ T8523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  383.878633][ T8523]  ? __pfx__printk+0x10/0x10
[  383.878663][ T8523]  ? __pfx___might_resched+0x10/0x10
[  383.878690][ T8523]  should_fail_ex+0x424/0x570
[  383.878716][ T8523]  should_failslab+0xac/0x100
[  383.878737][ T8523]  __kmalloc_noprof+0xdf/0x4d0
[  383.878757][ T8523]  ? tomoyo_encode+0x26f/0x540
[  383.878797][ T8523]  tomoyo_encode+0x26f/0x540
[  383.878820][ T8523]  tomoyo_realpath_from_path+0x59e/0x5e0
[  383.878851][ T8523]  tomoyo_path_number_perm+0x245/0x790
[  383.878879][ T8523]  ? tomoyo_path_number_perm+0x215/0x790
[  383.878906][ T8523]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  383.878937][ T8523]  ? ksys_write+0x24e/0x2d0
[  383.878970][ T8523]  ? __lock_acquire+0xad5/0xd80
[  383.879004][ T8523]  ? __fget_files+0x2a/0x420
[  383.879025][ T8523]  ? __fget_files+0x2a/0x420
[  383.879048][ T8523]  ? __fget_files+0x2a/0x420
[  383.879073][ T8523]  security_file_ioctl+0xc6/0x2a0
[  383.879101][ T8523]  __se_sys_ioctl+0x46/0x160
[  383.879129][ T8523]  do_syscall_64+0xf3/0x230
[  383.879151][ T8523]  ? clear_bhb_loop+0x45/0xa0
[  383.879174][ T8523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.879192][ T8523] RIP: 0033:0x7f67a6f8d169
[  383.879207][ T8523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.879222][ T8523] RSP: 002b:00007f67a7e4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  383.879241][ T8523] RAX: ffffffffffffffda RBX: 00007f67a71a5fa0 RCX: 00007f67a6f8d169
[  383.879254][ T8523] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003
[  383.879266][ T8523] RBP: 00007f67a7e4e090 R08: 0000000000000000 R09: 0000000000000000
[  383.879277][ T8523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.879287][ T8523] R13: 0000000000000000 R14: 00007f67a71a5fa0 R15: 00007ffe52692c48
[  383.879315][ T8523]  </TASK>
[  383.879332][ T8523] ERROR: Out of memory at tomoyo_realpath_from_path.
[  384.173393][ T8523] loop2: detected capacity change from 0 to 7
[  384.251120][ T8523] Dev loop2: unable to read RDB block 7
[  384.282498][ T8523]  loop2: AHDI p1 p2 p3
[  384.306321][ T8523] loop2: partition table partially beyond EOD, truncated
[  384.314505][ T8523] loop2: p1 start 1634624559 is beyond EOD, truncated
[  384.379116][ T8523] loop2: p2 start 1702059890 is beyond EOD, truncated
[  385.115679][ T8549] lo speed is unknown, defaulting to 1000
[  387.774380][ T8572] pim6reg: tun_chr_ioctl cmd 1074025677
[  387.801636][ T8572] pim6reg: linktype set to 780
[  387.847551][ T8580] FAULT_INJECTION: forcing a failure.
[  387.847551][ T8580] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.916363][ T8580] CPU: 1 UID: 0 PID: 8580 Comm: syz.3.699 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  387.916403][ T8580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  387.916416][ T8580] Call Trace:
[  387.916425][ T8580]  <TASK>
[  387.916434][ T8580]  dump_stack_lvl+0x241/0x360
[  387.916472][ T8580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  387.916502][ T8580]  ? __pfx__printk+0x10/0x10
[  387.916542][ T8580]  should_fail_ex+0x424/0x570
[  387.916570][ T8580]  _copy_to_user+0x31/0xb0
[  387.916603][ T8580]  simple_read_from_buffer+0xc4/0x170
[  387.916631][ T8580]  proc_fail_nth_read+0x1ef/0x260
[  387.916673][ T8580]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  387.916703][ T8580]  ? rw_verify_area+0x246/0x630
[  387.916730][ T8580]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  387.916758][ T8580]  vfs_read+0x21f/0xb90
[  387.916790][ T8580]  ? __pfx___mutex_lock+0x10/0x10
[  387.916815][ T8580]  ? __pfx_vfs_read+0x10/0x10
[  387.916846][ T8580]  ? __fget_files+0x2a/0x420
[  387.916871][ T8580]  ? __fget_files+0x39d/0x420
[  387.916892][ T8580]  ? __fget_files+0x2a/0x420
[  387.916925][ T8580]  ksys_read+0x19d/0x2d0
[  387.916955][ T8580]  ? __pfx_ksys_read+0x10/0x10
[  387.916989][ T8580]  ? do_syscall_64+0xb6/0x230
[  387.917028][ T8580]  do_syscall_64+0xf3/0x230
[  387.917050][ T8580]  ? clear_bhb_loop+0x45/0xa0
[  387.917073][ T8580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.917091][ T8580] RIP: 0033:0x7f9d82d8bb7c
[  387.917109][ T8580] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  387.917125][ T8580] RSP: 002b:00007f9d83b36030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  387.917145][ T8580] RAX: ffffffffffffffda RBX: 00007f9d82fa5fa0 RCX: 00007f9d82d8bb7c
[  387.917159][ T8580] RDX: 000000000000000f RSI: 00007f9d83b360a0 RDI: 0000000000000004
[  387.917171][ T8580] RBP: 00007f9d83b36090 R08: 0000000000000000 R09: 0000000000000000
[  387.917184][ T8580] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  387.917196][ T8580] R13: 0000000000000000 R14: 00007f9d82fa5fa0 R15: 00007ffe85742e78
[  387.917226][ T8580]  </TASK>
[  388.375393][ T8585] netlink: 64 bytes leftover after parsing attributes in process `syz.0.695'.
[  388.390274][ T8585] usb usb1: usbfs: process 8585 (syz.0.695) did not claim interface 0 before use
[  390.779787][   T55] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  390.797948][   T55] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  391.506341][ T5893] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  391.738100][ T5893] usb 5-1: unable to get BOS descriptor or descriptor too short
[  391.754115][ T5893] usb 5-1: config 151 has an invalid interface number: 192 but max is 0
[  391.766352][ T5893] usb 5-1: config 151 has no interface number 0
[  391.773137][ T5893] usb 5-1: config 151 interface 192 has no altsetting 0
[  391.795039][ T5893] usb 5-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice=b8.85
[  391.805064][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.813277][ T5893] usb 5-1: Product: syz
[  391.874077][ T5893] usb 5-1: Manufacturer: syz
[  391.897618][ T5893] usb 5-1: SerialNumber: syz
[  392.340156][ T5893] ldusb 5-1:151.192: Interrupt in endpoint not found
[  392.385769][ T5893] usb 5-1: USB disconnect, device number 28
[  392.886599][   T55] Bluetooth: hci0: command 0x0406 tx timeout
[  393.306600][ T8645] FAULT_INJECTION: forcing a failure.
[  393.306600][ T8645] name failslab, interval 1, probability 0, space 0, times 0
[  393.532087][ T8646] overlayfs: failed to resolve './file0': -2
[  393.692887][ T8645] CPU: 1 UID: 0 PID: 8645 Comm: syz.3.720 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  393.692919][ T8645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  393.692932][ T8645] Call Trace:
[  393.692939][ T8645]  <TASK>
[  393.692949][ T8645]  dump_stack_lvl+0x241/0x360
[  393.692989][ T8645]  ? __pfx_dump_stack_lvl+0x10/0x10
[  393.693028][ T8645]  ? __pfx__printk+0x10/0x10
[  393.693059][ T8645]  ? __pfx___might_resched+0x10/0x10
[  393.693085][ T8645]  should_fail_ex+0x424/0x570
[  393.693111][ T8645]  should_failslab+0xac/0x100
[  393.693150][ T8645]  __kmalloc_noprof+0xdf/0x4d0
[  393.693171][ T8645]  ? tomoyo_encode+0x26f/0x540
[  393.693196][ T8645]  tomoyo_encode+0x26f/0x540
[  393.693223][ T8645]  tomoyo_realpath_from_path+0x59e/0x5e0
[  393.693258][ T8645]  tomoyo_path_number_perm+0x245/0x790
[  393.693291][ T8645]  ? tomoyo_path_number_perm+0x215/0x790
[  393.693322][ T8645]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  393.693358][ T8645]  ? ksys_write+0x24e/0x2d0
[  393.693395][ T8645]  ? __lock_acquire+0xad5/0xd80
[  393.693435][ T8645]  ? __fget_files+0x2a/0x420
[  393.693458][ T8645]  ? __fget_files+0x2a/0x420
[  393.693484][ T8645]  ? __fget_files+0x2a/0x420
[  393.693513][ T8645]  security_file_ioctl+0xc6/0x2a0
[  393.693552][ T8645]  __se_sys_ioctl+0x46/0x160
[  393.693584][ T8645]  do_syscall_64+0xf3/0x230
[  393.693610][ T8645]  ? clear_bhb_loop+0x45/0xa0
[  393.693635][ T8645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.693655][ T8645] RIP: 0033:0x7f9d82d8d169
[  393.693673][ T8645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.693691][ T8645] RSP: 002b:00007f9d83b36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  393.693713][ T8645] RAX: ffffffffffffffda RBX: 00007f9d82fa5fa0 RCX: 00007f9d82d8d169
[  393.693728][ T8645] RDX: 0000200000000000 RSI: 00000000c0745645 RDI: 0000000000000003
[  393.693742][ T8645] RBP: 00007f9d83b36090 R08: 0000000000000000 R09: 0000000000000000
[  393.693755][ T8645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.693767][ T8645] R13: 0000000000000000 R14: 00007f9d82fa5fa0 R15: 00007ffe85742e78
[  393.693799][ T8645]  </TASK>
[  393.909149][ T8645] ERROR: Out of memory at tomoyo_realpath_from_path.
[  394.744874][ T8657] erofs (device nullb0): cannot find valid erofs superblock
[  394.795397][ T8657] overlayfs: upper fs does not support file handles, falling back to index=off.
[  394.804580][ T8657] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  395.490599][ T8664] FAULT_INJECTION: forcing a failure.
[  395.490599][ T8664] name failslab, interval 1, probability 0, space 0, times 0
[  395.503498][ T8664] CPU: 1 UID: 0 PID: 8664 Comm: syz.4.725 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  395.503526][ T8664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  395.503538][ T8664] Call Trace:
[  395.503547][ T8664]  <TASK>
[  395.503555][ T8664]  dump_stack_lvl+0x241/0x360
[  395.503591][ T8664]  ? __pfx_dump_stack_lvl+0x10/0x10
[  395.503620][ T8664]  ? __pfx__printk+0x10/0x10
[  395.503649][ T8664]  ? fib6_table_lookup+0xb98/0xbf0
[  395.503681][ T8664]  should_fail_ex+0x424/0x570
[  395.503704][ T8664]  ? __pfx_ip6_dst_gc+0x10/0x10
[  395.503725][ T8664]  should_failslab+0xac/0x100
[  395.503748][ T8664]  kmem_cache_alloc_noprof+0x78/0x390
[  395.503768][ T8664]  ? dst_alloc+0x12b/0x190
[  395.503791][ T8664]  ? __pfx_ip6_dst_gc+0x10/0x10
[  395.503812][ T8664]  dst_alloc+0x12b/0x190
[  395.503838][ T8664]  ip6_pol_route+0xb96/0x15f0
[  395.503867][ T8664]  ? ip6_pol_route+0x192/0x15f0
[  395.503893][ T8664]  ? __pfx_ip6_pol_route+0x10/0x10
[  395.503926][ T8664]  ? __pfx_up_write+0x10/0x10
[  395.503949][ T8664]  ? ima_get_action+0x75/0xb0
[  395.503976][ T8664]  fib6_rule_lookup+0x288/0x7a0
[  395.504003][ T8664]  ? __pfx_ip6_pol_route_output+0x10/0x10
[  395.504039][ T8664]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  395.504086][ T8664]  ? ip6_route_output_flags+0x30/0x610
[  395.504108][ T8664]  ip6_route_output_flags+0x38e/0x610
[  395.504136][ T8664]  ip6_dst_lookup_tail+0x1b5/0x1510
[  395.504176][ T8664]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  395.504208][ T8664]  ? sk_dst_check+0x29/0x470
[  395.504234][ T8664]  ? sk_dst_check+0x29/0x470
[  395.504260][ T8664]  ? sk_dst_check+0x2f9/0x470
[  395.504309][ T8664]  ip6_sk_dst_lookup_flow+0x7f1/0xab0
[  395.504350][ T8664]  ? txopt_get+0x3e4/0x500
[  395.504378][ T8664]  ? __pfx_ip6_sk_dst_lookup_flow+0x10/0x10
[  395.504407][ T8664]  ? register_lock_class+0x54/0x330
[  395.504426][ T8664]  ? udpv6_sendmsg+0x1a95/0x3070
[  395.504456][ T8664]  udpv6_sendmsg+0x1dd7/0x3070
[  395.504490][ T8664]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  395.504528][ T8664]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  395.504559][ T8664]  ? __lock_acquire+0xad5/0xd80
[  395.504599][ T8664]  ? inet_send_prepare+0x1b7/0x260
[  395.504621][ T8664]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  395.504651][ T8664]  ? inet_send_prepare+0x1b7/0x260
[  395.504671][ T8664]  ? do_raw_spin_unlock+0x13c/0x8b0
[  395.504710][ T8664]  ? inet_send_prepare+0x1b7/0x260
[  395.504740][ T8664]  __sock_sendmsg+0xef/0x270
[  395.504770][ T8664]  __sys_sendto+0x365/0x4c0
[  395.504808][ T8664]  ? __pfx___sys_sendto+0x10/0x10
[  395.504862][ T8664]  ? __fget_files+0x2a/0x420
[  395.504894][ T8664]  ? ksys_write+0x275/0x2d0
[  395.504931][ T8664]  __x64_sys_sendto+0xde/0x100
[  395.504964][ T8664]  do_syscall_64+0xf3/0x230
[  395.504987][ T8664]  ? clear_bhb_loop+0x45/0xa0
[  395.505010][ T8664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.505028][ T8664] RIP: 0033:0x7f67a6f8d169
[  395.505045][ T8664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.505060][ T8664] RSP: 002b:00007f67a7e4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  395.505080][ T8664] RAX: ffffffffffffffda RBX: 00007f67a71a5fa0 RCX: 00007f67a6f8d169
[  395.505094][ T8664] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  395.505105][ T8664] RBP: 00007f67a7e4e090 R08: 0000200000000000 R09: 000000000000001c
[  395.505118][ T8664] R10: 00000000200c8004 R11: 0000000000000246 R12: 0000000000000001
[  395.505130][ T8664] R13: 0000000000000000 R14: 00007f67a71a5fa0 R15: 00007ffe52692c48
[  395.505159][ T8664]  </TASK>
[  398.069367][   T55] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1
[  398.077665][   T55] Bluetooth: hci2: unexpected event for opcode 0x203e
[  398.177522][ T5886] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  398.202417][ T5884] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  398.446428][ T5884] usb 5-1: Using ep0 maxpacket: 32
[  398.484740][ T5886] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  398.506070][ T5884] usb 5-1: config 0 has an invalid interface number: 96 but max is 0
[  398.514071][ T5886] usb 2-1: config 0 interface 0 has no altsetting 0
[  398.565612][ T5884] usb 5-1: config 0 has no interface number 0
[  398.643488][ T5884] usb 5-1: New USB device found, idVendor=05d1, idProduct=9006, bcdDevice=48.7b
[  398.659676][ T5886] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  398.695952][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.698294][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.704770][ T5886] usb 2-1: Product: syz
[  398.717306][ T5886] usb 2-1: Manufacturer: syz
[  398.724863][ T5886] usb 2-1: SerialNumber: syz
[  398.770524][ T5884] usb 5-1: Product: syz
[  398.791066][ T5884] usb 5-1: Manufacturer: syz
[  398.815199][ T5884] usb 5-1: SerialNumber: syz
[  398.854868][ T5886] usb 2-1: config 0 descriptor??
[  398.863879][ T5884] usb 5-1: config 0 descriptor??
[  398.877085][ T5886] usb 2-1: selecting invalid altsetting 0
[  398.896169][ T5884] hub 5-1:0.96: bad descriptor, ignoring hub
[  398.903464][ T5884] hub 5-1:0.96: probe with driver hub failed with error -5
[  398.920537][ T5884] ftdi_sio 5-1:0.96: FTDI USB Serial Device converter detected
[  398.946797][ T5884] ftdi_sio ttyUSB0: unknown device type: 0x487b
[  399.035396][ T8691] FAULT_INJECTION: forcing a failure.
