last executing test programs:

9.702242842s ago: executing program 3 (id=617):
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000c80)={'batadv_slave_1\x00', <r3=>0x0})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCRTMSG(r4, 0x890d, &(0x7f00000000c0)={0x0, {0x2, 0x4e23, @remote}, {0x2, 0x4e22, @multicast2}, {0x2, 0x4e22, @local}, 0x97, 0x0, 0x0, 0x0, 0x8001, &(0x7f0000000080)='dvmrp1\x00', 0x2, 0x9, 0x4})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x70bd27, 0x25dfdbfd, {0x2, 0x20, 0x0, 0xcb, r3}, [@IFA_BROADCAST={0x8, 0x4, @rand_addr=0x64010102}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_LOCAL={0x8, 0x2, @loopback}, @IFA_LOCAL={0x8, 0x2, @broadcast}, @IFA_ADDRESS={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x43}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}, 0x1, 0x0, 0x0, 0x4040014}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
mkdir(&(0x7f00000020c0)='./file0\x00', 0x82)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',r'])
fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='f', @ANYBLOB=',,'])
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

9.514288531s ago: executing program 3 (id=618):
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000480)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x17ef, 0x60b5, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x0, 0x2, [{{0x9, 0x4, 0x0, 0x3c, 0x2, 0x3, 0x1, 0x3, 0x80, {0x9, 0x21, 0x1ff, 0xa, 0x1, {0x22, 0xff3}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x6, 0x7}}}}}]}}]}}, 0x0)

6.915169948s ago: executing program 3 (id=629):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x30, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_FDB={0x4}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, 0x0)
mprotect(&(0x7f000021f000/0x4000)=nil, 0x4000, 0x4)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)

5.657721672s ago: executing program 1 (id=632):
syz_emit_ethernet(0x4e, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd64fde9e200180000fc01000000ff0000000000000000000000000000000000000000ffffac1414aa3b0201030000f8ff"], 0x0)

5.505242105s ago: executing program 3 (id=634):
r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000180)=0x200, 0x4)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000500)={'hsr0\x00', &(0x7f00000004c0)=@ethtool_sfeatures={0x3b, 0x2, [{0x200, 0x4a39b33c}, {0x2, 0xb}]}})
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r7 = socket$netlink(0x10, 0x3, 0x4)
writev(r7, &(0x7f0000000000)=[{0x0}], 0x1)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={<r8=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(0xffffffffffffffff, 0xc01064c1, &(0x7f00000001c0)={r8})
write$6lowpan_control(r5, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0)
write$6lowpan_control(r5, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
r9 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000940)={r0, r9, r0}, &(0x7f0000000340)=""/82, 0xfffffffffffffcfb, 0x0)

5.462980841s ago: executing program 1 (id=635):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(,:', 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r6, 0x84, 0x81, &(0x7f00000003c0)="1a000000020001", 0x7)
setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000000)={0x8001, 0x5, 0xde, 0xffff}, 0x8)
sendto$inet6(r4, &(0x7f00000001c0)="ad", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
shutdown(r4, 0x1)
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r9 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = epoll_create(0x8)
r11 = dup(r9)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r11, &(0x7f0000000180))
epoll_wait(r10, &(0x7f0000000040)=[{}], 0x1, 0x80)
ioctl$SNDCTL_DSP_SPEED(r11, 0xc0045002, &(0x7f00000003c0)=0x10000)
connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f0000000380), 0x4)
r12 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r12, 0x0, 0x8081)
ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000000000)=ANY=[@ANYBLOB])

4.363018732s ago: executing program 2 (id=636):
syz_open_dev$dri(0x0, 0x2000008, 0x3)
unshare(0x24020400)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
fcntl$notify(r0, 0x402, 0x8)
r2 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9b5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\\\xb0:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1exQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1.E\b1\xcb\xa2\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040))
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000a04fcff", 0x7d}], 0x1)
renameat2(r3, &(0x7f00000000c0)='./cgroup\x00', r3, &(0x7f0000000440)='./cgroup\x00', 0x2)
recvmsg(r3, &(0x7f0000000400)={&(0x7f0000000380)=@phonet, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/54, 0x36}, {&(0x7f0000000940)=""/135, 0x87}, {&(0x7f0000000a00)=""/77, 0x4d}], 0x3, &(0x7f0000001280)=""/4096, 0x1000}, 0x40000181)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f00000002c0)={{0x0, 0x2, 0x5, 0x1, 0x7fffffffffffffff, 0xb, 0xffffffffffffffff, 0x1, 0x2, 0x388, 0x0, 0x3, 0x100000001, 0x1, 0x6}, 0x50, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r5 = fsopen(&(0x7f0000000100)='cgroup2\x00', 0x0)
r6 = fsmount(r5, 0x1, 0x3)
fchdir(r6)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, &(0x7f0000000140))
renameat2(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0)

3.478848813s ago: executing program 4 (id=639):
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000480)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x17ef, 0x60b5, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x0, 0x2, [{{0x9, 0x4, 0x0, 0x3c, 0x2, 0x3, 0x1, 0x3, 0x80, {0x9, 0x21, 0x1ff, 0xa, 0x1, {0x22, 0xff3}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x6, 0x7}}}}}]}}]}}, 0x0)

3.375623474s ago: executing program 2 (id=641):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000640)=0x10)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r0, 0x0)

3.276554134s ago: executing program 1 (id=642):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x549f41, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000280), 0x0}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000bc0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
accept4(r2, 0x0, 0x0, 0x0)
pipe(0x0)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x34, 0x6, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x3}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8800}, 0x8000) (fail_nth: 4)

2.854810037s ago: executing program 1 (id=643):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000540)={0x2c, r3, 0x1, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xd85a}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x20048800)

2.805735518s ago: executing program 1 (id=644):
socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x3, 0xff)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="fa0500020e00000000000000070000000500060000000e000a004e24fffffffdfc010000000000000000000000000000988500000000000002000100000004d4008100000000000005000500000000000a004e22fffff800fc01000000000000000000000000002260a703916adda978"], 0x70}, 0x1, 0x400000000000000}, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80)
r4 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x3}, &(0x7f00000003c0)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
r7 = openat$vcs(0xffffff9c, &(0x7f00000002c0), 0x410080, 0x0)
symlinkat(&(0x7f0000000280)='./file0\x00', r7, &(0x7f0000000300)='./file0\x00')
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="9b4307000021aaaaaa5dca02fd004500001c000000000001907800000000ffffffffe0009058fffd1040"], 0x0)
io_uring_enter(r4, 0x48e9, 0x0, 0x2e, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x2)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r8 = dup2(r2, r2)
r9 = socket(0x2b, 0x1, 0x1)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r10, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
futex(&(0x7f00000000c0)=0x1, 0xb, 0x2, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140)=0x2, 0x1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20)
sendmmsg$unix(r8, &(0x7f0000008380), 0x400000000000174, 0x4008890)

2.662860923s ago: executing program 0 (id=645):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x30, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_FDB={0x4}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, 0x0)
mprotect(&(0x7f000021f000/0x4000)=nil, 0x4000, 0x4)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)