[  399.035396][ T8691] name failslab, interval 1, probability 0, space 0, times 0
[  399.064753][ T8691] CPU: 0 UID: 0 PID: 8691 Comm: syz.3.733 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  399.064780][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  399.064792][ T8691] Call Trace:
[  399.064800][ T8691]  <TASK>
[  399.064807][ T8691]  dump_stack_lvl+0x241/0x360
[  399.064842][ T8691]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.064868][ T8691]  ? __pfx__printk+0x10/0x10
[  399.064898][ T8691]  ? __pfx___might_resched+0x10/0x10
[  399.064924][ T8691]  should_fail_ex+0x424/0x570
[  399.064961][ T8691]  should_failslab+0xac/0x100
[  399.064982][ T8691]  __kmalloc_noprof+0xdf/0x4d0
[  399.065000][ T8691]  ? tomoyo_encode+0x26f/0x540
[  399.065022][ T8691]  tomoyo_encode+0x26f/0x540
[  399.065046][ T8691]  tomoyo_realpath_from_path+0x59e/0x5e0
[  399.065076][ T8691]  tomoyo_path_number_perm+0x245/0x790
[  399.065105][ T8691]  ? tomoyo_path_number_perm+0x215/0x790
[  399.065133][ T8691]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  399.065163][ T8691]  ? ksys_write+0x24e/0x2d0
[  399.065194][ T8691]  ? __lock_acquire+0xad5/0xd80
[  399.065234][ T8691]  ? __fget_files+0x2a/0x420
[  399.065254][ T8691]  ? __fget_files+0x2a/0x420
[  399.065277][ T8691]  ? __fget_files+0x2a/0x420
[  399.065302][ T8691]  security_file_ioctl+0xc6/0x2a0
[  399.065329][ T8691]  __se_sys_ioctl+0x46/0x160
[  399.065357][ T8691]  do_syscall_64+0xf3/0x230
[  399.065379][ T8691]  ? clear_bhb_loop+0x45/0xa0
[  399.065419][ T8691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.065437][ T8691] RIP: 0033:0x7f9d82d8d169
[  399.065454][ T8691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.065470][ T8691] RSP: 002b:00007f9d83b36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  399.065491][ T8691] RAX: ffffffffffffffda RBX: 00007f9d82fa5fa0 RCX: 00007f9d82d8d169
[  399.065505][ T8691] RDX: 00002000000012c0 RSI: 0000000081785501 RDI: 0000000000000003
[  399.065517][ T8691] RBP: 00007f9d83b36090 R08: 0000000000000000 R09: 0000000000000000
[  399.065529][ T8691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.065541][ T8691] R13: 0000000000000000 R14: 00007f9d82fa5fa0 R15: 00007ffe85742e78
[  399.065569][ T8691]  </TASK>
[  399.065588][ T8691] ERROR: Out of memory at tomoyo_realpath_from_path.
[  399.792597][  T976] usb 5-1: USB disconnect, device number 29
[  400.277471][ T8702] FAULT_INJECTION: forcing a failure.
[  400.277471][ T8702] name failslab, interval 1, probability 0, space 0, times 0
[  400.291382][  T976] ftdi_sio 5-1:0.96: device disconnected
[  400.398434][ T8702] CPU: 1 UID: 0 PID: 8702 Comm: syz.2.736 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  400.398456][ T8702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  400.398465][ T8702] Call Trace:
[  400.398471][ T8702]  <TASK>
[  400.398478][ T8702]  dump_stack_lvl+0x241/0x360
[  400.398508][ T8702]  ? __pfx_dump_stack_lvl+0x10/0x10
[  400.398532][ T8702]  ? __pfx__printk+0x10/0x10
[  400.398558][ T8702]  ? __pfx___might_resched+0x10/0x10
[  400.398580][ T8702]  should_fail_ex+0x424/0x570
[  400.398601][ T8702]  should_failslab+0xac/0x100
[  400.398618][ T8702]  __kmalloc_noprof+0xdf/0x4d0
[  400.398634][ T8702]  ? tomoyo_encode+0x26f/0x540
[  400.398654][ T8702]  tomoyo_encode+0x26f/0x540
[  400.398670][ T8702]  ? __pfx_sockfs_dname+0x10/0x10
[  400.398692][ T8702]  tomoyo_realpath_from_path+0x59e/0x5e0
[  400.398723][ T8702]  tomoyo_path_number_perm+0x245/0x790
[  400.398747][ T8702]  ? tomoyo_path_number_perm+0x215/0x790
[  400.398771][ T8702]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  400.398798][ T8702]  ? ksys_write+0x24e/0x2d0
[  400.398826][ T8702]  ? __lock_acquire+0xad5/0xd80
[  400.398857][ T8702]  ? __fget_files+0x2a/0x420
[  400.398876][ T8702]  ? __fget_files+0x2a/0x420
[  400.398897][ T8702]  ? __fget_files+0x2a/0x420
[  400.398920][ T8702]  security_file_ioctl+0xc6/0x2a0
[  400.398946][ T8702]  __se_sys_ioctl+0x46/0x160
[  400.398972][ T8702]  do_syscall_64+0xf3/0x230
[  400.398993][ T8702]  ? clear_bhb_loop+0x45/0xa0
[  400.399013][ T8702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.399029][ T8702] RIP: 0033:0x7fe43a18d169
[  400.399045][ T8702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.399059][ T8702] RSP: 002b:00007fe43af82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  400.399077][ T8702] RAX: ffffffffffffffda RBX: 00007fe43a3a5fa0 RCX: 00007fe43a18d169
[  400.399095][ T8702] RDX: 0000200000000040 RSI: 000000000000890b RDI: 0000000000000003
[  400.399106][ T8702] RBP: 00007fe43af82090 R08: 0000000000000000 R09: 0000000000000000
[  400.399116][ T8702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.399125][ T8702] R13: 0000000000000000 R14: 00007fe43a3a5fa0 R15: 00007fffc480f268
[  400.399148][ T8702]  </TASK>
[  400.399267][ T8702] ERROR: Out of memory at tomoyo_realpath_from_path.
[  400.628846][ T5882] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  400.668778][ T8708] can0: slcan on ttyS3.
[  400.717130][ T8708] can0 (unregistered): slcan off ttyS3.
[  400.790868][ T5882] usb 4-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  400.833550][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.984474][ T5882] usb 4-1: Product: syz
[  400.991902][ T5882] usb 4-1: Manufacturer: syz
[  401.001049][ T5882] usb 4-1: SerialNumber: syz
[  401.015995][ T5882] usb 4-1: config 0 descriptor??
[  401.030828][   T55] Bluetooth: hci5: urb ffff888050e2b900 submission failed (2)
[  401.820705][ T5882] usb 2-1: USB disconnect, device number 16
[  402.738429][ T5882] usb 4-1: USB disconnect, device number 11
[  403.194412][ T8732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.745'.
[  403.220456][   T55] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  403.228396][   T55] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  403.746841][ T8744] erofs (device nullb0): cannot find valid erofs superblock
[  403.758444][ T8744] overlayfs: upper fs does not support file handles, falling back to index=off.
[  403.767629][ T8744] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  404.005389][ T8748] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  404.028817][ T8748] xt_NFQUEUE: number of total queues is 0
[  404.425589][ T8754] netlink: 8 bytes leftover after parsing attributes in process `syz.3.754'.
[  404.435424][ T8754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.754'.
[  404.445615][ T8754] netlink: 26 bytes leftover after parsing attributes in process `syz.3.754'.
[  404.866664][ T5885] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  405.166456][ T5885] usb 2-1: Using ep0 maxpacket: 8
[  405.562583][ T5885] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  405.606521][ T5885] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  405.624745][ T5885] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  405.655265][ T5885] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  405.673995][ T5885] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  405.687483][ T5885] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  405.696853][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.522084][ T5885] usb 2-1: usb_control_msg returned -32
[  406.545134][ T5885] usbtmc 2-1:16.0: can't read capabilities
[  406.556356][ T8767] netlink: 8 bytes leftover after parsing attributes in process `syz.2.758'.
[  406.565354][ T8767] netlink: 4 bytes leftover after parsing attributes in process `syz.2.758'.
[  406.576365][ T5893] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[  406.595095][ T8767] netlink: 26 bytes leftover after parsing attributes in process `syz.2.758'.
[  406.793271][ T5893] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  406.814460][ T5893] usb 5-1: config 0 interface 0 has no altsetting 0
[  406.884550][ T8779] usbtmc 2-1:16.0: INDICATOR_PULSE returned 0
[  406.899979][ T5893] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  406.940849][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.973176][ T5893] usb 5-1: Product: syz
[  406.984934][ T5893] usb 5-1: Manufacturer: syz
[  406.990323][ T5893] usb 5-1: SerialNumber: syz
[  407.008452][ T5893] usb 5-1: config 0 descriptor??
[  407.025745][ T5893] usb 5-1: selecting invalid altsetting 0
[  407.086648][ T5885] usb 2-1: USB disconnect, device number 17
[  408.052350][ T8791] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 1, id = 0
[  409.086315][ T5882] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  409.209655][    T9] usb 5-1: USB disconnect, device number 30
[  409.256979][ T5882] usb 2-1: Using ep0 maxpacket: 16
[  409.282893][ T5882] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  409.331198][ T5882] usb 2-1: config 0 has no interface number 0
[  409.363479][ T5882] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  409.419443][ T5882] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  409.490623][ T5882] usb 2-1: config 0 interface 41 has no altsetting 0
[  409.523475][ T5882] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  409.533240][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.548892][ T5882] usb 2-1: Product: syz
[  409.553213][ T5882] usb 2-1: Manufacturer: syz
[  409.558791][ T5882] usb 2-1: SerialNumber: syz
[  409.594003][ T5882] usb 2-1: config 0 descriptor??
[  409.605159][ T8790] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  409.606741][ T5893] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  409.646456][ T8790] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  409.818059][ T5893] usb 3-1: config 1 has an invalid interface number: 128 but max is 1
[  409.847665][ T5893] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  409.886289][ T5893] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  409.919941][ T5893] usb 3-1: config 1 has no interface number 0
[  409.926105][ T5893] usb 3-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  409.939195][ T8790] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  409.957046][ T8790] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  410.009634][ T5893] usb 3-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  410.029169][ T5893] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  410.039867][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.048356][ T5893] usb 3-1: Product: syz
[  410.643014][ T5893] usb 3-1: Manufacturer: syz
[  410.648404][ T5893] usb 3-1: SerialNumber: syz
[  410.670778][ T8790] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  410.707176][ T5893] cdc_wdm 3-1:1.128: skipping garbage
[  410.720648][ T8790] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  410.730998][ T8806] netlink: 8 bytes leftover after parsing attributes in process `syz.0.769'.
[  410.761839][ T5893] cdc_wdm 3-1:1.128: cdc-wdm0: USB WDM device
[  410.778300][ T5893] cdc_wdm 3-1:1.128: Unknown control protocol
[  411.146580][    T9] usb 3-1: USB disconnect, device number 9
[  411.206298][ T5882] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71
[  411.218659][ T5882] usb 2-1: USB disconnect, device number 18
[  413.198394][   T55] Bluetooth: unknown link type 108
[  413.204446][   T55] Bluetooth: hci0: connection err: -111
[  413.246522][ T5884] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  413.457845][ T5884] usb 5-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  413.522558][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.564647][ T5884] usb 5-1: Product: syz
[  413.582808][ T5884] usb 5-1: Manufacturer: syz
[  413.602779][ T5884] usb 5-1: SerialNumber: syz
[  413.630020][ T5884] usb 5-1: config 0 descriptor??
[  413.962204][   T55] Bluetooth: hci5: urb ffff8880594d6700 submission failed (2)
[  414.103645][ T8847] FAULT_INJECTION: forcing a failure.
[  414.103645][ T8847] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.242984][ T8847] CPU: 1 UID: 0 PID: 8847 Comm: syz.0.781 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  414.243014][ T8847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  414.243030][ T8847] Call Trace:
[  414.243038][ T8847]  <TASK>
[  414.243046][ T8847]  dump_stack_lvl+0x241/0x360
[  414.243081][ T8847]  ? __pfx_dump_stack_lvl+0x10/0x10
[  414.243108][ T8847]  ? __pfx__printk+0x10/0x10
[  414.243146][ T8847]  should_fail_ex+0x424/0x570
[  414.243172][ T8847]  _copy_from_iter+0x211/0x1c70
[  414.243205][ T8847]  ? alloc_pages_mpol+0x4e6/0x690
[  414.243230][ T8847]  ? __pfx__copy_from_iter+0x10/0x10
[  414.243261][ T8847]  ? set_page_refcounted+0xa1/0x1e0
[  414.243282][ T8847]  ? alloc_pages_noprof+0x136/0x190
[  414.243299][ T8847]  ? page_copy_sane+0x46/0x260
[  414.243325][ T8847]  copy_page_from_iter+0x7a/0x100
[  414.243354][ T8847]  tun_get_user+0x1f6c/0x47c0
[  414.243387][ T8847]  ? tun_get_user+0x852/0x47c0
[  414.243435][ T8847]  ? kstrtouint+0xfc/0x190
[  414.243456][ T8847]  ? __pfx_tun_get_user+0x10/0x10
[  414.243503][ T8847]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  414.243543][ T8847]  ? tun_get+0x1e/0x2f0
[  414.243572][ T8847]  ? tun_get+0x1e/0x2f0
[  414.243599][ T8847]  ? tun_get+0x27d/0x2f0
[  414.243628][ T8847]  tun_chr_write_iter+0x10d/0x1f0
[  414.243660][ T8847]  vfs_write+0x70f/0xd10
[  414.243694][ T8847]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  414.243743][ T8847]  ? __pfx_vfs_write+0x10/0x10
[  414.243801][ T8847]  ? __fget_files+0x2a/0x420
[  414.243826][ T8847]  ? __fget_files+0x2a/0x420
[  414.243858][ T8847]  ksys_write+0x19d/0x2d0
[  414.243887][ T8847]  ? __pfx_ksys_write+0x10/0x10
[  414.243918][ T8847]  ? do_syscall_64+0xb6/0x230
[  414.243946][ T8847]  do_syscall_64+0xf3/0x230
[  414.243969][ T8847]  ? clear_bhb_loop+0x45/0xa0
[  414.243992][ T8847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.244010][ T8847] RIP: 0033:0x7fd96478bc1f
[  414.244028][ T8847] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  414.244044][ T8847] RSP: 002b:00007fd965535000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  414.244065][ T8847] RAX: ffffffffffffffda RBX: 00007fd9649a5fa0 RCX: 00007fd96478bc1f
[  414.244079][ T8847] RDX: 0000000000000022 RSI: 0000200000000040 RDI: 00000000000000c8
[  414.244092][ T8847] RBP: 00007fd965535090 R08: 0000000000000000 R09: 0000000000000000
[  414.244104][ T8847] R10: 0000000000000022 R11: 0000000000000293 R12: 0000000000000001
[  414.244115][ T8847] R13: 0000000000000001 R14: 00007fd9649a5fa0 R15: 00007ffc8c6becb8
[  414.244145][ T8847]  </TASK>
[  414.496500][    C1] vkms_vblank_simulate: vblank timer overrun
[  414.824601][ T8853] netlink: 16 bytes leftover after parsing attributes in process `syz.0.783'.
[  416.014342][ T5886] usb 5-1: USB disconnect, device number 31
[  416.456402][ T8870] erofs (device nullb0): cannot find valid erofs superblock
[  416.470843][ T8870] overlayfs: upper fs does not support file handles, falling back to index=off.
[  416.480004][ T8870] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  418.157645][ T5893] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  419.296293][ T5884] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  419.415118][ T5893] usb 4-1: unable to get BOS descriptor or descriptor too short
[  419.432344][ T5893] usb 4-1: too many configurations: 27, using maximum allowed: 8
[  419.472002][ T5884] usb 3-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  419.473657][ T5893] usb 4-1: unable to read config index 0 descriptor/start: -71
[  419.499328][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.516402][ T5893] usb 4-1: can't read configurations, error -71
[  419.541627][ T5884] usb 3-1: Product: syz
[  419.561978][ T5884] usb 3-1: Manufacturer: syz
[  419.601926][ T5884] usb 3-1: SerialNumber: syz
[  419.688913][   T55] Bluetooth: unknown link type 108
[  419.694942][   T55] Bluetooth: hci1: connection err: -111
[  419.774652][ T5884] usb 3-1: config 0 descriptor??
[  420.031455][   T55] Bluetooth: hci5: urb ffff8880332a2c00 submission failed (2)
[  420.109617][ T8917] FAULT_INJECTION: forcing a failure.
[  420.109617][ T8917] name failslab, interval 1, probability 0, space 0, times 0
[  420.195764][ T8917] CPU: 0 UID: 0 PID: 8917 Comm: syz.0.802 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  420.195795][ T8917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  420.195809][ T8917] Call Trace:
[  420.195817][ T8917]  <TASK>
[  420.195826][ T8917]  dump_stack_lvl+0x241/0x360
[  420.195863][ T8917]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.195890][ T8917]  ? __pfx__printk+0x10/0x10
[  420.195921][ T8917]  ? __pfx___might_resched+0x10/0x10
[  420.195959][ T8917]  should_fail_ex+0x424/0x570
[  420.195998][ T8917]  should_failslab+0xac/0x100
[  420.196020][ T8917]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  420.196041][ T8917]  ? __alloc_skb+0x1c2/0x480
[  420.196075][ T8917]  __alloc_skb+0x1c2/0x480
[  420.196108][ T8917]  ? __pfx___alloc_skb+0x10/0x10
[  420.196141][ T8917]  ? netlink_autobind+0xd6/0x2f0
[  420.196166][ T8917]  ? netlink_autobind+0x2b0/0x2f0
[  420.196197][ T8917]  netlink_sendmsg+0x638/0xcd0
[  420.196239][ T8917]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.196278][ T8917]  ? __pfx_netlink_sendmsg+0x10/0x10
[  420.196303][ T8917]  __sock_sendmsg+0x221/0x270
[  420.196330][ T8917]  ____sys_sendmsg+0x523/0x860
[  420.196359][ T8917]  ? __pfx_____sys_sendmsg+0x10/0x10
[  420.196376][ T8917]  ? __fget_files+0x2a/0x420
[  420.196401][ T8917]  ? __fget_files+0x2a/0x420
[  420.196431][ T8917]  __sys_sendmsg+0x271/0x360
[  420.196457][ T8917]  ? __pfx___sys_sendmsg+0x10/0x10
[  420.196528][ T8917]  ? do_syscall_64+0xb6/0x230
[  420.196565][ T8917]  do_syscall_64+0xf3/0x230
[  420.196587][ T8917]  ? clear_bhb_loop+0x45/0xa0
[  420.196608][ T8917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.196625][ T8917] RIP: 0033:0x7fd96478d169
[  420.196641][ T8917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.196656][ T8917] RSP: 002b:00007fd965535038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  420.196675][ T8917] RAX: ffffffffffffffda RBX: 00007fd9649a5fa0 RCX: 00007fd96478d169
[  420.196689][ T8917] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  420.196700][ T8917] RBP: 00007fd965535090 R08: 0000000000000000 R09: 0000000000000000
[  420.196711][ T8917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.196722][ T8917] R13: 0000000000000000 R14: 00007fd9649a5fa0 R15: 00007ffc8c6becb8
[  420.196749][ T8917]  </TASK>
[  420.922706][ T6413] Bluetooth: hci6: Frame reassembly failed (-84)
[  421.336453][ T5893] usb 3-1: USB disconnect, device number 10
[  422.653629][ T8938] netlink: 20 bytes leftover after parsing attributes in process `syz.2.809'.
[  422.887276][ T5847] Bluetooth: hci6: command 0x1003 tx timeout
[  422.893616][   T55] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  423.206571][   T55] Bluetooth: unknown link type 108
[  423.211772][   T55] Bluetooth: hci1: connection err: -111
[  423.573352][ T8954] erofs (device nullb0): cannot find valid erofs superblock
[  423.585846][ T8954] overlayfs: upper fs does not support file handles, falling back to index=off.
[  423.596423][ T8954] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  425.137737][ T8970] FAULT_INJECTION: forcing a failure.
[  425.137737][ T8970] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  425.201157][ T8970] CPU: 0 UID: 0 PID: 8970 Comm: syz.4.823 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  425.201187][ T8970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  425.201201][ T8970] Call Trace:
[  425.201210][ T8970]  <TASK>
[  425.201218][ T8970]  dump_stack_lvl+0x241/0x360
[  425.201256][ T8970]  ? __pfx_dump_stack_lvl+0x10/0x10
[  425.201286][ T8970]  ? __pfx__printk+0x10/0x10
[  425.201328][ T8970]  should_fail_ex+0x424/0x570
[  425.201356][ T8970]  _copy_from_user+0x2d/0xb0
[  425.201387][ T8970]  sctp_getsockopt_auth_supported+0xe3/0x620
[  425.201423][ T8970]  ? __local_bh_enable_ip+0x168/0x200
[  425.201460][ T8970]  ? __pfx_sctp_getsockopt_auth_supported+0x10/0x10
[  425.201514][ T8970]  sctp_getsockopt+0x6e5/0xbb0
[  425.201545][ T8970]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  425.201579][ T8970]  do_sock_getsockopt+0x391/0x740
[  425.201607][ T8970]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  425.201627][ T8970]  ? __fget_files+0x2a/0x420
[  425.201654][ T8970]  ? __fget_files+0x39d/0x420
[  425.201688][ T8970]  ? __fget_files+0x2a/0x420
[  425.201731][ T8970]  __x64_sys_getsockopt+0x2a3/0x370
[  425.201776][ T8970]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[  425.201818][ T8970]  ? do_syscall_64+0xb6/0x230
[  425.201844][ T8970]  do_syscall_64+0xf3/0x230
[  425.201867][ T8970]  ? clear_bhb_loop+0x45/0xa0
[  425.201890][ T8970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.201909][ T8970] RIP: 0033:0x7f67a6f8d169
[  425.201926][ T8970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.201943][ T8970] RSP: 002b:00007f67a7e4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  425.201963][ T8970] RAX: ffffffffffffffda RBX: 00007f67a71a5fa0 RCX: 00007f67a6f8d169
[  425.201978][ T8970] RDX: 0000000000000081 RSI: 0000000000000084 RDI: 0000000000000003
[  425.201989][ T8970] RBP: 00007f67a7e4e090 R08: 00002000000010c0 R09: 0000000000000000
[  425.202002][ T8970] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  425.202014][ T8970] R13: 0000000000000000 R14: 00007f67a71a5fa0 R15: 00007ffe52692c48
[  425.202044][ T8970]  </TASK>
[  427.396321][ T5886] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  427.441365][ T8989] tipc: Started in network mode
[  427.464776][ T8989] tipc: Node identity 4, cluster identity 4711
[  427.499956][ T8989] tipc: Node number set to 4
[  427.563655][ T5886] usb 4-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  428.647377][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.895187][ T5886] usb 4-1: Product: syz
[  428.926648][ T5886] usb 4-1: Manufacturer: syz
[  428.932987][ T5886] usb 4-1: SerialNumber: syz
[  428.973788][ T5886] usb 4-1: config 0 descriptor??
[  429.117094][ T9002] FAULT_INJECTION: forcing a failure.
[  429.117094][ T9002] name failslab, interval 1, probability 0, space 0, times 0
[  429.197072][ T5886] usb 4-1: can't set config #0, error -71
[  429.226932][ T5886] usb 4-1: USB disconnect, device number 14
[  429.259677][ T9002] CPU: 0 UID: 0 PID: 9002 Comm: syz.0.832 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  429.259722][ T9002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  429.259735][ T9002] Call Trace:
[  429.259743][ T9002]  <TASK>
[  429.259751][ T9002]  dump_stack_lvl+0x241/0x360
[  429.259788][ T9002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  429.259816][ T9002]  ? __pfx__printk+0x10/0x10
[  429.259848][ T9002]  ? __pfx___might_resched+0x10/0x10
[  429.259877][ T9002]  should_fail_ex+0x424/0x570
[  429.259904][ T9002]  should_failslab+0xac/0x100
[  429.259927][ T9002]  __kmalloc_noprof+0xdf/0x4d0
[  429.259948][ T9002]  ? tomoyo_encode+0x26f/0x540
[  429.259973][ T9002]  tomoyo_encode+0x26f/0x540
[  429.259995][ T9002]  ? __pfx_sockfs_dname+0x10/0x10
[  429.260024][ T9002]  tomoyo_realpath_from_path+0x59e/0x5e0
[  429.260059][ T9002]  tomoyo_path_number_perm+0x245/0x790
[  429.260092][ T9002]  ? tomoyo_path_number_perm+0x215/0x790
[  429.260124][ T9002]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  429.260160][ T9002]  ? ksys_write+0x24e/0x2d0
[  429.260216][ T9002]  ? __lock_acquire+0xad5/0xd80
[  429.260254][ T9002]  ? __fget_files+0x2a/0x420
[  429.260276][ T9002]  ? __fget_files+0x2a/0x420
[  429.260301][ T9002]  ? __fget_files+0x2a/0x420
[  429.260328][ T9002]  security_file_ioctl+0xc6/0x2a0
[  429.260358][ T9002]  __se_sys_ioctl+0x46/0x160
[  429.260388][ T9002]  do_syscall_64+0xf3/0x230
[  429.260412][ T9002]  ? clear_bhb_loop+0x45/0xa0
[  429.260435][ T9002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.260455][ T9002] RIP: 0033:0x7fd96478d169
[  429.260473][ T9002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  429.260489][ T9002] RSP: 002b:00007fd965535038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  429.260527][ T9002] RAX: ffffffffffffffda RBX: 00007fd9649a5fa0 RCX: 00007fd96478d169
[  429.260543][ T9002] RDX: 00002000000002c0 RSI: 00000000000089f1 RDI: 0000000000000003
[  429.260557][ T9002] RBP: 00007fd965535090 R08: 0000000000000000 R09: 0000000000000000
[  429.260570][ T9002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  429.260583][ T9002] R13: 0000000000000000 R14: 00007fd9649a5fa0 R15: 00007ffc8c6becb8
[  429.260617][ T9002]  </TASK>
[  429.260639][ T9002] ERROR: Out of memory at tomoyo_realpath_from_path.
[  429.559063][ T9008] erofs (device nullb0): cannot find valid erofs superblock
[  429.572725][ T9008] overlayfs: upper fs does not support file handles, falling back to index=off.
[  429.583987][ T9008] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  429.863751][ T9013] netlink: 84 bytes leftover after parsing attributes in process `syz.4.835'.
[  430.465386][  T976] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  430.663034][  T976] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  430.825027][  T976] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  431.276528][  T976] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  431.312237][  T976] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  431.380216][  T976] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  431.412684][  T976] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  431.461119][  T976] usb 1-1: Product: syz
[  431.480210][  T976] usb 1-1: Manufacturer: syz
[  432.480987][  T976] cdc_wdm 1-1:1.0: skipping garbage
[  433.475390][  T976] cdc_wdm 1-1:1.0: skipping garbage
[  434.517216][  T976] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  434.865476][  T976] cdc_wdm 1-1:1.0: Unknown control protocol
[  435.025768][  T976] usb 1-1: USB disconnect, device number 20
[  435.181803][ T9044] netlink: 136 bytes leftover after parsing attributes in process `syz.0.843'.
[  435.235063][ T9044] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  435.650027][ T9059] can0: slcan on ttyS3.
[  435.925838][ T9064] erofs (device nullb0): cannot find valid erofs superblock
[  435.994727][ T9064] overlayfs: upper fs does not support file handles, falling back to index=off.
[  436.003973][ T9064] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  436.042693][ T5884] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  436.428784][ T9059] can0 (unregistered): slcan off ttyS3.
[  436.447197][ T5884] usb 4-1: device descriptor read/64, error -71
[  436.716342][ T5884] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  436.996375][ T5884] usb 4-1: device descriptor read/64, error -71
[  437.146088][ T5884] usb usb4-port1: attempt power cycle
[  437.673291][    T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  437.698265][ T9087] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.738405][ T9088] Cannot find del_set index 0 as target
[  437.783230][ T9087] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.831853][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  437.851190][ T9087] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.880020][    T9] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 536
[  437.902828][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  437.930833][ T9087] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.968594][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.979125][    T9] usb 1-1: Product: syz
[  437.983409][    T9] usb 1-1: Manufacturer: syz
[  438.005030][    T9] usb 1-1: SerialNumber: syz
[  438.051873][ T9087] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  438.066724][ T9087] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  438.076396][ T5884] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  438.086772][ T9087] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  438.101778][ T9087] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  438.224028][ T5884] usb 4-1: device descriptor read/8, error -71
[  439.246568][ T9070] syz_tun: entered allmulticast mode
[  439.323504][ T9069] syz_tun: left allmulticast mode
[  439.392123][    T9] cdc_ncm 1-1:1.0: bind() failure
[  439.417076][    T9] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  439.426919][    T9] cdc_ncm 1-1:1.1: bind() failure
[  439.580194][    T9] usb 1-1: USB disconnect, device number 21
[  440.090416][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  440.096941][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  441.622319][ T9120] netlink: 76 bytes leftover after parsing attributes in process `syz.4.864'.
[  442.716819][ T9137] erofs (device nullb0): cannot find valid erofs superblock
[  442.730806][ T9137] overlayfs: upper fs does not support file handles, falling back to index=off.
[  442.740166][ T9137] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  444.007949][ T9147] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.105118][ T9147] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.238950][ T9147] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.337750][ T9147] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.406320][ T5921] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  444.669027][ T9147] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  444.682923][ T9147] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  444.696771][ T9147] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  444.710338][ T9147] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  445.117779][ T5921] usb 1-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  445.266825][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.275430][ T5921] usb 1-1: Product: syz
[  445.279978][ T5921] usb 1-1: Manufacturer: syz
[  445.284703][ T5921] usb 1-1: SerialNumber: syz
[  445.301706][ T5921] usb 1-1: config 0 descriptor??
[  446.155687][ T9166] tipc: Started in network mode
[  446.187270][ T9166] tipc: Node identity 4, cluster identity 4711
[  446.203690][ T9166] tipc: Node number set to 4
[  449.586562][ T9194] netlink: 8 bytes leftover after parsing attributes in process `syz.4.882'.
[  449.726530][ T5921] usb 1-1: can't set config #0, error -71
[  449.737619][ T5921] usb 1-1: USB disconnect, device number 22
[  450.699691][ T9204] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  450.745030][ T9204] xt_NFQUEUE: number of total queues is 0
[  452.948447][ T9227] erofs (device nullb0): cannot find valid erofs superblock
[  452.960637][ T9227] overlayfs: upper fs does not support file handles, falling back to index=off.
[  452.969786][ T9227] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  456.081206][ T9247] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  456.293987][ T9247] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  456.835271][ T9247] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  457.076934][ T9247] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  457.765083][ T9247] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  457.781490][ T9247] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  457.795762][ T9247] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  457.809799][ T9247] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  458.083969][ T9261] can0: slcan on ttyS3.
[  458.152868][ T9266] Cannot find del_set index 286 as target
[  458.402541][ T9263] can0 (unregistered): slcan off ttyS3.
[  458.705897][ T9266] can0: slcan on ttyS3.
[  459.802460][ T9264] can0 (unregistered): slcan off ttyS3.
[  461.432167][ T9305] erofs (device nullb0): cannot find valid erofs superblock
[  461.444210][ T9305] overlayfs: upper fs does not support file handles, falling back to index=off.
[  461.453407][ T9305] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  461.914062][   T55] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  461.923872][ T9312] can0: slcan on ttyS3.
[  461.958254][   T55] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  462.010190][ T9312] can0 (unregistered): slcan off ttyS3.
[  464.224451][ T9346] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  464.903043][ T9346] xt_NFQUEUE: number of total queues is 0
[  466.189014][ T9357] Cannot find add_set index 0 as target
[  466.293470][ T9366] Cannot find del_set index 0 as target
[  466.394339][ T9367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.920'.
[  466.581251][ T9374] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  466.620664][ T9374] xt_NFQUEUE: number of total queues is 0
[  468.169911][ T9381] erofs (device nullb0): cannot find valid erofs superblock
[  468.183586][ T9381] overlayfs: upper fs does not support file handles, falling back to index=off.
[  468.192683][ T9381] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  472.288021][ T9417] FAULT_INJECTION: forcing a failure.