2.226078051s ago: executing program 3 (id=646):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x30, 0x0, 0x0, 0xfffff00c}, {0x6, 0x0, 0x0, 0x7}]}, 0x8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}]}}}]}, 0x38}}, 0x0)
syz_io_uring_setup(0xed9, &(0x7f0000000280)={0x0, 0x0, 0x1000, 0x3, 0x36b}, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x1, @remote, 0x65}, 0xffffffffffffffca)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)

2.154189615s ago: executing program 2 (id=647):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000002140)={&(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000002100)=[{&(0x7f0000000040)="694d60285df305d3c49a383656798e8a5767f8c037f4d8c2fe9f1910a04ff7936511a0003e6f932b58c4257e7f30de74de455e42266d68e76a64023b4286589a5c7b1363f6552c7d878e90f897dd675052500fd05f3bf6f19d80d59704ec362c8841e3b74c63820d5f458125b7dfca50b84babe3fcb7429b34318d1e37b7753fa5bb20fd74896f25b53eb294144566d940b30d848eef6d5b8d8cdae0879f4fb7bf3ca5aed2a19ed999d9c676ebb59aeed9c4ff389ffc8a02279c3d5aff6a8590dddc24b9016c6f66ce083826f31818d1b97057a0b1a20059dc75664203e8de01cf6d1e299937f7fb7748266b13514b228139398bcf765791a29ad8787f2205c67b2785668bb73b06e8b08ab7151890b5ad529071458f05a2651957ec97265e5b6625338abe11e4fe322c372da5948fc77f941335fb0fa257734fef38c565994fae97464076c76d9bb4a9567d7a7da31f76f7ead3e4cf3fe510d08ca1ccfbf6715042cc25aca5011abc884609b3b79bd31cb07746fd12678e9f1abad99c79dabfc45b1ab3c131a0baa9b7eaa5a0a8dde40d01ba0872376bdaed093520bc6eb7a7fd0de58a31ef1b44bff312553a1d98aadd6b00e35853947031e3c980bd1cb63435034ee6e0e348f79add0d794c87b9c16d8080ff98130a800684a791950a55c0880131b3a07471dcb8ecc7e853610207d10c2d22bb2ccc0c2f7b3719aaf3ea143865a6421ff53ccb1e3ea075e93bd9871d47bc6178b778c0a06ae6e205dc88ec1182e40c8d2ab96f46802be8e9d3883de7b37256c4336b991f1d751bb96e361621c0d0d1459859e23c810cd07244521ab58902214866d00596d01abf3a80080c6cd71f47c7e9a3037f4906e31b5a864dd8480303198468ffb9d699e659ab4b01e5bdb0b5b6913ec052c49839097aeeb905239e41202a180a1eabf22c2bf8423a5f2165b15d9fb5f2697d02cdfd24bf09f70dde44c627e0b8c4958a1642704921ecc0224c46da60f3b6b208805f886c6e80e0e74a9d227e7d2827fc4530c2c75f7c8e7df4890838c0beb818bcd7fce395749685c0a30dd0fe6892cd4e87a219c24376bbffc45a0666e6f5f222cf44e2c3d8389d463ea9f764685c99a0df6ecbb6634201becee81e47c9d991dafb1dad425d682296ae8e8495e5acc22fd0c8d458aa05dd0b8dbb2ee3e14689886c0590b8505a4b9f479c2afb7d14fa8cf2770ace413bef8dd8836cb8b520872fd7cb35b55ffc4964d7cc8c081dd6369e0979b6ed730cd3c114fe839a2cf0043e7be972cb96f8f3acc559e8b20f41fc5e9fa3ca9c504b6414088dc5cdb475286daacf17b9314af449809d84c5c3f61ecec9f395104cc3328aeac7419d410a9f3ecede4466d16307205fae69000e708ca4fa3a4731c99b93a87c3ddd273512cd9ced0ea6d4613697f02cf4e225caf4d8d52a8ea3e1a35921b7afbe528ff17ae8076b204df62d435a145358ca3749af75b03f857817c7271e7e2a87a1914176d5e627992f3936e34199d1d96824cb706b26e450de36438e1bc30b206a3c82ac951690d3cfa665d82898385ac75e5f1960337c561ac91df79c6b958468493a1d8ae3c7ccfe2816fe9d674451430d229c038c0c60b847384309d68f903cd28849bf1f7192b69da0e56298f48098a2b8a20cbdacb1ff938b66c938441e3b24331b126fa3f1bd8026526cac7ad8925b9dce3463edb2db84905191bb3323a1040fcad939294f406e594fc74c0f52c7fb73daf1f8e919e029238219bdb19e6ebbc5a7aa951fe9f34c5567dcb3d39448fcd2283ff9952f4806f6c7e7f48fe1e74ba3ccc1d5f9ea989bee819ee7df907717247c912b78b5413ab74f90a0efb34c81ea5230d538acf4f9f7ae72bca1a805c9b93ebb05a8eff9acc8b4d8caa10a9927dde42c4223c8e653ccc94fbfd1db1ed2cf4ffb1db9a995121c20d8ecf33ec0ad53513c2f775e1af301bb3ddb148de8d0a5d3bd6a529382626a17bc6b4f63990ce6b376feaab9a215af5ad9b8641426217f4b788fe746ea61a37df1ef5323637ae8412a78c33d6950eed70611d46e19b9392da804e6adc0ffbc15e04530e790487c24fe0c2f23683a80dab56988c02cbedb4568e3b3df3db37a2c10dc4b92edf4eb77186ce25be57621162ede169a507dfdc1054938ea854498b97ce4419861fc71fb95e9c8ade97950ea10679214a7ab42c29a8ac88ffae45f210c88af212db821c3ba5f09bc1b129dbe70f04f58b35af176f72b0f7fddbd948b57eefa7ed03adc86dba8134fc45be25fa405bf8430641bb5b957d0c7a98aadee81ff7d236b104db856663d06a0c35676352b45be760a5dc9027bb5f076e21a203a6863b51f2a467ab9e50382cdb945abb18e44b888657d51da5a4e88efe6a4cb1de4d8cf51a9ce15610963b7ec4f39cc16294a1b81c2934875a7cfdd0687478b429c953db754d6c3116fd1e5d5d6fd597d249773f4b3e47fb00a6ce76aa07e8ab045f9c493b4089a65da75697dde99dcc4045ce335a596f735c51ee1ef70dcea4f72fd52be83990f30a83bf66bac970466f7bcd4f3ffcba65f839ba33179cbe1a6448b3318b7751bfbc3da09fd5333266d1cda761ca19313bca379e9e53f95b77c218ebd1478019c0c161502cc3225703e2a82427aa3621b8070d85b55ba22ca5433e6a7d0d330dc8bb2426863970c4bd5608ff53a908cdfe3ce1c7e405713e71724de923f605c8e9e3a28a9e96d918ddddb11687fd968018062d4fd2e956d1d765399dedf6549a994fe2235dcbcb0f38aeec0f6a120f8c9321ab3f9ca087011b809680ac9d514d078ec06ead008438566572a7e0d5c28942d6303534740eebac4cd883080db675a7d5bc40ffc1afb5842155920e61200802a4d205fcb205b8acc1828c05d1de7c070f8038832dd48e3fb23e1170bf8b141141756fbf527c1774a96de4d1c6f23cab38ea704deb254804a2f04b7f2f4fcdefeaea317bd78804303b8aec86a0819ac809eff5e5f0656c39692bcde3a113a07e644019b4764eca15580c3e43fec9ff805481dc1d5a5a43332e6488e521295cb6654413c4dc3b918d48481bdae5c54473eed8b3891de1583d7667c92ed31d754baaeba05677ef8e97bd75ae1a25c6043a993b1985810f5112236d7c942fa1a020165c6ccbf89aa31f208122b07efd94f306f2153bc207fa53dfec8de15269f164c2edd7ccceb297dedc90d49a854d7e17a31e6d00c8cec9f4909851095fd2d41b5cce4b4f5a0e6183d1be4aac9b42762898e040cae05ec72b41634a983f0665c6840d60a0f79688a7f9161986be2bcc3b1e5fc2bd2f3803f9ce20ad30101efd4d4207512a45d3c05c644f3976cfa8e62b8741820f5565545485f9ce46d01004e719e80eecf3cf1a53693e57b62d4216bb0223b6c47de6952981254b7e30a93fe7ba1ec4e3ba1874b77bd196045c82d918e415d3f9080e92634affb9d5e416f10ebb8d67078269691a56524910aefcde36bcfb086388cef3713fe1ad4850578e0b482ef07537adb494509dda79d73d7a6b443ce2963cbd5809181fd4cbb93cebc1e4ced62aacf0797c91b90073e72b53e5174d7c7ea5d780659fe318d22115558444f2f14667aaa62f2e2e86475dea7c140d801c070a5937107fd1186cbc17d597d3d87ce151f16a57c1c21fd7e97c1de496e2aa61353fecee2a90f6ef59377ea27b439446cc0ae450d24128aae685b6c2f992f722ca0b67f1a1f65d9aa6d7bb9afd8d3e44151e0215d701ff90154c270477526b2cb171fecc918abf17314153583061e30940955b3e87760712607d4468d22a5ca008f21d27a7c750b5442a62c4032581ab811c4eddfe37766a678edefafea173677ceea2c2461445fa245f6b4286c6af7ea242e45b7d7e359c124fd7d28d143c5acf7ad0d2f8d982fb9333e3dfaf6801bec1ce4a904133faba90fdb0da9a9857f41c052dffe46ae7d3816c670ec0b793f46e246f4deb3e0d4e98354ffecf5e787255b8ccd98c9ac2a5f90e0a82606a4c0491bd786791a291876a411adc99e9044ee94c453a444fb37241dae0d0c26eaf6923cd1eb98eff3b8c2cd75f11c0d8445d15860f74e9235a888dba91138134d251213b9f39affca2f8dd2cf0547b3e582e92ec495389119a2ea68b02ab11d7f362b34a29f7d2ab016d42fd7c71b7f32f0231448f195f34a617216dca96602344a283d94e7176d14e205e3a45ea159524e700d560c4c7cc7e467a6c65f8e2fd9e773687421c00adca733c3b0a6d663d9b1d65376c7570c8ec7645423781e14207e66344325cb48eeddf8e7c5cd7e5735109bd643195900b19ded191fc6c6801afda6d752f84522d7b96c06f9313f9d91b1cc351a5af3f88865d961630881dbfd3a0200a4d1d776714a9e363695ecf42f088c1e9b68087767e4ac45612ffab6003b13f62c8e6f354c3aa9d95b0081e4eed4530a432aeaca7c16c91825b9404b22ebc07cbb52da37f7aa872f9ceaea3ad4becba684c0f1ab8695f10b2c4c42ce81faa100d440b25a8f983aab47f998dbc492892a0385498d99a6aa4b1afe7b54c49eb0d15a5516a87df8c9ce820b42967461eadebcaf077c47bf4f819c5337743d949f512fb37d6c75c93929170ed4b5e2a4ff92553d396bfc50bb49f934adf4936dbb2b075f3eb77db5ce389bb09bc4df210e8806bda1405443209e1405ffd772ee215fc323fcd0665715da09cfb0deb691cc9103775989817afe63ba219eaa947cd6fa7ad231d651498ad7de8bdac5a1a932af0ed35f6fa62a7edc74308b6c0f1c2571c8a07c472310f387530bd87f3642fb66d62ad51db384507049470bfb2434b79aff21deca9f65991e1711af28d247464c49541c8762573b68d8c3f08efb1dd9a22cfedb1ac4fd3a02b8f5ebd213708f66537885ad91b3b6e9b8542083d256ce5b159b743d455c741f3d360c009a95f710c9a9e84b5106d473dfbb1f8fbb8774a3d256afd1abd5911f86e4071cf726c264e76845970f5f31ea53c82c53eb0ed9a232d368ea82d07f931014b3dfe5b782031d9d528818f0cbaae202b3d00f075ea2701e2bb5225a27c4fdb55f5225e3fb776c109fc4b5cdfddc3a97ff89c52afa40b3c4813530b43eaf0a9185775c6bd04cc1d2debf9eb69dad4ffda0fa4308de76d5d91c4e4d9e1243a9f388c17dabf2698a22a02de5102a134e198bf27cdc194d5e1b4cacd61f8a4aa189e59dadf06ad2f4f21a662f78c7fd2799edac63d448ea1e21ca8dd1008d72fdc4b71f97873c750b357642ff71439b31b2acec0d2667bbf4c3add1e73b8d11e939380e5825611286ff66f1530f7499d97d812eeb5a11b263a4e0e0f6d836715dcaf6f34e862df964c40236679de0be6bc8b38916992697a599c2d52f490a78e3eca4f0e57538dc277c6001912c1c9a928c68787d9589dd593346d081e2be4eb624982831f9e61b52779b737472dbc318342a9ce6c5352b2bea7c158eeff615eb0e4ce12ec5bd4f7eec307e85ecfd37e3b78619e51796d8abff895c756cee395debc27f1b5291e433761971916d3c2649a8cafbaf9e0ab68d87f20684faea33e3fef74284496d1dc4b8a5cd27d583456b4033791a83eae4a425c96bafb94fa589025e8f56968456be7d9170b84fdc01a38931c73cbcf80516877c9952f3f996a70a31e22e098d3de5c9e1615637abd759f5355d430fbf603364ca0557ed2e8cab89a5547631a65b067f2b423731400e344d58f11127285af83fdec734a19f99b3569ac6faa6ff7a102a465488e633c2cd046f7646b4d04e", 0x1000}, {&(0x7f0000001040)="a65e054c59d09e8c020d74a65386427e97d656569e09d6b453afa69db97102494748069161a81f5021c3a9291c9471818b74c0d949dd176238f00767ef22e6d7b24e057f0e4b97966bd0681bb375fd88a24c4017d03b10bbd1877af501035f2c3ccbb83139dca8faf0dfab1677c62d4ba8d482d725cbe288bd6c7e8921e146edd68165848dd6f1b88fe5eacfacb683e567214d679fa329fca297340c5930dbcbde0ecb9385f42c4bae722e268327b7b461a97c0647b032fcae", 0xb9}, {&(0x7f0000001100)="eb593276b781e0814d603e93e24dade2b4534dcafa7e1eea552598360929bf1cc57cd00dfc42c5a43ed3ec6df0794e9d348f6e81de38773dd04b6043a8ec6161f33ebefc2d8f16f71dfc0513c79ba8c6564ede8d0cb6d29f26d652cd785d1e2709f7662374700cc7b368ffca02dadda0027d7438b0e429c4fd2a5ba967baea40ceb55646b1d57f39bd36810848ad28e48e6b82e869df6aa0119ab40f14005a4575e6bccd0a850b8ecef5d439edcb6e9547799ed2a1aea77c4a6d0645e0b514d742614342da97ca97c23317c3b78229cd070e11c473c27f9c68445c0a9ea67bc27bab40e05ad41087c48b65a918f429193fd0494c5d4c4af1dc2ebf27fb4d7de5b30a1abe395c94b0ea46a87581f72d641ba3feff9e8d0425ed8e94b8ad65379186da1db97ab4cec4735784278c9fad16db430e40c64c1ec647c705b3a9ad7253b4bb0c08d4d1320de4da7d4371b17a9f47bd1f1f52653bed5112316356d75b08fabb18e3e4fae45f4aaf7ca644a9047a2d8922a85aa6b01bfc01c1f1dc2a033898425b3b6c5283c27853c421a30dba6450f9fbabcf97094106c1a6f84ffd7e775c2a2529466f2cc470b027b61d89a7adcbb76554a460dba998a5aa28e89369270749c3e51aa84008246abe28088adf306bb4e3cfb79a701475da9650b4bfe919efeee5c41379418ee8ffdbc7db06c12f387934e32d9bebe1c3d546363193e92a1c9efd8618167e84ce8529af06a664f4abe156c292bb33b97bccce65e2ff814e466291d481031192fcdf46249d9735e3480abf84dbc71b6e679d5426bfc1ab0746b60fec4f91e0a4bb7312b325d8d3f57b6b706db251d879bd17d72c03b80865f87934d7a033e7884e90a614b003b90f5c4885126102e43a85e3e685d003c6c9f7fd971fea1f4aefefe86fb16a2ac837c707c33974e490530ed9976d0e046faea20ef5293ae58f263e0cd46d94f7c3d5c53bb731e0190e529ac37d9f143cb0b1a432dadac4b0278f12986fac02c6336ba47b8274c9446d3d32801326e2f2cbade5c2fb94a436d32e4af7e2defddca3788572d64fa47e1953289c0ff0c8354c3615f4473e68382abad7970f33029f2931a4ba719f34bf92c8f2d4ca0a651b7ea656ee23305a5d53f6ed929086e80ccd885c5727059601a07ad758e9e4cb195ab08f89ea1a59ec4ee0f9cd476d1be8dbebd890036c389a83bcd37b9b0d01a3bd87ff952aa9c94601c2bf658d5923301d2409f679d264a458d516e3495379e89540e97901ffc630c65892090b73247d1aa10c053e5d6c09e692b6f49b185edc7d7cf3d30f980ba6f1752e8b1c081e88a4b76bc22d488f75d3e139706f2b45efffbe90dd1e9b2cc4785802176ac24918b6dd3bc7da358075