[  472.288021][ T9417] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  472.297569][ T9414] Cannot find del_set index 286 as target
[  472.306535][ T9417] CPU: 1 UID: 0 PID: 9417 Comm: syz.0.932 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  472.306562][ T9417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  472.306575][ T9417] Call Trace:
[  472.306583][ T9417]  <TASK>
[  472.306590][ T9417]  dump_stack_lvl+0x241/0x360
[  472.306627][ T9417]  ? __pfx_dump_stack_lvl+0x10/0x10
[  472.306653][ T9417]  ? __pfx__printk+0x10/0x10
[  472.306692][ T9417]  should_fail_ex+0x424/0x570
[  472.306718][ T9417]  _copy_from_user+0x2d/0xb0
[  472.306746][ T9417]  input_event_from_user+0x211/0x510
[  472.306773][ T9417]  ? __pfx_input_event_from_user+0x10/0x10
[  472.306798][ T9417]  ? input_inject_event+0xd9/0x360
[  472.306829][ T9417]  evdev_write+0x4c4/0x7d0
[  472.306856][ T9417]  ? __pfx_evdev_write+0x10/0x10
[  472.306877][ T9417]  ? bpf_lsm_file_permission+0x9/0x10
[  472.306898][ T9417]  ? rw_verify_area+0x246/0x630
[  472.306924][ T9417]  ? __pfx_evdev_write+0x10/0x10
[  472.306944][ T9417]  vfs_write+0x2bc/0xd10
[  472.306981][ T9417]  ? __pfx_vfs_write+0x10/0x10
[  472.307008][ T9417]  ? __fget_files+0x2a/0x420
[  472.307029][ T9417]  ? __fget_files+0x2a/0x420
[  472.307051][ T9417]  ? __fget_files+0x39d/0x420
[  472.307070][ T9417]  ? __fget_files+0x2a/0x420
[  472.307097][ T9417]  ksys_write+0x19d/0x2d0
[  472.307124][ T9417]  ? __pfx_ksys_write+0x10/0x10
[  472.307154][ T9417]  ? do_syscall_64+0xb6/0x230
[  472.307180][ T9417]  do_syscall_64+0xf3/0x230
[  472.307203][ T9417]  ? clear_bhb_loop+0x45/0xa0
[  472.307227][ T9417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.307247][ T9417] RIP: 0033:0x7fd96478d169
[  472.307272][ T9417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.307291][ T9417] RSP: 002b:00007fd965535038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  472.307312][ T9417] RAX: ffffffffffffffda RBX: 00007fd9649a5fa0 RCX: 00007fd96478d169
[  472.307326][ T9417] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000005
[  472.307339][ T9417] RBP: 00007fd965535090 R08: 0000000000000000 R09: 0000000000000000
[  472.307351][ T9417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  472.307362][ T9417] R13: 0000000000000000 R14: 00007fd9649a5fa0 R15: 00007ffc8c6becb8
[  472.307392][ T9417]  </TASK>
[  472.721199][ T9424] netlink: 8 bytes leftover after parsing attributes in process `syz.2.934'.
[  476.824982][ T9450] netlink: 8 bytes leftover after parsing attributes in process `syz.4.944'.
[  477.687167][ T9458] Cannot find del_set index 286 as target
[  478.319626][ T9469] erofs (device nullb0): cannot find valid erofs superblock
[  478.462028][ T9469] overlayfs: upper fs does not support file handles, falling back to index=off.
[  478.471989][ T9469] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  478.900383][  T976] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  479.559028][  T976] usb 5-1: Using ep0 maxpacket: 8
[  479.945024][  T976] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  479.954229][ T9475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.951'.
[  479.964156][  T976] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  479.974041][  T976] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  480.000530][  T976] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  480.084029][  T976] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  480.308250][  T976] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  480.334587][  T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.587777][  T976] usb 5-1: usb_control_msg returned -32
[  480.608843][  T976] usbtmc 5-1:16.0: can't read capabilities
[  480.642107][  T976] usb 5-1: USB disconnect, device number 32
[  480.686322][ T5885] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  480.695311][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.3.955'.
[  480.704711][ T9489] netlink: 4 bytes leftover after parsing attributes in process `syz.3.955'.
[  480.714681][ T9489] netlink: 46 bytes leftover after parsing attributes in process `syz.3.955'.
[  481.412721][ T9499] overlayfs: failed to resolve './file0': -2
[  481.507648][ T9501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.956'.
[  481.719514][ T9507] Cannot find add_set index 0 as target
[  481.796011][ T9510] Cannot find del_set index 0 as target
[  482.021606][ T5885] usb 2-1: unable to get BOS descriptor or descriptor too short
[  482.034060][ T5885] usb 2-1: too many configurations: 27, using maximum allowed: 8
[  482.053421][ T5885] usb 2-1: unable to read config index 0 descriptor/start: -71
[  482.160684][ T5885] usb 2-1: can't read configurations, error -71
[  483.277112][ T9531] netlink: 8 bytes leftover after parsing attributes in process `syz.3.967'.
[  483.285951][ T9531] netlink: 4 bytes leftover after parsing attributes in process `syz.3.967'.
[  483.416950][ T9531] netlink: 46 bytes leftover after parsing attributes in process `syz.3.967'.
[  483.965118][ T9537] netlink: 452 bytes leftover after parsing attributes in process `syz.4.968'.
[  484.033846][ T9544] erofs (device nullb0): cannot find valid erofs superblock
[  484.045724][ T9544] overlayfs: upper fs does not support file handles, falling back to index=off.
[  484.056918][ T9544] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  484.174932][ T9547] FAULT_INJECTION: forcing a failure.
[  484.174932][ T9547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  484.188359][ T9547] CPU: 1 UID: 0 PID: 9547 Comm: syz.3.971 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  484.188381][ T9547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  484.188393][ T9547] Call Trace:
[  484.188400][ T9547]  <TASK>
[  484.188407][ T9547]  dump_stack_lvl+0x241/0x360
[  484.188437][ T9547]  ? __pfx_dump_stack_lvl+0x10/0x10
[  484.188459][ T9547]  ? __pfx__printk+0x10/0x10
[  484.188490][ T9547]  should_fail_ex+0x424/0x570
[  484.188510][ T9547]  _copy_from_user+0x2d/0xb0
[  484.188534][ T9547]  mptcp_get_subflow_data+0xa1/0x240
[  484.188560][ T9547]  mptcp_getsockopt+0x337/0x22f0
[  484.188592][ T9547]  ? __pfx_process_measurement+0x10/0x10
[  484.188617][ T9547]  ? __pfx_mptcp_getsockopt+0x10/0x10
[  484.188638][ T9547]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  484.188659][ T9547]  ? smk_access+0x4ab/0x4e0
[  484.188685][ T9547]  ? __lock_acquire+0xad5/0xd80
[  484.188706][ T9547]  ? __lock_acquire+0xad5/0xd80
[  484.188723][ T9547]  ? __lock_acquire+0xad5/0xd80
[  484.188753][ T9547]  ? is_bpf_text_address+0x26/0x2a0
[  484.188772][ T9547]  ? 0xffffffffa000095c
[  484.188787][ T9547]  ? is_bpf_text_address+0x288/0x2a0
[  484.188801][ T9547]  ? is_bpf_text_address+0x26/0x2a0
[  484.188818][ T9547]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  484.188841][ T9547]  ? kernel_text_address+0xa7/0xe0
[  484.188864][ T9547]  ? __kernel_text_address+0xd/0x40
[  484.188896][ T9547]  ? _parse_integer_limit+0x1b4/0x200
[  484.188919][ T9547]  ? kstrtoull+0x1d3/0x2f0
[  484.188937][ T9547]  ? __pfx_kstrtoull+0x10/0x10
[  484.188965][ T9547]  ? kstrtouint+0xfc/0x190
[  484.188988][ T9547]  ? __lock_acquire+0xad5/0xd80
[  484.189022][ T9547]  ? __lock_acquire+0xad5/0xd80
[  484.189059][ T9547]  ? sock_common_getsockopt+0x2e/0xb0
[  484.189079][ T9547]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  484.189103][ T9547]  do_sock_getsockopt+0x391/0x740
[  484.189124][ T9547]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  484.189139][ T9547]  ? __fget_files+0x2a/0x420
[  484.189158][ T9547]  ? __fget_files+0x39d/0x420
[  484.189174][ T9547]  ? __fget_files+0x2a/0x420
[  484.189197][ T9547]  __x64_sys_getsockopt+0x2a3/0x370
[  484.189220][ T9547]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[  484.189245][ T9547]  ? do_syscall_64+0xb6/0x230
[  484.189266][ T9547]  do_syscall_64+0xf3/0x230
[  484.189284][ T9547]  ? clear_bhb_loop+0x45/0xa0
[  484.189303][ T9547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.189318][ T9547] RIP: 0033:0x7f9d82d8d169
[  484.189332][ T9547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  484.189345][ T9547] RSP: 002b:00007f9d83b36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  484.189363][ T9547] RAX: ffffffffffffffda RBX: 00007f9d82fa5fa0 RCX: 00007f9d82d8d169
[  484.189375][ T9547] RDX: 0000000000000002 RSI: 000000000000011c RDI: 0000000000000003
[  484.189384][ T9547] RBP: 00007f9d83b36090 R08: 0000200000000080 R09: 0000000000000000
[  484.189394][ T9547] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  484.189404][ T9547] R13: 0000000000000000 R14: 00007f9d82fa5fa0 R15: 00007ffe85742e78
[  484.189429][ T9547]  </TASK>
[  484.496075][ T9543] erofs (device nullb0): cannot find valid erofs superblock
[  484.509072][ T9543] overlayfs: upper fs does not support file handles, falling back to index=off.
[  484.518145][ T9543] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  485.278705][ T9558] overlayfs: failed to resolve './file0': -2
[  485.427721][ T5884] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  486.716484][ T5884] usb 1-1: Using ep0 maxpacket: 8
[  486.730787][ T5884] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  486.739592][ T5884] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  486.750286][ T5884] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  486.964407][ T5884] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  486.979549][ T5884] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  487.776359][ T5884] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  487.791535][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.755797][ T5884] usb 1-1: can't set config #16, error -71
[  488.764144][ T5884] usb 1-1: USB disconnect, device number 23
[  489.540027][ T9596] erofs (device nullb0): cannot find valid erofs superblock
[  489.552101][ T9596] overlayfs: upper fs does not support file handles, falling back to index=off.
[  489.561282][ T9596] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  490.690655][ T9614] FAULT_INJECTION: forcing a failure.
[  490.690655][ T9614] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  490.704243][ T9614] CPU: 0 UID: 0 PID: 9614 Comm: syz.2.990 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  490.704266][ T9614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  490.704278][ T9614] Call Trace:
[  490.704285][ T9614]  <TASK>
[  490.704292][ T9614]  dump_stack_lvl+0x241/0x360
[  490.704325][ T9614]  ? __pfx_dump_stack_lvl+0x10/0x10
[  490.704358][ T9614]  ? __pfx__printk+0x10/0x10
[  490.704393][ T9614]  should_fail_ex+0x424/0x570
[  490.704418][ T9614]  _copy_to_user+0x31/0xb0
[  490.704447][ T9614]  simple_read_from_buffer+0xc4/0x170
[  490.704470][ T9614]  proc_fail_nth_read+0x1ef/0x260
[  490.704497][ T9614]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  490.704523][ T9614]  ? rw_verify_area+0x246/0x630
[  490.704546][ T9614]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  490.704571][ T9614]  vfs_read+0x21f/0xb90
[  490.704600][ T9614]  ? __pfx___mutex_lock+0x10/0x10
[  490.704623][ T9614]  ? __pfx_vfs_read+0x10/0x10
[  490.704651][ T9614]  ? __fget_files+0x2a/0x420
[  490.704673][ T9614]  ? __fget_files+0x39d/0x420
[  490.704692][ T9614]  ? __fget_files+0x2a/0x420
[  490.704721][ T9614]  ksys_read+0x19d/0x2d0
[  490.704748][ T9614]  ? __pfx_ksys_read+0x10/0x10
[  490.704778][ T9614]  ? do_syscall_64+0xb6/0x230
[  490.704803][ T9614]  do_syscall_64+0xf3/0x230
[  490.704824][ T9614]  ? clear_bhb_loop+0x45/0xa0
[  490.704846][ T9614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.704864][ T9614] RIP: 0033:0x7fe43a18bb7c
[  490.704880][ T9614] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  490.704895][ T9614] RSP: 002b:00007fe43af82030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  490.704914][ T9614] RAX: ffffffffffffffda RBX: 00007fe43a3a5fa0 RCX: 00007fe43a18bb7c
[  490.704927][ T9614] RDX: 000000000000000f RSI: 00007fe43af820a0 RDI: 0000000000000003
[  490.704956][ T9614] RBP: 00007fe43af82090 R08: 0000000000000000 R09: 0000000000000000
[  490.704967][ T9614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  490.704979][ T9614] R13: 0000000000000000 R14: 00007fe43a3a5fa0 R15: 00007fffc480f268
[  490.705007][ T9614]  </TASK>
[  490.913667][    C0] vkms_vblank_simulate: vblank timer overrun
[  491.035714][ T9617] overlayfs: failed to resolve './file0': -2
[  492.206315][ T5921] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  492.356451][ T5921] usb 3-1: Using ep0 maxpacket: 8
[  492.383344][ T5921] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  492.413568][ T5921] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  492.480466][ T5921] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  492.726390][ T5921] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  492.760096][ T5921] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  493.019277][ T5921] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  493.229110][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.681499][ T9636] netlink: 8 bytes leftover after parsing attributes in process `syz.0.992'.
[  493.690401][ T9636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.992'.
[  493.699240][ T9636] netlink: 'syz.0.992': attribute type 14 has an invalid length.
[  494.129729][ T5921] usb 3-1: GET_CAPABILITIES returned 0
[  494.186342][ T5921] usbtmc 3-1:16.0: can't read capabilities
[  494.298909][ T9640] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  495.250615][ T9648] can0: slcan on ttyS3.
[  495.546744][ T9648] can0 (unregistered): slcan off ttyS3.
[  495.560339][ T9655] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1001'.
[  495.746787][ T9655] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1001'.
[  495.916124][ T9655] netlink: 46 bytes leftover after parsing attributes in process `syz.1.1001'.
[  496.566711][ T9667] fuse: Bad value for 'fd'
[  496.571498][ T9667] fuse: Bad value for 'fd'
[  496.667171][ T5882] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  496.882035][ T9670] overlayfs: failed to resolve './file0': -2
[  496.926285][ T5884] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  496.948001][ T5882] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  496.958988][ T5882] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  496.970877][ T5882] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  496.980642][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.989036][ T5882] usb 5-1: Product: syz
[  496.993836][ T5882] usb 5-1: Manufacturer: syz
[  497.012403][ T5882] usb 5-1: SerialNumber: syz
[  497.076361][ T5884] usb 4-1: Using ep0 maxpacket: 8
[  497.084802][ T5884] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  497.101910][ T5884] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  497.112620][ T5884] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  497.140641][ T5884] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  497.175400][ T5884] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=9e.7e
[  497.190912][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.200729][ T5884] usb 4-1: Product: syz
[  497.205074][ T5884] usb 4-1: Manufacturer: syz
[  497.215323][ T5884] usb 4-1: SerialNumber: syz
[  497.243126][ T5884] usb 4-1: config 0 descriptor??
[  497.255213][ T9660] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1002'.
[  497.275214][ T9660] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1002'.
[  497.290698][ T9660] syz.4.1002: attempt to access beyond end of device
[  497.290698][ T9660] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0
[  497.304604][ T9660] MINIX-fs: unable to read superblock
[  497.558366][ T5882] usb 5-1: 0:2 : does not exist
[  497.567644][ T5884] usbtest 4-1:0.0: couldn't get endpoints, -22
[  497.584310][ T5884] usbtest 4-1:0.0: probe with driver usbtest failed with error -22
[  497.608297][ T5882] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  498.340714][ T9642] delete_channel: no stack
[  498.626327][ T5884] usb 4-1: USB disconnect, device number 19
[  499.447711][ T9619] usbtmc 3-1:16.0: usb_control_msg returned -110
[  499.597231][  T976] usb 3-1: USB disconnect, device number 11
[  499.607073][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  499.607087][   T30] audit: type=1326 audit(2000000314.510:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d82d8d169 code=0x7ffc0000
[  499.613235][ T5882] usb 5-1: USB disconnect, device number 33
[  500.010126][   T30] audit: type=1326 audit(2000000314.510:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f9d82d8d169 code=0x7ffc0000
[  500.409033][   T30] audit: type=1326 audit(2000000314.510:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d82d8d169 code=0x7ffc0000
[  500.594099][   T30] audit: type=1326 audit(2000000314.510:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f9d82d8d169 code=0x7ffc0000
[  501.385849][   T30] audit: type=1326 audit(2000000314.640:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9d82d29359 code=0x7ffc0000
[  501.506273][   T30] audit: type=1326 audit(2000000314.640:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9d82d29359 code=0x7ffc0000
[  501.537057][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.543370][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  501.569024][   T30] audit: type=1326 audit(2000000314.640:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9d82d29359 code=0x7ffc0000
[  501.797886][   T30] audit: type=1326 audit(2000000314.640:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9d82d29359 code=0x7ffc0000
[  501.828162][   T30] audit: type=1326 audit(2000000314.640:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9d82d29359 code=0x7ffc0000
[  502.257576][ T9703] (unnamed net_device) (uninitialized): peer notification delay (3) is not a multiple of miimon (9), value rounded to 0 ms
[  502.490440][ T9703] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  502.654100][   T30] audit: type=1326 audit(2000000314.640:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9684 comm="syz.3.1011" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9d82d29359 code=0x7ffc0000
[  506.354895][ T9745] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.554328][ T9745] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.668250][ T9745] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.687594][ T9751] erofs (device nullb0): cannot find valid erofs superblock
[  506.699518][ T9751] overlayfs: upper fs does not support file handles, falling back to index=off.