cc2490d4894bd706feccad00b7efc64c06e591f7a1b6349d571ca7e16dca2cae77d9eff0ef31db7c5300a2aa9c1dbed0428a044f532c7970e318ee7b49eb9e43e2c25f81c0f7c76bc6307a689f8b4775c8b732b0fcd394444bea5b3abddacacb71c8d084e24445d225bd76421c3a7fd88f897ab220c4eb8d48932ac36c17b545cd11b6400478000413f789d5161c82b61e5142fc2ba2b4659769685657bd65fd007c8e8ecb6f58a57f63879bcbfbd6763655b45d07e7ebafccde4ba9feddc7e19e2ef6e730ca34cf8560581bf18dee4caea205c9a8c1f132d2f9e86341c1eae320ae8d06b71fc127ee9c31a099ce7b77fe2171df841f2effff5c0616ef809e11fffd3ce89c3ac60fe1addbd2e6c555cb64bb0cff85f3769f3dc6d3713a2bd357a014bf2865b0bba34bfa2a9d0ba8afbcd4b6e5c45e83289f52193b5adc7c36cc23dd4e81ee67682921884ac9550d9cc6d2f55acf2ec3befbd66bacfddc69cfb4b2fb3746d6dfc65ff231ac56cf62109df9bcbfb362e021e94aaa304d91c0b9992cb72589a2e9fa38c45e887102d450dfffa4a9c57306172935b8b2fa744bdb157f10250d0690bd330cee588b86b21ab8f4ee0f1e14b37c262ddcbbaea162fc76f00eae9d41d200455f5c6736c457c915c197fb3d544bb30fbb5df15b872a277209811da1d7a964aeb9d28e120d0b08eba5e0141a5fdb50de4bf893aa72fd72d44c1505bb33fe07c440e9d50715b6b1646a9107475bc1b8e0b1edb2193052ce3b5d1ab0a818e4d0f31b309ae30a45d2c5cccea0db3084385f5bb7bc58e59b1e839d0e2654efa473285de2f65af50841af2526f4b844387f1f075c4f24ffd58268ea63c9e41a05c9bcc7846b63eda2b5d69a43f3d9fd0a7c1e7b99131a20fb108877e9adafe43e5d75e9ed54cc6a5091fb24300779b61c59dd50b2d9d15da01833a25e2669bc3b71de5ab0205286bbc0a4cdb2c122e19ad5081d67281666517d8c80c472f2635985a1e3a41ed8e9203a8cff6ac0ce622d5f49d98a1fd44e7a9c972777d7ffb55550c707453207780ae146c34b7e48438c0efc182128e6cf72080968336edf8ab881cf42d2935ea54873a92901720ca21eadd4a28b93d3e5dc974f926078371290913d410908a4a71e9f7ddd63e459690917a2ec0494dba4f428f37459d458fbf1ab27fc8c57552660121da40feeab741ea3738463f8e6db941940ac610f91f20a4760cde22e36e954a1e624f6624fd790a506839bf6a58fc1fa56eb596b5889b9aec718a6361ec3d0b7e53f5cad0c320cddaf8e24473149a11cb5d972b2f6e11f457a659b7c2edef967eb28fd2d542c7b36484906aefcbb567072a005f89802a7fac73acabdf77876ef76484077d5d38442d04c13f2b098a2b9674325f363b85c6523a761fb22a89e5a9b3cd03c4b05cd7f857fb940a75254206057e95984d900c01beb70adae98e92bfdf77852839306deaeacfd8134c1a2bf63b7d79fb4dfa2640c300ac1572baef259e68e9ecd83c5a04c9a326590cfcf91a8fffb04bc02ceb8d0747b16a1e6ade0cdd3887434344cd0f71f9037ca5399345e32a9ca21a97be2e45c5a6b0e9c8cf883d2b4a96a52aaeaf94e7ffc5e89b88ffe01d59f7a34a884c1371d7e00ea6286c6248b359cdcc2190a7ed5ff1cb9e15455f465b19db0a6353b92847f3d398a5042dbcd2af62e603e4dd7b5bf7b046062524ef1e1485af537fdccb56a9b9f712d0bb593def6a37ec676614de5def389ff665ff6f05c1330f92cbda1e05d002a9edd974b9faa7f1139b6d6813258c2c1d1fcfa6239f98676acd9369f0bc66212f8ee12180b3a1fae09de82148613001576acc2696ab5dc19a8c253cad56a55fb2ebfce78a601e23feb3d9650de0fd1c74519d1be8d5322d38ca791cd39dd9bb01554f47d44474811cbd0f29d61e614efb648014168feecb51b12c9b3efdd12c6425e60a5b66d405650856ff02d51ea34db8be44becbbfbe3e72b025724a37d28356d62e52e08844b4b71c5ccf923f41355fa1ff9e3308e88e91596d62b267ccbfef865e21025bc5419b99f8a6b5ad152cbfda4ea5f1c0076c10b2f06eca9cfa6478748b040b8d9fffcba98c25afa5c99c7186421ec68af5146df1c986ba8afab6f3ec30d032269f1e0875005d22afe1ddf774f4a4180c9c58c9f5153b011522aacfaf928b76674bcbef5e0e49bc71dd38599f30bb00ee21a7643a8400bff8aef8cbfec3a3f3e391fe9f4d6467b6e0d0e6372e5c2dc5e5e4763939f927287ae2c6381ea0e099221a1590b60d1748c31bc116d3e4d021d48082cb640a04cf9d03fecadc053c5fb05cb64c8104be8b080d22afa35ff5a9610a562808f314858ffdc8ec21982186f819b30825e68e7f4730fd1346867a231d73c1bc0ecdc6ee0d0d4e02882942e177c5e7f09a5cea07ebfb12a31a23003b9a19f3976130b9907e7cad69eb14e55b1c6eb6f108b2c6475625fa5485ce82b75615dc133d817c2455ce35feca49abdc92ac85bc5b41cb4258a030163a474aab4c99e2c720cd0420bb54f60bb457a4070e00812635511ceb571b57cfaebda71115bacba8baa4b803b384bde3b2cd202548ca890d7908e1fff898a56ecb5dd96526f334ba795b7a37c99abecfabd846c5b7097fe3a14d1eb354880285ee424088f09cd7b90ab6c98d79e2aaa2385498721cc51e6afcac7b44c0f46ebaf172b08a114ad8db792e6b53dabae91f873db013cd5fce2f9d06d401a2045f65f80a7d63b430e42c150974683a48963c5b2adafea42a30c0e5d4ec282cf861de16aea921acc987149bd95acb345020f8bd7599d440ff124a866415c833bc256bae99d095095ae177267b0d0e29e98cc072e8af1afc0adcf8600d13ab758b1dd7fe688ca4c5114def29bdf4231f189fc6645b59a6709e257cbfd772a145e804d04a5a49641e6a214426941bb9e5bb93cc5ab2c934a115867524e0545ddd40063435c193ab1a5d387ad6ffc37ceaaf8c91af9b8ffff434fbb9cad68e1a29a78233c45ff043621fc374f8dc5e23d5ff47a22869b8a7d4cc8c35c754734b6ab24c39e2f36586a3c42948fefd6c63e3c9c05d8e9566942c1fea264fe0e55c24c0f2177bb4f3a5f84388f828c42f4ef4683c7e06e893af7dd9c1aa393c424783fb5f6a112b4caf7f36f594daea94892c2bc33dd352fe698e530608194a5452c856ffd458a32efade97271b3daae9a5b60c9856f3c020d8becc53175da4ea443f16fcd356ed1bbc8ecdc6dbc626eb10a8c39da5f1314a047aad11e84c03c5e01e21cbb9f96496f3b0642586bd6967f12de351efe52fa565d2d55b2a06eceb71dfd000298add6a1f5a8d28c3f6a114ba1c034ec08dd1ae2657a01993cc92421c2d2ab5c6d8ea46cc99d6fc2c76cf07496f2fa3468b6866fe53f34608c615b7a54f2dbef65fdf7ade62906546ea7f5826d01895ff070318ae412cc19251e0ed550c99288bbb57fa8d8750ca6371ba28aee6e3909dffb27abaaf78372a45377773c6f6fe2ab04761944c5582cc5102c9cc3a2e9d97ceb9ad69649da1f241462f658d9ae6b4b093ed1fa4573e8f3674ae3f1da176870208c6ec4aacc6c41201ac8bba156290517123d50992e87810d20d249cc55357fe21dbbfe6bf9eacb0a25f08190a91b454aa62e6de01b1bdb196defa304f2a793f8348d7e2c2aeabfad321abbd434ef089c5c4beb0c45c719513eb155b5ca0731239e8662a277598c11a4c8a3539db3d290a866347a59f3351c0b55134ccf11a222280b76abf53bc03f9704d2163fffd90c4dc756875376cacd1cfad50e2fa19a929042bf3e9158a273ecd3566d65cdbb09abe330b89a79892156dd804992ac8273b57eec2831a953a0fc44246791754edeff5ecca72ed2006936b5d631e99168468ef3650c88b4a10c44e347e7668809b3430412d8de690efbdba132f4de8654a1728092f9e7d7e702bc0d3000fc8e24bf5bebf3fd394ef984150a0f3f6837988f510a1bedb3d21b45319811ffc3f74833ad15af6ec546987553b8b33ec4875075313e149d419cb0805e997513013732c5e7e276f19eddc46d478e7b855aa42c0ba9e737b13dbaa268f581a3c583ff7602df67733e0f34bbfac3ae55dd2efdc7e630ef110698ddb4717a0d372f076ea8eb916412b803601256bea9e307353e52d462aaf5ab3af4e4998439f7d610c84e713485ea91cad0c2b3be8e938a596daad6ec115d3251d743ad4318b02ba5ff3b26e07e1c5ceaf916431492371e9bf92cd44ee49d0008bb335be48ba8b2214f8e60f4741d6b61f65c978eb2e4d04656f93b3e2817def203881dd12c6ac57d993cd44a4bf69f9f1ff2898caa7b690adb8a4b6a05e37670dea270fb52797e21133b0ea895cf741a79e347e2", 0x1000}], 0x3}, 0x1) (async, rerun: 32)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000002180)={{0x1, 0x1, 0x18, <r1=>r0, {<r2=>r0}}, './file0\x00'}) (rerun: 32)
ioctl$TIOCGPTPEER(r2, 0x5441, 0x3) (async)
setsockopt$SO_J1939_SEND_PRIO(r1, 0x6b, 0x3, &(0x7f00000021c0)=0x4, 0x4) (async, rerun: 64)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000002200)={0x14}) (async, rerun: 64)
recvmsg$can_j1939(r1, &(0x7f0000002540)={&(0x7f0000002240)=@rc={0x1f, @none}, 0x80, &(0x7f0000002500)=[{&(0x7f00000022c0)=""/225, 0xe1}, {&(0x7f00000023c0)=""/63, 0x3f}, {&(0x7f0000002400)=""/116, 0x74}, {&(0x7f0000002480)=""/21, 0x15}, {&(0x7f00000024c0)=""/44, 0x2c}], 0x5}, 0x22)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000002580)={0xff, 0x2, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, 0x20) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002600)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r1, &(0x7f0000002780)={&(0x7f00000025c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000002740)={&(0x7f0000002640)={0xd4, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x6, 0x6b}}}}, [@NL80211_ATTR_IE={0x82, 0x2a, [@link_id={0x65, 0x12, {@random="0260a41e6ee0", @broadcast, @device_b}}, @gcr_ga={0xbd, 0x6, @device_b}, @cf={0x4, 0x6, {0x3, 0x2, 0x7ca2, 0x3ff}}, @ibss={0x6, 0x2, 0x65a3}, @supported_rates={0x1, 0x4, [{0x4, 0x1}, {0x36}, {0x2}, {0x2}]}, @random_vendor={0xdd, 0x4e, "9450701ca030b3aa28aac691576414ea4642970946ee0d4964e734395405fa5b4c3e12ef43358fa96d4c98b3c15092999e82038648e979ab2a3b11c9d1f456bbd6301261085f4fbff0022f1a6730"}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x48}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x3a}]}, 0xd4}, 0x1, 0x0, 0x0, 0x4000080}, 0x4040810) (async)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) (async)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x12, r1, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f0000002800)=@IORING_OP_FILES_UPDATE={0x14, 0x20, 0x0, 0x0, 0x2, &(0x7f00000027c0)=[r1, r1], 0x2, 0x0, 0x1})
getsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000002840), &(0x7f0000002880)=0x4) (async)
r6 = openat$incfs(r2, &(0x7f00000028c0)='.pending_reads\x00', 0x88584, 0x102)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000002900)={{0x1, 0x1, 0x18, <r7=>r6}, './file0\x00'}) (async)
sendto$inet6(r6, &(0x7f0000002940)="bc3d2aff2d1317d730a62fb2c246cecc58a62f64ad84b9c794fb4b32610f1947675903bead387862927e17be39b4bdd7f67af3e79a75a3e801aa26d7fd13d5883bea55d03784787327cc137b49978cfd598a6d635c0655c2acc45a81b2f080ee7371d643e61d8f1f69b8dbccc3fa2a7eb7e7790f6eeb8c8e25accdef30d361ee338bb830aea4b69b156d4133c7b97dea2bc05b2cba631e1259459a812a08590c7eba2a7bee220d85caaddb37ae8855cd22e6fda6d86093be8d01f2ce", 0xbc, 0x800, &(0x7f0000002a00)={0xa, 0x4e23, 0x800, @private0, 0x5}, 0x1c)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r6, 0xc25c4111, &(0x7f0000002a40)={0x4, [[0x3, 0x7, 0x5, 0x6, 0x89a, 0x8, 0x7493, 0x5], [0x81, 0x1a86, 0x4, 0x5, 0xff, 0x2000000, 0x3, 0x37c4715d], [0x8c, 0x0, 0x5, 0x42, 0x800, 0x1, 0x3, 0x4]], '\x00', [{0x84, 0x98, 0x1}, {0x1, 0x6, 0x1, 0x1, 0x1, 0x1}, {0x10000, 0x5, 0x1, 0x1, 0x1}, {0xb, 0x6bd, 0x1, 0x1, 0x1}, {0x80000000, 0x1ff, 0x0, 0x0, 0x1, 0x1}, {0x0, 0x6}, {0x2, 0x7, 0x1, 0x1}, {0xc6, 0x441, 0x1, 0x1, 0x0, 0x1}, {0x3, 0xc, 0x0, 0x1, 0x0, 0x1}, {0x5, 0x5, 0x0, 0x0, 0x0, 0x1}, {0x1, 0x8, 0x0, 0x0, 0x1}, {0xb, 0x5, 0x0, 0x1}], '\x00', 0x7fffffff}) (async)
getsockopt$inet6_tcp_buf(r1, 0x6, 0x1a, &(0x7f0000002cc0)=""/156, &(0x7f0000002d80)=0x9c) (async)
ioctl$SNAPSHOT_SET_SWAP_AREA(r6, 0x400c330d, &(0x7f0000002dc0)={0x0, 0x8}) (async)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000002e00)={0x0, <r8=>0x0})
ptrace(0x4207, r8) (async, rerun: 64)
ioctl$SNDRV_PCM_IOCTL_STATUS32(r1, 0x806c4120, &(0x7f0000002e40)) (rerun: 64)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_udp_SIOCOUTQ(r9, 0x5411, &(0x7f0000002ec0))
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x6) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000003000)={&(0x7f0000002f00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000002f40)=[0x0, 0x0, 0x0], &(0x7f0000002f80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000002fc0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x3, 0x9, 0x5})
clock_gettime(0x0, &(0x7f0000003080)={<r10=>0x0, <r11=>0x0})
sendmsg$can_bcm(r6, &(0x7f0000003140)={&(0x7f0000003040), 0x10, &(0x7f0000003100)={&(0x7f00000030c0)={0x6, 0x4, 0xa, {0x77359400}, {r10, r11/1000+10000}, {0x0, 0x0, 0x1, 0x1}, 0x1, @can={{}, 0x2, 0x2, 0x0, 0x0, "aeac52d1be50a8c0"}}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x20000095) (async, rerun: 64)
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000003280)={&(0x7f0000003180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000003240)={&(0x7f0000003200)={0x40, 0x0, 0x8, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x6f}, @void, @val={0xc, 0x99, {0x9, 0x2b}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040084}, 0x4800) (rerun: 64)