[  506.708641][ T9751] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  506.772425][ T5886] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  506.800204][ T9745] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  506.946302][ T5886] usb 4-1: Using ep0 maxpacket: 8
[  506.961240][ T5886] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  506.994625][ T5886] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  507.025633][ T5886] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  507.062741][ T5886] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  507.100600][ T5886] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  507.148446][ T5886] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  507.178520][ T9745] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  507.200285][ T9745] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  507.218243][ T9745] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  507.236741][ T9745] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  507.358016][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.803884][ T5886] usb 4-1: can't set config #16, error -71
[  508.805662][ T9759] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.826504][ T5886] usb 4-1: USB disconnect, device number 20
[  508.968225][ T9758] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  508.974756][ T9758] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  508.981357][ T9758] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  508.987733][ T9758] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  508.994909][ T9758] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  509.001305][ T9758] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  509.007800][ T9758] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  509.014143][ T9758] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  509.020829][ T9758] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  509.027240][ T9758] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  509.208760][ T9759] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.663876][ T9768] FAULT_INJECTION: forcing a failure.
[  509.663876][ T9768] name failslab, interval 1, probability 0, space 0, times 0
[  509.677828][ T9759] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.236436][ T9768] CPU: 1 UID: 0 PID: 9768 Comm: syz.1.1030 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  510.236465][ T9768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  510.236475][ T9768] Call Trace:
[  510.236482][ T9768]  <TASK>
[  510.236488][ T9768]  dump_stack_lvl+0x241/0x360
[  510.236523][ T9768]  ? __pfx_dump_stack_lvl+0x10/0x10
[  510.236544][ T9768]  ? __pfx__printk+0x10/0x10
[  510.236568][ T9768]  ? __pfx___might_resched+0x10/0x10
[  510.236590][ T9768]  should_fail_ex+0x424/0x570
[  510.236609][ T9768]  should_failslab+0xac/0x100
[  510.236626][ T9768]  __kmalloc_noprof+0xdf/0x4d0
[  510.236641][ T9768]  ? rds_info_getsockopt+0x201/0x620
[  510.236664][ T9768]  rds_info_getsockopt+0x201/0x620
[  510.236689][ T9768]  ? __pfx_rds_info_getsockopt+0x10/0x10
[  510.236710][ T9768]  ? __might_fault+0xaa/0x120
[  510.236730][ T9768]  ? rds_getsockopt+0x2d3/0x530
[  510.236745][ T9768]  ? __pfx_rds_getsockopt+0x10/0x10
[  510.236762][ T9768]  do_sock_getsockopt+0x391/0x740
[  510.236784][ T9768]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  510.236798][ T9768]  ? __fget_files+0x2a/0x420
[  510.236816][ T9768]  ? __fget_files+0x39d/0x420
[  510.236832][ T9768]  ? __fget_files+0x2a/0x420
[  510.236855][ T9768]  __x64_sys_getsockopt+0x2a3/0x370
[  510.236876][ T9768]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[  510.236896][ T9768]  ? do_syscall_64+0xb6/0x230
[  510.236917][ T9768]  do_syscall_64+0xf3/0x230
[  510.236935][ T9768]  ? clear_bhb_loop+0x45/0xa0
[  510.236953][ T9768]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.236967][ T9768] RIP: 0033:0x7fd67878d169
[  510.236981][ T9768] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  510.236994][ T9768] RSP: 002b:00007fd6796c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  510.237010][ T9768] RAX: ffffffffffffffda RBX: 00007fd6789a5fa0 RCX: 00007fd67878d169
[  510.237022][ T9768] RDX: 000000000000271b RSI: 0000200000000114 RDI: 0000000000000003
[  510.237031][ T9768] RBP: 00007fd6796c3090 R08: 0000200000000000 R09: 0000000000000000
[  510.237041][ T9768] R10: 0000200000019580 R11: 0000000000000246 R12: 0000000000000001
[  510.237050][ T9768] R13: 0000000000000000 R14: 00007fd6789a5fa0 R15: 00007fff227402c8
[  510.237073][ T9768]  </TASK>
[  510.770956][ T9777] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  510.797302][ T9777] xt_NFQUEUE: number of total queues is 0
[  511.515143][ T9759] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.736080][ T9759] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  511.753845][ T9759] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  511.771159][ T9759] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  511.789149][ T9759] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  513.198991][ T9798] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1037'.
[  513.275605][ T9798] usb usb1: usbfs: process 9798 (syz.0.1037) did not claim interface 0 before use
[  517.817094][   T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  517.956939][  T976] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  518.582184][   T10] usb 3-1: Using ep0 maxpacket: 32
[  518.602565][   T10] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  518.647417][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.091991][   T10] usb 3-1: config 0 descriptor??
[  519.122118][   T10] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  519.195485][ T9831] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  519.238696][ T9831] xt_NFQUEUE: number of total queues is 0
[  520.152609][ T9839] netlink: 'syz.3.1049': attribute type 10 has an invalid length.
[  521.190877][  T976] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  521.419575][   T10] gspca_vc032x: reg_w err -110
[  521.452568][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  521.497835][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  521.967581][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  521.972919][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  521.978254][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  521.983550][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  521.988981][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  521.994276][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  521.999621][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.004911][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.010951][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.016983][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.022296][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.027713][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.033005][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.038326][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.046102][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.099742][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  522.105067][   T10] gspca_vc032x: Unknown sensor...
[  522.143498][ T5847] Bluetooth: hci4: command 0x0406 tx timeout
[  522.193252][ T9839] team0: Port device wlan1 added
[  522.206057][   T10] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[  522.246767][   T10] usb 3-1: USB disconnect, device number 12
[  523.585969][  T976] usb 5-1: Using ep0 maxpacket: 8
[  523.648635][   T13] Bluetooth: hci5: Frame reassembly failed (-84)
[  523.696910][   T10] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  524.394772][ T5847] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  524.407064][   T10] usb 3-1: no configurations
[  524.411714][   T10] usb 3-1: can't read configurations, error -22
[  524.422122][ T5847] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  524.622600][   T10] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  524.969561][   T10] usb 3-1: no configurations
[  524.974210][   T10] usb 3-1: can't read configurations, error -22
[  525.032674][   T10] usb usb3-port1: attempt power cycle
[  525.399867][ T9878] FAULT_INJECTION: forcing a failure.
[  525.399867][ T9878] name failslab, interval 1, probability 0, space 0, times 0
[  525.422292][ T9878] CPU: 0 UID: 0 PID: 9878 Comm: syz.2.1060 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  525.422318][ T9878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  525.422331][ T9878] Call Trace:
[  525.422338][ T9878]  <TASK>
[  525.422346][ T9878]  dump_stack_lvl+0x241/0x360
[  525.422380][ T9878]  ? __pfx_dump_stack_lvl+0x10/0x10
[  525.422406][ T9878]  ? __pfx__printk+0x10/0x10
[  525.422434][ T9878]  ? __pfx___might_resched+0x10/0x10
[  525.422461][ T9878]  should_fail_ex+0x424/0x570
[  525.422489][ T9878]  should_failslab+0xac/0x100
[  525.422509][ T9878]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  525.422530][ T9878]  ? __alloc_skb+0x1c2/0x480
[  525.422561][ T9878]  __alloc_skb+0x1c2/0x480
[  525.422594][ T9878]  ? __pfx___alloc_skb+0x10/0x10
[  525.422625][ T9878]  ? netlink_autobind+0xd6/0x2f0
[  525.422651][ T9878]  ? netlink_autobind+0x2b0/0x2f0
[  525.422691][ T9878]  netlink_sendmsg+0x638/0xcd0
[  525.422725][ T9878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  525.422760][ T9878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  525.422781][ T9878]  __sock_sendmsg+0x221/0x270
[  525.422805][ T9878]  ____sys_sendmsg+0x523/0x860
[  525.422831][ T9878]  ? __pfx_____sys_sendmsg+0x10/0x10
[  525.422848][ T9878]  ? __fget_files+0x2a/0x420
[  525.422871][ T9878]  ? __fget_files+0x2a/0x420
[  525.422900][ T9878]  __sys_sendmsg+0x271/0x360
[  525.422923][ T9878]  ? __pfx___sys_sendmsg+0x10/0x10
[  525.422996][ T9878]  ? do_syscall_64+0xb6/0x230
[  525.423020][ T9878]  do_syscall_64+0xf3/0x230
[  525.423042][ T9878]  ? clear_bhb_loop+0x45/0xa0
[  525.423064][ T9878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.423081][ T9878] RIP: 0033:0x7fe43a18d169
[  525.423096][ T9878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  525.423111][ T9878] RSP: 002b:00007fe43af82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  525.423130][ T9878] RAX: ffffffffffffffda RBX: 00007fe43a3a5fa0 RCX: 00007fe43a18d169
[  525.423143][ T9878] RDX: 0000000024000800 RSI: 0000200000000140 RDI: 0000000000000004
[  525.423154][ T9878] RBP: 00007fe43af82090 R08: 0000000000000000 R09: 0000000000000000
[  525.423165][ T9878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  525.423176][ T9878] R13: 0000000000000000 R14: 00007fe43a3a5fa0 R15: 00007fffc480f268
[  525.423204][ T9878]  </TASK>
[  525.686725][ T5847] Bluetooth: hci5: command 0x1003 tx timeout
[  525.693961][   T55] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  526.175609][  T976] usb 5-1: device descriptor read/all, error -71
[  526.486472][   T55] Bluetooth: hci0: command 0x0406 tx timeout
[  527.861798][   T55] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  528.391302][ T9899] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  528.392597][   T55] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  528.419514][ T9899] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  528.459852][ T9899] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  528.470063][ T9899] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  528.489481][ T9909] FAULT_INJECTION: forcing a failure.
[  528.489481][ T9909] name failslab, interval 1, probability 0, space 0, times 0
[  528.519468][ T9911] FAULT_INJECTION: forcing a failure.
[  528.519468][ T9911] name failslab, interval 1, probability 0, space 0, times 0
[  528.532907][ T9911] CPU: 1 UID: 0 PID: 9911 Comm: syz.2.1072 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  528.532933][ T9911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  528.532946][ T9911] Call Trace:
[  528.532954][ T9911]  <TASK>
[  528.532962][ T9911]  dump_stack_lvl+0x241/0x360
[  528.532997][ T9911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  528.533026][ T9911]  ? __pfx__printk+0x10/0x10
[  528.533056][ T9911]  ? __pfx___might_resched+0x10/0x10
[  528.533085][ T9911]  should_fail_ex+0x424/0x570
[  528.533110][ T9911]  should_failslab+0xac/0x100
[  528.533132][ T9911]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  528.533154][ T9911]  ? __alloc_skb+0x1c2/0x480
[  528.533189][ T9911]  __alloc_skb+0x1c2/0x480
[  528.533226][ T9911]  ? __pfx___alloc_skb+0x10/0x10
[  528.533259][ T9911]  ? netlink_autobind+0xd6/0x2f0
[  528.533287][ T9911]  ? netlink_autobind+0x2b0/0x2f0
[  528.533320][ T9911]  netlink_sendmsg+0x638/0xcd0
[  528.533361][ T9911]  ? __pfx_netlink_sendmsg+0x10/0x10
[  528.533403][ T9911]  ? __pfx_netlink_sendmsg+0x10/0x10
[  528.533428][ T9911]  __sock_sendmsg+0x221/0x270
[  528.533458][ T9911]  ____sys_sendmsg+0x523/0x860
[  528.533488][ T9911]  ? __pfx_____sys_sendmsg+0x10/0x10
[  528.533507][ T9911]  ? __fget_files+0x2a/0x420
[  528.533533][ T9911]  ? __fget_files+0x2a/0x420
[  528.533566][ T9911]  __sys_sendmsg+0x271/0x360
[  528.533593][ T9911]  ? __pfx___sys_sendmsg+0x10/0x10
[  528.533668][ T9911]  ? do_syscall_64+0xb6/0x230
[  528.533697][ T9911]  do_syscall_64+0xf3/0x230
[  528.533720][ T9911]  ? clear_bhb_loop+0x45/0xa0
[  528.533744][ T9911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.533773][ T9911] RIP: 0033:0x7fe43a18d169
[  528.533790][ T9911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  528.533807][ T9911] RSP: 002b:00007fe43af82038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  528.533828][ T9911] RAX: ffffffffffffffda RBX: 00007fe43a3a5fa0 RCX: 00007fe43a18d169
[  528.533844][ T9911] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000003
[  528.533856][ T9911] RBP: 00007fe43af82090 R08: 0000000000000000 R09: 0000000000000000
[  528.533868][ T9911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.533880][ T9911] R13: 0000000000000000 R14: 00007fe43a3a5fa0 R15: 00007fffc480f268
[  528.533912][ T9911]  </TASK>
[  528.792086][ T9909] CPU: 0 UID: 0 PID: 9909 Comm: syz.1.1070 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  528.792113][ T9909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  528.792125][ T9909] Call Trace:
[  528.792133][ T9909]  <TASK>
[  528.792140][ T9909]  dump_stack_lvl+0x241/0x360
[  528.792172][ T9909]  ? __pfx_dump_stack_lvl+0x10/0x10
[  528.792197][ T9909]  ? __pfx__printk+0x10/0x10
[  528.792224][ T9909]  ? __pfx___might_resched+0x10/0x10
[  528.792250][ T9909]  should_fail_ex+0x424/0x570
[  528.792272][ T9909]  should_failslab+0xac/0x100
[  528.792292][ T9909]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  528.792312][ T9909]  ? __alloc_skb+0x1c2/0x480
[  528.792343][ T9909]  __alloc_skb+0x1c2/0x480
[  528.792375][ T9909]  ? __pfx___alloc_skb+0x10/0x10
[  528.792404][ T9909]  ? netlink_autobind+0xd6/0x2f0
[  528.792429][ T9909]  ? netlink_autobind+0x2b0/0x2f0
[  528.792458][ T9909]  netlink_sendmsg+0x638/0xcd0
[  528.792495][ T9909]  ? __pfx_netlink_sendmsg+0x10/0x10
[  528.792532][ T9909]  ? __pfx_netlink_sendmsg+0x10/0x10
[  528.792555][ T9909]  __sock_sendmsg+0x221/0x270
[  528.792581][ T9909]  ____sys_sendmsg+0x523/0x860
[  528.792608][ T9909]  ? __pfx_____sys_sendmsg+0x10/0x10
[  528.792624][ T9909]  ? __fget_files+0x2a/0x420
[  528.792648][ T9909]  ? __fget_files+0x2a/0x420
[  528.792676][ T9909]  __sys_sendmsg+0x271/0x360
[  528.792700][ T9909]  ? __pfx___sys_sendmsg+0x10/0x10
[  528.792767][ T9909]  ? do_syscall_64+0xb6/0x230
[  528.792792][ T9909]  do_syscall_64+0xf3/0x230
[  528.792813][ T9909]  ? clear_bhb_loop+0x45/0xa0
[  528.792834][ T9909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.792852][ T9909] RIP: 0033:0x7fd67878d169
[  528.792868][ T9909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  528.792883][ T9909] RSP: 002b:00007fd6796c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  528.792902][ T9909] RAX: ffffffffffffffda RBX: 00007fd6789a5fa0 RCX: 00007fd67878d169
[  528.792916][ T9909] RDX: 0000000000000080 RSI: 00002000000005c0 RDI: 0000000000000003
[  528.792927][ T9909] RBP: 00007fd6796c3090 R08: 0000000000000000 R09: 0000000000000000
[  528.792939][ T9909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.792949][ T9909] R13: 0000000000000000 R14: 00007fd6789a5fa0 R15: 00007fff227402c8
[  528.792982][ T9909]  </TASK>
[  528.808416][ T9899] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  529.036335][ T9899] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  529.059455][ T9899] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  529.065480][ T9899] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  529.074114][ T9899] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  529.080301][ T9899] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  529.336254][ T5882] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  529.406348][    T9] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  529.626695][    T9] usb 4-1: Using ep0 maxpacket: 32
[  529.932900][ T5847] Bluetooth: hci0: command 0x0406 tx timeout
[  529.967802][    T9] usb 4-1: config 0 has no interfaces?