2.022270793s ago: executing program 3 (id=648):
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x6c, 0xeb, 0x85, 0x40, 0x249c, 0x9002, 0xdead, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x24, 0xdf, 0x6d}}]}}]}}, 0x0)
mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x80, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x556, 0x2, 0x3}, 0x18, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000000c0)=0x3fcf, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
sendmsg$can_raw(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x1d, r1}, 0x10, &(0x7f0000000000)={&(0x7f00000001c0)=@can={{0x2, 0x0, 0x0, 0x1}, 0x5, 0x2, 0x0, 0x0, "4a620761efe46bde"}, 0x10}}, 0x1)
syz_usb_connect(0x3, 0x2d, &(0x7f00000006c0)=ANY=[], 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000400))
pselect6(0x40, &(0x7f00000001c0)={0x3000000}, 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

2.00816804s ago: executing program 4 (id=649):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x82000)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000040)=""/180)

1.770924089s ago: executing program 2 (id=650):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x8c, r0, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x38, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="0e5d0daf206ba25baf3aa55eceac21c3"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "83390a7d854f7755"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="d03d5b3395f039dbf0385110553e2f41"}]}, @NL80211_ATTR_REKEY_DATA={0x38, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "806e534865c70264"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "efbb16b675a4aafc"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="15eeaafd6ca82bb4930c8e91d494bc3b"}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4004090)