[  529.978530][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  530.121557][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.139587][    T9] usb 4-1: config 0 descriptor??
[  530.141220][ T5882] usb 1-1: device descriptor read/all, error -71
[  530.365719][ T9899] FAULT_INJECTION: forcing a failure.
[  530.365719][ T9899] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  530.422287][ T9899] CPU: 0 UID: 0 PID: 9899 Comm: syz.3.1067 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  530.422308][ T9899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  530.422318][ T9899] Call Trace:
[  530.422323][ T9899]  <TASK>
[  530.422329][ T9899]  dump_stack_lvl+0x241/0x360
[  530.422353][ T9899]  ? __pfx_dump_stack_lvl+0x10/0x10
[  530.422372][ T9899]  ? __pfx__printk+0x10/0x10
[  530.422397][ T9899]  should_fail_ex+0x424/0x570
[  530.422415][ T9899]  prepare_alloc_pages+0x220/0x610
[  530.422440][ T9899]  __alloc_frozen_pages_noprof+0x162/0x5b0
[  530.422462][ T9899]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  530.422499][ T9899]  alloc_pages_mpol+0x339/0x690
[  530.422517][ T9899]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  530.422537][ T9899]  vma_alloc_folio_noprof+0x12d/0x260
[  530.422553][ T9899]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  530.422573][ T9899]  folio_prealloc+0x2e/0x170
[  530.422590][ T9899]  handle_pte_fault+0x2e45/0x61c0
[  530.422621][ T9899]  ? __pfx_handle_pte_fault+0x10/0x10
[  530.422647][ T9899]  ? rcu_is_watching+0x15/0xb0
[  530.422664][ T9899]  ? __count_memcg_events+0x1e1/0x3d0
[  530.422687][ T9899]  ? count_memcg_event_mm+0x96/0x440
[  530.422701][ T9899]  ? count_memcg_event_mm+0x96/0x440
[  530.422714][ T9899]  ? count_memcg_event_mm+0x388/0x440
[  530.422727][ T9899]  ? count_memcg_event_mm+0x96/0x440
[  530.422742][ T9899]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  530.422754][ T9899]  ? rcu_read_lock_any_held+0xbb/0x160
[  530.422774][ T9899]  ? __lock_acquire+0xad5/0xd80
[  530.422801][ T9899]  handle_mm_fault+0x1030/0x1aa0
[  530.422831][ T9899]  ? __pfx_handle_mm_fault+0x10/0x10
[  530.422844][ T9899]  ? lock_vma_under_rcu+0x1f0/0x9a0
[  530.422888][ T9899]  ? exc_page_fault+0x115/0x920
[  530.422905][ T9899]  exc_page_fault+0x45b/0x920
[  530.422925][ T9899]  asm_exc_page_fault+0x26/0x30
[  530.422938][ T9899] RIP: 0033:0x7f9d82c5e217
[  530.422951][ T9899] Code: 00 00 48 8b 05 aa c2 1c 00 48 89 7c 24 18 48 89 74 24 10 be 02 55 08 80 48 89 54 24 08 48 8b 5c 24 18 48 8d 94 24 30 10 00 00 <48> 89 84 24 30 10 00 00 31 c0 4c 8b 6c 24 10 89 df 4c 8b 64 24 08
[  530.422962][ T9899] RSP: 002b:00007f9d83b33fc0 EFLAGS: 00010206
[  530.422975][ T9899] RAX: 0000100000000000 RBX: 0000000000000003 RCX: 0000000000000000
[  530.422984][ T9899] RDX: 00007f9d83b34ff0 RSI: 0000000080085502 RDI: 0000000000000003
[  530.422993][ T9899] RBP: 00007f9d83b36090 R08: 0000000000000000 R09: 0000000000000000
[  530.423001][ T9899] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000001
[  530.423009][ T9899] R13: 0000000000000000 R14: 00007f9d82fa5fa0 R15: 00007ffe85742e78
[  530.423029][ T9899]  </TASK>
[  530.423158][ T9899] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  530.536292][ T5847] Bluetooth: hci1: command 0x0406 tx timeout
[  530.676359][    T9] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  530.807498][ T5847] Bluetooth: hci2: command 0x0406 tx timeout
[  530.862677][    T9] usb 5-1: New USB device found, idVendor=0471, idProduct=0302, bcdDevice=4d.67
[  530.873896][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.883778][    T9] usb 5-1: Product: syz
[  530.890850][    T9] usb 5-1: Manufacturer: syz
[  530.895537][    T9] usb 5-1: SerialNumber: syz
[  530.909876][    T9] usb 5-1: config 0 descriptor??
[  530.928869][    T9] pwc: Philips PCA645VC USB webcam detected.
[  531.104736][  T976] usb 4-1: USB disconnect, device number 21
[  531.127115][   T55] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  531.136682][   T55] Bluetooth: hci4: command 0x0406 tx timeout
[  531.143081][   T55] Bluetooth: hci3: command 0x0406 tx timeout
[  531.189318][    T9] pwc: send_video_command error -71
[  531.194654][    T9] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  531.252661][    T9] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[  531.300852][    T9] usb 5-1: USB disconnect, device number 37
[  532.416275][ T5847] Bluetooth: hci0: command 0x0406 tx timeout
[  532.596416][  T976] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  532.727653][ T5847] Bluetooth: hci1: command 0x0406 tx timeout
[  532.916640][ T5847] Bluetooth: hci2: command 0x0406 tx timeout
[  533.206355][ T5847] Bluetooth: hci4: command 0x0406 tx timeout
[  533.212592][   T55] Bluetooth: hci3: command 0x0406 tx timeout
[  533.657799][ T9955] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1082'.
[  533.691053][ T9955] usb usb1: usbfs: process 9955 (syz.0.1082) did not claim interface 0 before use
[  536.276671][ T9952] 9pnet_fd: Insufficient options for proto=fd
[  536.291876][ T9961] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  536.553892][  T976] usb 4-1: unable to get BOS descriptor or descriptor too short
[  536.640861][  T976] usb 4-1: too many configurations: 27, using maximum allowed: 8
[  536.743665][  T976] usb 4-1: unable to read config index 0 descriptor/start: -71
[  536.796969][  T976] usb 4-1: can't read configurations, error -71
[  537.095191][ T9967] netlink: 'syz.3.1087': attribute type 6 has an invalid length.
[  538.049442][ T9969] (unnamed net_device) (uninitialized): peer notification delay (3) is not a multiple of miimon (9), value rounded to 0 ms
[  538.123396][ T9967] IPv6: sit1: Disabled Multicast RS
[  538.458590][ T5988] Bluetooth: hci5: Frame reassembly failed (-84)
[  538.501177][ T9701] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  538.514125][   T30] kauditd_printk_skb: 62 callbacks suppressed
[  538.514141][   T30] audit: type=1326 audit(2000000353.430:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9977 comm="syz.1.1091" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd67878d169 code=0x0
[  538.612809][ T9983] erofs (device nullb0): cannot find valid erofs superblock
[  538.628612][ T9983] overlayfs: upper fs does not support file handles, falling back to index=off.
[  538.640018][ T9983] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  539.445542][ T9984] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  539.463827][ T9701] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  539.474475][ T9701] usb 3-1: config 0 interface 0 has no altsetting 0
[  539.498859][ T9701] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  539.513288][ T9701] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  539.530122][ T9701] usb 3-1: Product: syz
[  539.538611][ T9701] usb 3-1: Manufacturer: syz
[  539.550665][ T9701] usb 3-1: SerialNumber: syz
[  539.572185][ T9701] usb 3-1: config 0 descriptor??
[  539.587013][ T9988] can0: slcan on ttyS3.
[  539.739987][ T9701] usb 3-1: selecting invalid altsetting 0
[  539.760711][ T9988] can0 (unregistered): slcan off ttyS3.
[  540.500130][   T55] Bluetooth: hci5: command 0x1003 tx timeout
[  540.507160][ T5847] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  540.537929][ T9701] usb 3-1: USB disconnect, device number 16
[  540.730997][T10003] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1097'.
[  540.812505][T10003] netlink: 'syz.1.1097': attribute type 2 has an invalid length.
[  540.938258][ T8238] udevd[8238]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  540.980952][T10009] (unnamed net_device) (uninitialized): peer notification delay (3) is not a multiple of miimon (9), value rounded to 0 ms
[  542.295406][T10019] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1101'.
[  542.403033][ T5886] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  542.492088][T10021] sp0: Synchronizing with TNC
[  542.579829][T10026] kAFS: No cell specified
[  542.616430][ T5886] usb 1-1: Using ep0 maxpacket: 8
[  542.663849][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  542.689172][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  542.716065][ T5886] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  542.760643][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.845417][ T5886] usb 1-1: config 0 descriptor??
[  542.856315][ T5884] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  544.118737][T10036] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  544.195646][T10037] xt_NFQUEUE: number of total queues is 0
[  545.108096][ T5886] usbhid 1-1:0.0: can't add hid device: -71
[  545.137100][ T5886] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  545.170150][ T5886] usb 1-1: USB disconnect, device number 26
[  545.719671][ T5884] usb 2-1: unable to get BOS descriptor or descriptor too short
[  545.792829][ T5884] usb 2-1: too many configurations: 27, using maximum allowed: 8
[  545.847382][ T5884] usb 2-1: unable to read config index 0 descriptor/start: -71
[  545.891583][ T5884] usb 2-1: can't read configurations, error -71
[  546.807598][T10059] erofs (device nullb0): cannot find valid erofs superblock
[  546.840944][T10059] overlayfs: upper fs does not support file handles, falling back to index=off.
[  546.850212][T10059] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  547.307867][   T55] Bluetooth: hci5: command 0x1003 tx timeout
[  547.314485][ T5847] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  547.694066][T10063] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1114'.
[  547.757313][T10067] Cannot find add_set index 0 as target
[  547.887205][T10067] Cannot find del_set index 0 as target
[  548.026801][T10075] FAULT_INJECTION: forcing a failure.
[  548.026801][T10075] name failslab, interval 1, probability 0, space 0, times 0
[  548.866395][T10075] CPU: 0 UID: 0 PID: 10075 Comm: syz.2.1117 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  548.866421][T10075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  548.866433][T10075] Call Trace:
[  548.866440][T10075]  <TASK>
[  548.866448][T10075]  dump_stack_lvl+0x241/0x360
[  548.866478][T10075]  ? __pfx_dump_stack_lvl+0x10/0x10
[  548.866501][T10075]  ? __pfx__printk+0x10/0x10
[  548.866521][T10075]  ? smk_access+0x4ab/0x4e0
[  548.866542][T10075]  ? __pfx___might_resched+0x10/0x10
[  548.866564][T10075]  should_fail_ex+0x424/0x570
[  548.866585][T10075]  should_failslab+0xac/0x100
[  548.866604][T10075]  __kmalloc_noprof+0xdf/0x4d0
[  548.866621][T10075]  ? iovec_from_user+0x87/0x240
[  548.866642][T10075]  ? __lock_acquire+0xad5/0xd80
[  548.866661][T10075]  iovec_from_user+0x87/0x240
[  548.866688][T10075]  __import_iovec+0x175/0x830
[  548.866727][T10075]  import_iovec+0xeb/0x120
[  548.866755][T10075]  copy_msghdr_from_user+0x3ee/0x580
[  548.866782][T10075]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  548.866802][T10075]  ? __fget_files+0x2a/0x420
[  548.866824][T10075]  ? __fget_files+0x2a/0x420
[  548.866850][T10075]  __sys_sendmmsg+0x361/0x7b0
[  548.866882][T10075]  ? __pfx___sys_sendmmsg+0x10/0x10
[  548.866932][T10075]  ? rcu_read_lock_any_held+0xbb/0x160
[  548.866953][T10075]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  548.866979][T10075]  ? vfs_write+0xb29/0xd10
[  548.867009][T10075]  ? ksys_write+0x24e/0x2d0
[  548.867034][T10075]  ? __mutex_unlock_slowpath+0x229/0x800
[  548.867078][T10075]  ? ksys_write+0x275/0x2d0
[  548.867110][T10075]  __x64_sys_sendmmsg+0xa0/0xb0
[  548.867128][T10075]  do_syscall_64+0xf3/0x230
[  548.867148][T10075]  ? clear_bhb_loop+0x45/0xa0
[  548.867167][T10075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.867183][T10075] RIP: 0033:0x7fe43a18d169
[  548.867197][T10075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.867211][T10075] RSP: 002b:00007fe43af40038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  548.867228][T10075] RAX: ffffffffffffffda RBX: 00007fe43a3a6160 RCX: 00007fe43a18d169
[  548.867240][T10075] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000005
[  548.867251][T10075] RBP: 00007fe43af40090 R08: 0000000000000000 R09: 0000000000000000
[  548.867261][T10075] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001
[  548.867271][T10075] R13: 0000000000000000 R14: 00007fe43a3a6160 R15: 00007fffc480f268
[  548.867296][T10075]  </TASK>
[  548.927136][ T5884] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  549.419166][T10081] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  549.468267][T10081] xt_NFQUEUE: number of total queues is 0
[  550.223143][ T5884] usb 2-1: Using ep0 maxpacket: 32
[  550.256710][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  550.286223][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  550.373457][ T5884] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  550.456278][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.547193][ T5884] usb 2-1: config 0 descriptor??
[  550.570283][ T5884] usb 2-1: can't set config #0, error -71
[  550.602740][ T5884] usb 2-1: USB disconnect, device number 23
[  550.717087][ T5893] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  551.713061][T10090] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.738788][ T5893] usb 1-1: Using ep0 maxpacket: 16
[  551.768781][ T5893] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  551.788656][T10090] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.812369][ T5893] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  551.853792][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.911771][T10090] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.917895][ T5893] usb 1-1: config 0 descriptor??
[  551.985365][ T5893] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input11
[  552.000423][T10090] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.024297][ T5956] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0
[  552.132858][T10090] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  552.151000][T10090] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  552.172068][T10090] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  552.191955][T10084] input: syz0 as /devices/virtual/input/input12
[  552.210125][T10090] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  553.209668][T10105] erofs (device nullb0): cannot find valid erofs superblock
[  553.242280][T10105] overlayfs: upper fs does not support file handles, falling back to index=off.
[  553.251482][T10105] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  553.410430][T10107] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1127'.
[  553.729512][T10112] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  553.775756][T10112] xt_NFQUEUE: number of total queues is 0
[  554.086296][ T5847] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  554.646499][T10110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1129'.
[  554.740420][ T5185] bcm5974 1-1:0.0: could not read from device
[  554.770449][ T5185] bcm5974 1-1:0.0: could not read from device
[  554.804143][ T5893] usb 1-1: USB disconnect, device number 27
[  554.817408][ T5185] bcm5974 1-1:0.0: could not read from device
[  554.969911][T10123] xt_NFQUEUE: number of total queues is 0
[  555.884081][T10122] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  556.016395][    T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  556.166498][    T9] usb 3-1: Using ep0 maxpacket: 16
[  556.174141][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  556.275590][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  556.300797][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  556.362150][    T9] usb 3-1: config 0 descriptor??
[  556.410052][T10138] can0: slcan on ttyS3.
[  556.445097][    T9] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input13
[  556.527396][T10138] can0 (unregistered): slcan off ttyS3.
[  556.566336][ T5882] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  556.648184][T10128] input: syz0 as /devices/virtual/input/input14
[  556.736721][ T5882] usb 4-1: Using ep0 maxpacket: 16
[  556.754378][ T5882] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  556.778059][ T5882] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  556.788557][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  556.845784][ T5882] usb 4-1: config 0 descriptor??
[  556.923742][ T5882] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input15
[  557.105371][T10137] input: syz0 as /devices/virtual/input/input16
[  557.304211][T10149] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1140'.