1.628768682s ago: executing program 4 (id=651):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d0000150000002bbd7000000000000800120000000200000000000000000006000000080000000000000000000000fe800000000000000000000000000000fe88000000000000000000000000000105000500000000000a004e20000000000000000000000000000000000000000000000000000000fa04000700002000000a"], 0xa8}}, 0x0) (fail_nth: 9)

1.615537226s ago: executing program 2 (id=652):
r0 = semget$private(0x0, 0x0, 0x658)
semctl$IPC_RMID(r0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004280)=[{{&(0x7f0000000500)={0xa, 0x4e22, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x20000005}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}, {{&(0x7f00000009c0)={0xa, 0x4e23, 0x1, @dev={0xfe, 0x80, '\x00', 0x20}}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000001ac0)="15", 0x1}], 0x1}}], 0x2, 0x20000040)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket(0x1, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r3}, 0x20)
bind$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000001680), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
r6 = openat$binfmt(0xffffffffffffff9c, r4, 0x2, 0x0)
close(r6)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x0, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa4, 0xa4, 0xb, [@func={0x6, 0x0, 0x0, 0xc, 0x5}, @decl_tag={0x4, 0x0, 0x0, 0x11, 0x1, 0x3}, @typedef={0xe, 0x0, 0x0, 0x8, 0x1}, @int={0xb, 0x0, 0x0, 0x1, 0x0, 0x34, 0x0, 0x1b}, @func={0x4, 0x0, 0x0, 0xc, 0x4}, @enum64={0x2, 0x2, 0x0, 0x13, 0x1, 0x5, [{0x7, 0x101, 0x800}, {0x9, 0x2, 0x7}]}, @enum64={0xd, 0x4, 0x0, 0x13, 0x0, 0x1, [{0xd, 0x475, 0x5}, {0xa, 0xfff, 0x1}, {0x7, 0x7fff, 0x8}, {0x10, 0x1, 0x81}]}]}, {0x0, [0x61, 0x30, 0x5f, 0x2e, 0x5f, 0x61, 0x5f, 0x30, 0x0]}}, &(0x7f00000003c0)=""/94, 0xc7, 0x5e}, 0x28)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r8, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

1.565581947s ago: executing program 0 (id=653):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, 0x0, 0x0)

1.318750877s ago: executing program 0 (id=654):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x1b8, 0x19, 0x1, 0x0, 0x10, {{@in=@remote, @in6=@remote, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x9, 0x8}, {0x1, 0x0, 0x80}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, [@tmpl={0x104, 0x5, [{{@in=@local, 0xfffffffe, 0x32}, 0x0, @in=@broadcast}, {{@in=@local, 0x0, 0x2b}, 0x0, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x800}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x32}, 0x0, @in=@multicast1, 0x800000, 0x3}, {{@in=@remote, 0x0, 0x3c}, 0x0, @in=@private=0xa010101, 0x3504, 0x2, 0x0, 0x1, 0x0, 0xa3f}]}]}, 0x1b8}}, 0x0)

1.121294114s ago: executing program 1 (id=655):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000000)=ANY=[], 0x8)
sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f00000000c0)={0xa, 0x2}, 0x1c)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x19)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001a00)={0x14, 0x4, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x40080}, 0x4000404)
ioctl$TCFLSH(r1, 0x540b, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000)
close(r3)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000005c0)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58)
accept4(r4, 0x0, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYRES32=r4], 0x0)

1.107451185s ago: executing program 4 (id=656):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd2c, 0x80000000, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BSS_BASIC_RATES={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc001}, 0x4) (fail_nth: 9)

434.591322ms ago: executing program 4 (id=657):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0}) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) (async)
r6 = fsmount(r5, 0x1, 0x0)
fchdir(r6) (async)
ioprio_set$pid(0x3, 0x0, 0x0) (async)
r7 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
write$FUSE_CREATE_OPEN(r7, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0) (async)
sendfile(r7, r7, &(0x7f0000000080)=0x2, 0x7f03)
sendmsg$TIPC_NL_BEARER_GET(r4, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac000000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000e600df25040000001c0009800800020007000000080002007b00000008000200980000007c0005803400028008000200090000000800010007000000080004000e0000000800030071000000080001000d000000080004000d0000004400028008000300090000000800040005000000080004000a000000080001000200000008000200070000000800030006000000080003000500000008000300020000002a851b5a747ba2a0184b834c3b414f5af514bb787a79eb06eabf783c407526c80ad1434493cc61263cc6a63ff5d5f5f3691ba2ef3e1ee69c075709118a56e56301e14b96afcbad40f6ff7edb53172c262198f5340a25deb02bf6283b1013560d874c5c73a6fae7b4ef6a7e5d705a0062a70a1ad9256ef35f01a1bffb8e4401b1308537963a6e8eaa0b54f788cee22f416bf271b0d80cf3d4c474440100508935a1ec9bae778b483db6a00a862a64ef60c0ea2a36f7c5544f55057de5e5f3"], 0xac}, 0x1, 0x0, 0x0, 0x4000044}, 0x1) (async)
poll(&(0x7f0000000240)=[{r4, 0x2080}, {r1, 0x8000}, {r1, 0xa2}, {r2, 0x62}, {r0, 0x201}, {r4, 0x8020}, {r2, 0x8101}, {r1, 0x8000}, {r1, 0x6002}], 0x9, 0x81) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000041}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0186405, &(0x7f0000000300)={0x7, 0x5, {0xffffffffffffffff}, {<r9=>0x0}, 0x80000000}) (async)
r10 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000300)={'rose0\x00', <r11=>0x0})
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r11], 0x20}}, 0x0) (async)
fstat(r7, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
sendmsg$nl_xfrm(r8, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000640)=@acquire={0x1cc, 0x17, 0x100, 0x70bd2b, 0x25dfdbff, {{@in6=@ipv4={'\x00', '\xff\xff', @local}, 0x4d6, 0x2b}, @in=@multicast1, {@in=@dev={0xac, 0x14, 0x14, 0x2f}, @in6=@mcast1, 0x4e23, 0x0, 0x4e21, 0x3, 0x2, 0xa0, 0x20, 0x6, r3, r9}, {{@in6=@private1, @in=@dev={0xac, 0x14, 0x14, 0x44}, 0x4e24, 0x80, 0x4e21, 0x4, 0xa, 0x0, 0x80, 0x2b, r11, r13}, {0x2, 0x9, 0x0, 0x0, 0xe, 0xe, 0x9, 0x4ba3}, {0x2, 0x0, 0x5, 0x2}, 0x0, 0x6e6bbb, 0x0, 0x1, 0x2, 0x1}, 0xb, 0x800, 0x46, 0x70bd26}, [@srcaddr={0x14, 0xd, @in=@broadcast}, @lifetime_val={0x24, 0x9, {0x9, 0x2, 0xffffffffffffe8e2, 0x3}}, @coaddr={0x14, 0xe, @in6=@local}, @etimer_thresh={0x8, 0xc, 0x5}, @lastused={0xc, 0xf, 0x5}, @replay_thresh={0x8, 0xb, 0x1}, @encap={0x1c, 0x4, {0x0, 0x4e24, 0x4e22, @in=@multicast2}}, @coaddr={0x14, 0xe, @in6=@empty}, @replay_val={0x10, 0xa, {0x70bd2c, 0x70bd2b, 0x30}}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x40}, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r3, {0x0, 0x5}, {0xffe0, 0xb}, {0x9, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf, 0x8, 0x27, 0x100, 0x1, 0x3, 0x40}}, {0x4}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)