[  557.994553][T10157] xt_TCPMSS: Only works on TCP SYN packets
[  558.354872][   T10] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  558.657149][   T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  558.675618][   T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  558.692527][   T10] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  558.752175][ T5185] bcm5974 3-1:0.0: could not read from device
[  558.772404][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  558.952467][   T10] usb 1-1: SerialNumber: syz
[  558.976295][ T5185] bcm5974 3-1:0.0: could not read from device
[  559.025423][    T9] usb 3-1: USB disconnect, device number 17
[  559.035299][ T5185] bcm5974 3-1:0.0: could not read from device
[  559.188982][T10165] FAULT_INJECTION: forcing a failure.
[  559.188982][T10165] name failslab, interval 1, probability 0, space 0, times 0
[  559.236282][T10165] CPU: 1 UID: 0 PID: 10165 Comm: syz.1.1144 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  559.236316][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  559.236329][T10165] Call Trace:
[  559.236339][T10165]  <TASK>
[  559.236350][T10165]  dump_stack_lvl+0x241/0x360
[  559.236388][T10165]  ? __pfx_dump_stack_lvl+0x10/0x10
[  559.236416][T10165]  ? __pfx__printk+0x10/0x10
[  559.236445][T10165]  ? __pfx___might_resched+0x10/0x10
[  559.236476][T10165]  should_fail_ex+0x424/0x570
[  559.236504][T10165]  should_failslab+0xac/0x100
[  559.236527][T10165]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  559.236547][T10165]  ? __alloc_skb+0x1c2/0x480
[  559.236583][T10165]  __alloc_skb+0x1c2/0x480
[  559.236624][T10165]  ? __pfx___alloc_skb+0x10/0x10
[  559.236659][T10165]  ? netlink_autobind+0xd6/0x2f0
[  559.236687][T10165]  ? netlink_autobind+0x2b0/0x2f0
[  559.236721][T10165]  netlink_sendmsg+0x638/0xcd0
[  559.236915][T10165]  ? __pfx_netlink_sendmsg+0x10/0x10
[  559.236992][T10165]  ? __pfx_netlink_sendmsg+0x10/0x10
[  559.237032][T10165]  __sock_sendmsg+0x221/0x270
[  559.237076][T10165]  ____sys_sendmsg+0x523/0x860
[  559.237118][T10165]  ? __pfx_____sys_sendmsg+0x10/0x10
[  559.237145][T10165]  ? __fget_files+0x2a/0x420
[  559.237185][T10165]  ? __fget_files+0x2a/0x420
[  559.237219][T10165]  __sys_sendmsg+0x271/0x360
[  559.237248][T10165]  ? __pfx___sys_sendmsg+0x10/0x10
[  559.237332][T10165]  ? do_syscall_64+0xb6/0x230
[  559.237364][T10165]  do_syscall_64+0xf3/0x230
[  559.237389][T10165]  ? clear_bhb_loop+0x45/0xa0
[  559.237416][T10165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.237437][T10165] RIP: 0033:0x7fd67878d169
[  559.237459][T10165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  559.237476][T10165] RSP: 002b:00007fd6795a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  559.237499][T10165] RAX: ffffffffffffffda RBX: 00007fd6789a6080 RCX: 00007fd67878d169
[  559.237515][T10165] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000008
[  559.237529][T10165] RBP: 00007fd6795a1090 R08: 0000000000000000 R09: 0000000000000000
[  559.237542][T10165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  559.237554][T10165] R13: 0000000000000000 R14: 00007fd6789a6080 R15: 00007fff227402c8
[  559.237587][T10165]  </TASK>
[  559.485652][    C1] vkms_vblank_simulate: vblank timer overrun
[  559.501103][T10164] vlan2: entered allmulticast mode
[  559.506506][T10164] bond0: entered allmulticast mode
[  559.511700][T10164] bond_slave_0: entered allmulticast mode
[  559.517708][T10164] bond_slave_1: entered allmulticast mode
[  559.572703][   T10] usb 1-1: 0:2 : does not exist
[  559.733286][    T9] usb 4-1: USB disconnect, device number 24
[  559.739951][ T5185] bcm5974 4-1:0.0: could not read from device
[  560.015353][   T10] usb 1-1: USB disconnect, device number 28
[  560.123519][ T8238] bcm5974 4-1:0.0: could not read from device
[  560.196685][T10184] xt_NFQUEUE: number of total queues is 0
[  560.314399][T10183] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  560.864780][T10191] overlayfs: failed to resolve './file0': -2
[  561.019887][T10177] slcan: can't register candev
[  561.065675][ T8237] udevd[8237]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  561.261039][   T55] Bluetooth: unknown link type 108
[  561.267359][   T55] Bluetooth: hci2: connection err: -111
[  561.648828][T10200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1152'.
[  561.669066][T10204] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1153'.
[  561.946323][ T5882] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  562.126453][ T5882] usb 4-1: Using ep0 maxpacket: 8
[  562.148329][ T5882] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  562.160610][ T5882] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  562.185496][ T5882] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  562.199312][ T5882] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  562.210877][ T5882] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  562.487652][ T5882] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  562.506367][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.076829][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  563.085499][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  564.097297][ T5882] usb 4-1: usb_control_msg returned -32
[  564.129263][ T5882] usbtmc 4-1:16.0: can't read capabilities
[  564.414838][T10225] FAULT_INJECTION: forcing a failure.
[  564.414838][T10225] name failslab, interval 1, probability 0, space 0, times 0
[  564.447073][T10225] CPU: 0 UID: 0 PID: 10225 Comm: syz.4.1160 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  564.447106][T10225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  564.447119][T10225] Call Trace:
[  564.447128][T10225]  <TASK>
[  564.447137][T10225]  dump_stack_lvl+0x241/0x360
[  564.447175][T10225]  ? __pfx_dump_stack_lvl+0x10/0x10
[  564.447205][T10225]  ? __pfx__printk+0x10/0x10
[  564.447238][T10225]  ? __pfx___might_resched+0x10/0x10
[  564.447268][T10225]  should_fail_ex+0x424/0x570
[  564.447297][T10225]  should_failslab+0xac/0x100
[  564.447322][T10225]  kmem_cache_alloc_lru_noprof+0x7d/0x390
[  564.447344][T10225]  ? sock_alloc_inode+0x28/0xc0
[  564.447379][T10225]  sock_alloc_inode+0x28/0xc0
[  564.447405][T10225]  ? __pfx_sock_alloc_inode+0x10/0x10
[  564.447430][T10225]  alloc_inode+0x69/0x1b0
[  564.447455][T10225]  __sock_create+0x127/0xa30
[  564.447496][T10225]  mptcp_subflow_create_socket+0x12d/0xd10
[  564.447541][T10225]  ? smk_ipv4_check+0xf4/0x7a0
[  564.447566][T10225]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  564.447596][T10225]  ? smk_ipv4_check+0x538/0x7a0
[  564.447626][T10225]  __mptcp_nmpc_sk+0x18c/0x830
[  564.447655][T10225]  ? __pfx_smk_ipv4_check+0x10/0x10
[  564.447683][T10225]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  564.447727][T10225]  mptcp_connect+0x71/0xc30
[  564.447748][T10225]  ? register_lock_class+0x54/0x330
[  564.447774][T10225]  __inet_stream_connect+0x2a7/0xfb0
[  564.447810][T10225]  ? __local_bh_enable_ip+0x168/0x200
[  564.447842][T10225]  ? lockdep_hardirqs_on+0x9d/0x150
[  564.447868][T10225]  ? __pfx___inet_stream_connect+0x10/0x10
[  564.447888][T10225]  ? __local_bh_enable_ip+0x168/0x200
[  564.447922][T10225]  ? inet_stream_connect+0x50/0xa0
[  564.447943][T10225]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  564.447988][T10225]  inet_stream_connect+0x65/0xa0
[  564.448015][T10225]  __sys_connect+0x28c/0x2d0
[  564.448048][T10225]  ? __fget_files+0x2a/0x420
[  564.448071][T10225]  ? __pfx___sys_connect+0x10/0x10
[  564.448130][T10225]  __x64_sys_connect+0x7a/0x90
[  564.448163][T10225]  do_syscall_64+0xf3/0x230
[  564.448190][T10225]  ? clear_bhb_loop+0x45/0xa0
[  564.448215][T10225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.448236][T10225] RIP: 0033:0x7f67a6f8d169
[  564.448255][T10225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  564.448274][T10225] RSP: 002b:00007f67a7e4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  564.448298][T10225] RAX: ffffffffffffffda RBX: 00007f67a71a5fa0 RCX: 00007f67a6f8d169
[  564.448314][T10225] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000007
[  564.448327][T10225] RBP: 00007f67a7e4e090 R08: 0000000000000000 R09: 0000000000000000
[  564.448340][T10225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  564.448353][T10225] R13: 0000000000000000 R14: 00007f67a71a5fa0 R15: 00007ffe52692c48
[  564.448387][T10225]  </TASK>
[  564.448397][T10225] net_ratelimit: 1052 callbacks suppressed
[  564.448409][T10225] socket: no more sockets
[  566.934498][T10238] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  566.949367][T10239] xt_NFQUEUE: number of total queues is 0
[  567.069486][ T5893] usb 4-1: USB disconnect, device number 25
[  567.384819][T10240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1163'.
[  567.401021][T10240] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1163'.
[  567.474948][T10240] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1163'.
[  567.608376][T10248] FAULT_INJECTION: forcing a failure.
[  567.608376][T10248] name failslab, interval 1, probability 0, space 0, times 0
[  567.680637][T10248] CPU: 1 UID: 0 PID: 10248 Comm: syz.0.1167 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  567.680670][T10248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  567.680683][T10248] Call Trace:
[  567.680692][T10248]  <TASK>
[  567.680701][T10248]  dump_stack_lvl+0x241/0x360
[  567.680739][T10248]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.680769][T10248]  ? __pfx__printk+0x10/0x10
[  567.680801][T10248]  ? __pfx___might_resched+0x10/0x10
[  567.680830][T10248]  should_fail_ex+0x424/0x570
[  567.680856][T10248]  should_failslab+0xac/0x100
[  567.680878][T10248]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  567.680901][T10248]  ? __alloc_skb+0x1c2/0x480
[  567.680939][T10248]  __alloc_skb+0x1c2/0x480
[  567.680977][T10248]  ? __pfx___alloc_skb+0x10/0x10
[  567.681012][T10248]  ? netlink_autobind+0xd6/0x2f0
[  567.681040][T10248]  ? netlink_autobind+0x2b0/0x2f0
[  567.681075][T10248]  netlink_sendmsg+0x638/0xcd0
[  567.681117][T10248]  ? __pfx_netlink_sendmsg+0x10/0x10
[  567.681161][T10248]  ? __pfx_netlink_sendmsg+0x10/0x10
[  567.681188][T10248]  __sock_sendmsg+0x221/0x270
[  567.681220][T10248]  ____sys_sendmsg+0x523/0x860
[  567.681252][T10248]  ? __pfx_____sys_sendmsg+0x10/0x10
[  567.681280][T10248]  ? __fget_files+0x2a/0x420
[  567.681308][T10248]  ? __fget_files+0x2a/0x420
[  567.681342][T10248]  __sys_sendmsg+0x271/0x360
[  567.681370][T10248]  ? __pfx___sys_sendmsg+0x10/0x10
[  567.681450][T10248]  ? do_syscall_64+0xb6/0x230
[  567.681479][T10248]  do_syscall_64+0xf3/0x230
[  567.681504][T10248]  ? clear_bhb_loop+0x45/0xa0
[  567.681530][T10248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.681550][T10248] RIP: 0033:0x7fd96478d169
[  567.681569][T10248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.681587][T10248] RSP: 002b:00007fd965535038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  567.681610][T10248] RAX: ffffffffffffffda RBX: 00007fd9649a5fa0 RCX: 00007fd96478d169
[  567.681626][T10248] RDX: 000000000000c800 RSI: 00002000000001c0 RDI: 0000000000000003
[  567.681640][T10248] RBP: 00007fd965535090 R08: 0000000000000000 R09: 0000000000000000
[  567.681653][T10248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  567.681669][T10248] R13: 0000000000000000 R14: 00007fd9649a5fa0 R15: 00007ffc8c6becb8
[  567.681700][T10248]  </TASK>
[  567.933753][    C1] vkms_vblank_simulate: vblank timer overrun
[  569.504724][T10263] overlayfs: failed to resolve './file0': -2
[  569.515258][  T976] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  570.006558][  T976] usb 4-1: Using ep0 maxpacket: 8
[  570.039106][  T976] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  570.056223][  T976] usb 4-1: config 179 has no interface number 0
[  570.063092][  T976] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  570.075433][  T976] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  570.087952][  T976] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  570.100750][  T976] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  570.112996][  T976] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  570.127151][  T976] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  570.137045][  T976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.157899][T10251] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  570.425171][   T10] usb 4-1: USB disconnect, device number 26
[  570.425316][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  570.440675][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  570.449885][    C1] ==================================================================
[  570.458174][    C1] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x29d/0x370
[  570.466129][    C1] Read of size 4 at addr ffff8880698dd05c by task modprobe/10275
[  570.474062][    C1] 
[  570.476869][    C1] CPU: 1 UID: 0 PID: 10275 Comm: modprobe Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  570.476905][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  570.476920][    C1] Call Trace:
[  570.476930][    C1]  <IRQ>
[  570.476947][    C1]  dump_stack_lvl+0x241/0x360
[  570.476988][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  570.477019][    C1]  ? __virt_addr_valid+0x183/0x530
[  570.477048][    C1]  ? rcu_is_watching+0x15/0xb0
[  570.477074][    C1]  ? __virt_addr_valid+0x183/0x530
[  570.477103][    C1]  ? lock_release+0x4e/0x3e0
[  570.477127][    C1]  ? __virt_addr_valid+0x183/0x530
[  570.477156][    C1]  ? __virt_addr_valid+0x183/0x530
[  570.477187][    C1]  print_report+0x16e/0x5b0
[  570.477223][    C1]  ? __virt_addr_valid+0x183/0x530
[  570.477251][    C1]  ? __virt_addr_valid+0x183/0x530
[  570.477279][    C1]  ? __virt_addr_valid+0x45f/0x530
[  570.477308][    C1]  ? __phys_addr+0xba/0x170
[  570.477336][    C1]  ? do_raw_spin_lock+0x29d/0x370
[  570.477367][    C1]  kasan_report+0x143/0x180
[  570.477403][    C1]  ? do_raw_spin_lock+0x29d/0x370
[  570.477435][    C1]  do_raw_spin_lock+0x29d/0x370
[  570.477468][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  570.477499][    C1]  ? do_raw_spin_lock+0x151/0x370
[  570.477531][    C1]  _raw_spin_lock_irqsave+0xe4/0x130
[  570.477554][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  570.477576][    C1]  ? kcov_remote_stop+0x78/0x6f0
[  570.477615][    C1]  __wake_up_common_lock+0x25/0x1e0
[  570.477651][    C1]  __usb_hcd_giveback_urb+0x501/0x6e0
[  570.477682][    C1]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  570.477711][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  570.477743][    C1]  dummy_timer+0x84b/0x4670
[  570.477769][    C1]  ? __lock_acquire+0xad5/0xd80
[  570.477807][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  570.477832][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  570.477870][    C1]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[  570.477898][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  570.477925][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  570.477958][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  570.477980][    C1]  __hrtimer_run_queues+0x5a6/0xd40
[  570.478013][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  570.478034][    C1]  ? read_tsc+0x9/0x20
[  570.478060][    C1]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[  570.478092][    C1]  hrtimer_run_softirq+0x19a/0x2c0
[  570.478117][    C1]  handle_softirqs+0x2d6/0x9b0
[  570.478140][    C1]  ? __irq_exit_rcu+0xfb/0x220
[  570.478158][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  570.478180][    C1]  __irq_exit_rcu+0xfb/0x220
[  570.478196][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  570.478219][    C1]  irq_exit_rcu+0x9/0x30
[  570.478233][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  570.478253][    C1]  </IRQ>
[  570.478259][    C1]  <TASK>
[  570.478266][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  570.478287][    C1] RIP: 0010:copy_page_to_iter+0xd/0x160
[  570.478313][    C1] Code: e0 8a a0 8c e8 14 53 12 fd 90 0f 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 <53> 49 89 ce 49 89 d7 48 89 f3 49 89 fc e8 71 52 c8 fc 4c 89 e7 48
[  570.478330][    C1] RSP: 0018:ffffc9000bdc79d0 EFLAGS: 00000293
[  570.478348][    C1] RAX: ffffffff81fddde9 RBX: 0000000000000000 RCX: ffffc9000bdc7d90
[  570.478363][    C1] RDX: 0000000000000310 RSI: 0000000000000040 RDI: ffffea000030f100
[  570.478376][    C1] RBP: ffffc9000bdc7cb0 R08: ffffffff81fdddd0 R09: 1ffffd4000061e20
[  570.478391][    C1] R10: dffffc0000000000 R11: fffff94000061e21 R12: 0000000000000040
[  570.478404][    C1] R13: ffffea000030f100 R14: 0000000000000310 R15: 0000000000000000
[  570.478420][    C1]  ? filemap_read+0x860/0x1260
[  570.478441][    C1]  ? filemap_read+0x879/0x1260
[  570.478469][    C1]  filemap_read+0x88f/0x1260
[  570.478511][    C1]  ? __pfx_filemap_read+0x10/0x10
[  570.478553][    C1]  ? generic_file_read_iter+0x98/0x550
[  570.478581][    C1]  ? ext4_file_read_iter+0x182/0x670
[  570.478617][    C1]  vfs_read+0x9a0/0xb90
[  570.478652][    C1]  ? __pfx_vfs_read+0x10/0x10
[  570.478696][    C1]  __x64_sys_pread64+0x1b5/0x250
[  570.478730][    C1]  ? __pfx___x64_sys_pread64+0x10/0x10
[  570.478767][    C1]  ? do_syscall_64+0xb6/0x230
[  570.478796][    C1]  do_syscall_64+0xf3/0x230
[  570.478824][    C1]  ? clear_bhb_loop+0x45/0xa0
[  570.478850][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.478871][    C1] RIP: 0033:0x7f0eecf72a7e
[  570.478892][    C1] Code: 01 00 48 83 c8 ff c3 31 c0 0f 05 48 3d 00 f0 ff ff 76 0c f7 d8 89 05 f1 47 01 00 48 83 c8 ff c3 49 89 ca b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 d2 47 01 00 48 83 c8 ff c3 b8
[  570.478913][    C1] RSP: 002b:00007ffe61e388c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000011
[  570.478943][    C1] RAX: ffffffffffffffda RBX: 0000000000000310 RCX: 00007f0eecf72a7e
[  570.478959][    C1] RDX: 0000000000000310 RSI: 00007ffe61e388d0 RDI: 0000000000000000
[  570.478974][    C1] RBP: 00007ffe61e38d50 R08: 000000000000c0ff R09: 0000000000000000
[  570.478989][    C1] R10: 0000000000000040 R11: 0000000000000202 R12: 00007f0eecf4d5c0
[  570.479005][    C1] R13: 00007ffe61e38dd8 R14: 00007f0eecf872a0 R15: 0000000000000001
[  570.479031][    C1]  </TASK>
[  570.479040][    C1] 
[  571.032594][    C1] Allocated by task 976:
[  571.037075][    C1]  kasan_save_track+0x3f/0x80
[  571.042423][    C1]  __kasan_kmalloc+0x9d/0xb0
[  571.047420][    C1]  __kmalloc_cache_noprof+0x236/0x370
[  571.053600][    C1]  xpad_probe+0x3f3/0x1d80
[  571.058400][    C1]  usb_probe_interface+0x650/0xbc0
[  571.064380][    C1]  really_probe+0x2b9/0xad0
[  571.069265][    C1]  __driver_probe_device+0x1a2/0x390
[  571.074734][    C1]  driver_probe_device+0x50/0x430
[  571.080139][    C1]  __device_attach_driver+0x2d6/0x530
[  571.085820][    C1]  bus_for_each_drv+0x258/0x2e0
[  571.090897][    C1]  __device_attach+0x341/0x530
[  571.097304][    C1]  bus_probe_device+0x189/0x260
[  571.103332][    C1]  device_add+0x856/0xbf0
[  571.108063][    C1]  usb_set_configuration+0x1999/0x1fe0
[  571.116116][    C1]  usb_generic_driver_probe+0x88/0x140
[  571.122241][    C1]  usb_probe_device+0x1b8/0x380
[  571.128090][    C1]  really_probe+0x2b9/0xad0
[  571.133274][    C1]  __driver_probe_device+0x1a2/0x390
[  571.141038][    C1]  driver_probe_device+0x50/0x430
[  571.147795][    C1]  __device_attach_driver+0x2d6/0x530
[  571.154689][    C1]  bus_for_each_drv+0x258/0x2e0
[  571.161103][    C1]  __device_attach+0x341/0x530
[  571.166866][    C1]  bus_probe_device+0x189/0x260
[  571.172087][    C1]  device_add+0x856/0xbf0
[  571.176706][    C1]  usb_new_device+0x1052/0x19a0
[  571.182491][    C1]  hub_event+0x2bfd/0x50f0
[  571.186957][    C1]  process_scheduled_works+0xac3/0x18e0
[  571.194381][    C1]  worker_thread+0x870/0xd50
[  571.199450][    C1]  kthread+0x7b7/0x940
[  571.205077][    C1]  ret_from_fork+0x4b/0x80
[  571.210106][    C1]  ret_from_fork_asm+0x1a/0x30
[  571.216402][    C1] 
[  571.219068][    C1] Freed by task 10:
[  571.223991][    C1]  kasan_save_track+0x3f/0x80
[  571.229526][    C1]  kasan_save_free_info+0x40/0x50
[  571.235049][    C1]  __kasan_slab_free+0x59/0x70
[  571.240022][    C1]  kfree+0x198/0x430
[  571.244841][    C1]  xpad_disconnect+0x359/0x490
[  571.250859][    C1]  usb_unbind_interface+0x25b/0x940
[  571.257673][    C1]  device_release_driver_internal+0x503/0x7c0
[  571.264838][    C1]  bus_remove_device+0x34f/0x420
[  571.271212][    C1]  device_del+0x57c/0x9b0
[  571.275923][    C1]  usb_disable_device+0x3c5/0x860
[  571.283582][    C1]  usb_disconnect+0x340/0x960
[  571.289161][    C1]  hub_event+0x1d2a/0x50f0
[  571.293757][    C1]  process_scheduled_works+0xac3/0x18e0
[  571.299601][    C1]  worker_thread+0x870/0xd50
[  571.304335][    C1]  kthread+0x7b7/0x940
[  571.308870][    C1]  ret_from_fork+0x4b/0x80
[  571.314252][    C1]  ret_from_fork_asm+0x1a/0x30
[  571.320096][    C1] 
[  571.323008][    C1] The buggy address belongs to the object at ffff8880698dd000
[  571.323008][    C1]  which belongs to the cache kmalloc-1k of size 1024
[  571.340142][    C1] The buggy address is located 92 bytes inside of
[  571.340142][    C1]  freed 1024-byte region [ffff8880698dd000, ffff8880698dd400)
[  571.355914][    C1] 
[  571.359159][    C1] The buggy address belongs to the physical page:
[  571.366667][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x698d8
[  571.376006][    C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  571.387611][    C1] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  571.398879][    C1] page_type: f5(slab)
[  571.404638][    C1] raw: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001
[  571.414664][    C1] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  571.425116][    C1] head: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001
[  571.437463][    C1] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  571.447478][    C1] head: 00fff00000000003 ffffea0001a63601 00000000ffffffff 00000000ffffffff
[  571.457723][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  571.467115][    C1] page dumped because: kasan: bad access detected
[  571.474017][    C1] page_owner tracks the page as allocated
[  571.481118][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 12, tgid 12 (kworker/u8:0), ts 92745694406, free_ts 92710160877
[  571.503084][    C1]  post_alloc_hook+0x1f4/0x240
[  571.508882][    C1]  get_page_from_freelist+0x351d/0x36b0
[  571.514766][    C1]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  571.523333][    C1]  alloc_pages_mpol+0x339/0x690
[  571.529815][    C1]  allocate_slab+0x8f/0x3a0
[  571.534754][    C1]  ___slab_alloc+0xc3b/0x1500
[  571.541260][    C1]  __slab_alloc+0x58/0xa0
[  571.546685][    C1]  __kmalloc_noprof+0x2ea/0x4d0
[  571.552083][    C1]  ___neigh_create+0x6c3/0x2360
[  571.557570][    C1]  ip6_finish_output2+0xb31/0x1750
[  571.564205][    C1]  ip6_finish_output+0x421/0x840
[  571.570810][    C1]  ndisc_send_skb+0xb58/0x1560
[  571.577485][    C1]  ndisc_send_ns+0xce/0x160
[  571.583508][    C1]  addrconf_dad_work+0xb2f/0x16a0
[  571.589178][    C1]  process_scheduled_works+0xac3/0x18e0
[  571.596177][    C1]  worker_thread+0x870/0xd50
[  571.602326][    C1] page last free pid 5832 tgid 5832 stack trace:
[  571.610504][    C1]  __free_frozen_pages+0xddf/0x10a0
[  571.616451][    C1]  __slab_free+0x2c6/0x390
[  571.623626][    C1]  qlist_free_all+0x9a/0x140
[  571.629204][    C1]  kasan_quarantine_reduce+0x14f/0x170
[  571.636088][    C1]  __kasan_slab_alloc+0x23/0x80
[  571.642186][    C1]  __kmalloc_cache_noprof+0x1c8/0x370
[  571.648318][    C1]  vlan_vid_add+0x147/0x760
[  571.654442][    C1]  vlan_device_event+0x1cbd/0x1e00
[  571.659786][    C1]  notifier_call_chain+0x1a5/0x3f0
[  571.667530][    C1]  __dev_notify_flags+0x209/0x410
[  571.674265][    C1]  netif_change_flags+0xf0/0x1a0
[  571.679340][    C1]  do_setlink+0x106a/0x43a0
[  571.684356][    C1]  rtnl_newlink+0x17e2/0x1fe0
[  571.689562][    C1]  rtnetlink_rcv_msg+0x80f/0xd70
[  571.696987][    C1]  netlink_rcv_skb+0x208/0x480
[  571.702100][    C1]  netlink_unicast+0x7f8/0x9a0
[  571.708748][    C1] 
[  571.711269][    C1] Memory state around the buggy address:
[  571.717788][    C1]  ffff8880698dcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  571.726611][    C1]  ffff8880698dcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  571.738623][    C1] >ffff8880698dd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  571.750673][    C1]                                                     ^
[  571.759815][    C1]  ffff8880698dd080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  571.768989][    C1]  ffff8880698dd100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  571.777879][    C1] ==================================================================
[  571.787812][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  571.795761][    C1] CPU: 1 UID: 0 PID: 10275 Comm: modprobe Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) 
[  571.808993][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  571.820047][    C1] Call Trace:
[  571.823763][    C1]  <IRQ>
[  571.828114][    C1]  dump_stack_lvl+0x241/0x360
[  571.833048][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  571.838462][    C1]  ? __pfx__printk+0x10/0x10
[  571.843286][    C1]  ? vscnprintf+0x5d/0x90
[  571.847776][    C1]  panic+0x349/0x880
[  571.852264][    C1]  ? check_panic_on_warn+0x21/0xb0
[  571.857879][    C1]  ? __pfx_panic+0x10/0x10
[  571.862727][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  571.868428][    C1]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  571.875366][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  571.882179][    C1]  ? print_report+0x519/0x5b0
[  571.887413][    C1]  check_panic_on_warn+0x86/0xb0
[  571.893816][    C1]  ? do_raw_spin_lock+0x29d/0x370
[  571.899217][    C1]  end_report+0x77/0x160
[  571.904362][    C1]  kasan_report+0x154/0x180
[  571.909968][    C1]  ? do_raw_spin_lock+0x29d/0x370
[  571.916264][    C1]  do_raw_spin_lock+0x29d/0x370
[  571.921351][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  571.928945][    C1]  ? do_raw_spin_lock+0x151/0x370
[  571.934625][    C1]  _raw_spin_lock_irqsave+0xe4/0x130
[  571.940765][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  571.948266][    C1]  ? kcov_remote_stop+0x78/0x6f0
[  571.954069][    C1]  __wake_up_common_lock+0x25/0x1e0
[  571.959893][    C1]  __usb_hcd_giveback_urb+0x501/0x6e0
[  571.966615][    C1]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  571.973888][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  571.979229][    C1]  dummy_timer+0x84b/0x4670
[  571.984899][    C1]  ? __lock_acquire+0xad5/0xd80
[  571.991741][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  572.001515][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[  572.007087][    C1]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[  572.014461][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  572.019976][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  572.024959][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  572.030291][    C1]  __hrtimer_run_queues+0x5a6/0xd40
[  572.035728][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  572.041474][    C1]  ? read_tsc+0x9/0x20
[  572.046107][    C1]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[  572.053181][    C1]  hrtimer_run_softirq+0x19a/0x2c0
[  572.059461][    C1]  handle_softirqs+0x2d6/0x9b0
[  572.066339][    C1]  ? __irq_exit_rcu+0xfb/0x220
[  572.071208][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  572.077235][    C1]  __irq_exit_rcu+0xfb/0x220
[  572.083528][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  572.089567][    C1]  irq_exit_rcu+0x9/0x30
[  572.094462][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  572.100309][    C1]  </IRQ>
[  572.103869][    C1]  <TASK>
[  572.106902][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  572.115833][    C1] RIP: 0010:copy_page_to_iter+0xd/0x160
[  572.122908][    C1] Code: e0 8a a0 8c e8 14 53 12 fd 90 0f 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 <53> 49 89 ce 49 89 d7 48 89 f3 49 89 fc e8 71 52 c8 fc 4c 89 e7 48
[  572.146562][    C1] RSP: 0018:ffffc9000bdc79d0 EFLAGS: 00000293
[  572.155368][    C1] RAX: ffffffff81fddde9 RBX: 0000000000000000 RCX: ffffc9000bdc7d90
[  572.163745][    C1] RDX: 0000000000000310 RSI: 0000000000000040 RDI: ffffea000030f100
[  572.173599][    C1] RBP: ffffc9000bdc7cb0 R08: ffffffff81fdddd0 R09: 1ffffd4000061e20
[  572.184313][    C1] R10: dffffc0000000000 R11: fffff94000061e21 R12: 0000000000000040
[  572.193073][    C1] R13: ffffea000030f100 R14: 0000000000000310 R15: 0000000000000000
[  572.201367][    C1]  ? filemap_read+0x860/0x1260
[  572.207459][    C1]  ? filemap_read+0x879/0x1260
[  572.213561][    C1]  filemap_read+0x88f/0x1260
[  572.219675][    C1]  ? __pfx_filemap_read+0x10/0x10
[  572.225822][    C1]  ? generic_file_read_iter+0x98/0x550
[  572.234565][    C1]  ? ext4_file_read_iter+0x182/0x670
[  572.242364][    C1]  vfs_read+0x9a0/0xb90
[  572.247031][    C1]  ? __pfx_vfs_read+0x10/0x10
[  572.255776][    C1]  __x64_sys_pread64+0x1b5/0x250
[  572.261245][    C1]  ? __pfx___x64_sys_pread64+0x10/0x10
[  572.269643][    C1]  ? do_syscall_64+0xb6/0x230
[  572.276870][    C1]  do_syscall_64+0xf3/0x230
[  572.283222][    C1]  ? clear_bhb_loop+0x45/0xa0
[  572.291712][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.300694][    C1] RIP: 0033:0x7f0eecf72a7e
[  572.307706][    C1] Code: 01 00 48 83 c8 ff c3 31 c0 0f 05 48 3d 00 f0 ff ff 76 0c f7 d8 89 05 f1 47 01 00 48 83 c8 ff c3 49 89 ca b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 d2 47 01 00 48 83 c8 ff c3 b8
[  572.334992][    C1] RSP: 002b:00007ffe61e388c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000011
[  572.348134][    C1] RAX: ffffffffffffffda RBX: 0000000000000310 RCX: 00007f0eecf72a7e
[  572.358273][    C1] RDX: 0000000000000310 RSI: 00007ffe61e388d0 RDI: 0000000000000000
[  572.367339][    C1] RBP: 00007ffe61e38d50 R08: 000000000000c0ff R09: 0000000000000000
[  572.377046][    C1] R10: 0000000000000040 R11: 0000000000000202 R12: 00007f0eecf4d5c0
[  572.387083][    C1] R13: 00007ffe61e38dd8 R14: 00007f0eecf872a0 R15: 0000000000000001
[  572.395939][    C1]  </TASK>
[  572.401473][    C1] Kernel Offset: disabled
[  572.406800][    C1] Rebooting in 86400 seconds..