351.92172ms ago: executing program 0 (id=658):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x30, 0x0, 0x0, 0xfffff00c}, {0x6, 0x0, 0x0, 0x7}]}, 0x8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}]}}}]}, 0x38}}, 0x0)
syz_io_uring_setup(0xed9, &(0x7f0000000280)={0x0, 0x0, 0x1000, 0x3, 0x36b}, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x1, @remote, 0x65}, 0xffffffffffffffca)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)

159.354562ms ago: executing program 2 (id=659):
syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000480)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x17ef, 0x60b5, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x0, 0x2, [{{0x9, 0x4, 0x0, 0x3c, 0x2, 0x3, 0x1, 0x3, 0x80, {0x9, 0x21, 0x1ff, 0xa, 0x1, {0x22, 0xff3}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x6, 0x7}}}}}]}}]}}, 0x0)

42.390157ms ago: executing program 4 (id=660):
r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000180)=0x200, 0x4)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r7 = socket$netlink(0x10, 0x3, 0x4)
writev(r7, &(0x7f0000000000)=[{0x0}], 0x1)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={<r8=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(0xffffffffffffffff, 0xc01064c1, &(0x7f00000001c0)={r8})
write$6lowpan_control(r5, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0)
write$6lowpan_control(r5, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
r9 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000940)={r0, r9, r0}, &(0x7f0000000340)=""/82, 0xfffffffffffffcfb, 0x0)

41.578158ms ago: executing program 0 (id=661):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x82000)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000040)=""/180)

0s ago: executing program 0 (id=662):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f00000000c0)={'erspan0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x1, 0x20, 0x0, 0x9, {{0xd, 0x4, 0x2, 0x6, 0x34, 0x67, 0x0, 0x4, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, {[@ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x1c, 0x20, 0x0, 0x8, [0x5, 0x400, 0x7, 0x5, 0x3, 0x9]}]}}}}})
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xc3, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

0: -71
[  213.737857][   T24] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  213.750242][   T24] usb 4-1: USB disconnect, device number 15
[  213.769714][   T24] xr_serial 4-1:6.0: device disconnected
[  213.903799][ T7471] FAULT_INJECTION: forcing a failure.
[  213.903799][ T7471] name failslab, interval 1, probability 0, space 0, times 0
[  213.917393][ T7471] CPU: 1 UID: 0 PID: 7471 Comm: syz.4.379 Not tainted syzkaller #0 PREEMPT(full) 
[  213.917421][ T7471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  213.917434][ T7471] Call Trace:
[  213.917443][ T7471]  <TASK>
[  213.917452][ T7471]  dump_stack_lvl+0x189/0x250
[  213.917482][ T7471]  ? __pfx____ratelimit+0x10/0x10
[  213.917513][ T7471]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.917538][ T7471]  ? __pfx__printk+0x10/0x10
[  213.917580][ T7471]  ? __pfx___might_resched+0x10/0x10
[  213.917599][ T7471]  ? fs_reclaim_acquire+0x7d/0x100
[  213.917635][ T7471]  should_fail_ex+0x414/0x560
[  213.917667][ T7471]  should_failslab+0xa8/0x100
[  213.917699][ T7471]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  213.917728][ T7471]  ? __alloc_skb+0x112/0x2d0
[  213.917752][ T7471]  __alloc_skb+0x112/0x2d0
[  213.917776][ T7471]  netlink_ack+0x146/0xa50
[  213.917803][ T7471]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  213.917832][ T7471]  ? ref_tracker_free+0x63a/0x7d0
[  213.917861][ T7471]  ? __asan_memcpy+0x40/0x70
[  213.917883][ T7471]  ? __pfx_ref_tracker_free+0x10/0x10
[  213.917909][ T7471]  ? __skb_clone+0x63/0x7a0
[  213.917941][ T7471]  netlink_rcv_skb+0x28c/0x470
[  213.917973][ T7471]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  213.918006][ T7471]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  213.918048][ T7471]  ? netlink_deliver_tap+0x2e/0x1b0
[  213.918088][ T7471]  netlink_unicast+0x82c/0x9e0
[  213.918130][ T7471]  ? __pfx_netlink_unicast+0x10/0x10
[  213.918160][ T7471]  ? netlink_sendmsg+0x642/0xb30
[  213.918177][ T7471]  ? skb_put+0x11b/0x210
[  213.918201][ T7471]  netlink_sendmsg+0x805/0xb30
[  213.918229][ T7471]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.918251][ T7471]  ? __import_iovec+0x5d4/0x7f0
[  213.918272][ T7471]  ? aa_sock_msg_perm+0xf1/0x1d0
[  213.918293][ T7471]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  213.918315][ T7471]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.918335][ T7471]  __sock_sendmsg+0x219/0x270
[  213.918365][ T7471]  ____sys_sendmsg+0x505/0x830
[  213.918394][ T7471]  ? __pfx_____sys_sendmsg+0x10/0x10
[  213.918434][ T7471]  ___sys_sendmsg+0x21f/0x2a0
[  213.918459][ T7471]  ? __pfx____sys_sendmsg+0x10/0x10
[  213.918520][ T7471]  ? __fget_files+0x2a/0x420
[  213.918536][ T7471]  ? __fget_files+0x3a0/0x420
[  213.918574][ T7471]  __sys_sendmsg+0x164/0x220
[  213.918599][ T7471]  ? __pfx___sys_sendmsg+0x10/0x10
[  213.918639][ T7471]  ? lockdep_hardirqs_on+0x9c/0x150
[  213.918672][ T7471]  __do_fast_syscall_32+0xb6/0x2b0
[  213.918693][ T7471]  ? lockdep_hardirqs_on+0x9c/0x150
[  213.918727][ T7471]  do_fast_syscall_32+0x34/0x80
[  213.918746][ T7471]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  213.918770][ T7471] RIP: 0023:0xf7ff8539
[  213.918788][ T7471] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  213.918806][ T7471] RSP: 002b:00000000f550655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  213.918827][ T7471] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000240
[  213.918841][ T7471] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  213.918853][ T7471] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  213.918864][ T7471] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  213.918876][ T7471] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  213.918905][ T7471]  </TASK>
[  214.249978][    C1] vkms_vblank_simulate: vblank timer overrun
[  214.268628][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  214.268647][   T30] audit: type=1326 audit(1756765487.187:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7468 comm="syz.1.378" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e539 code=0x0
[  214.355449][ T7473] loop6: detected capacity change from 0 to 63
[  214.362886][ T7473] buffer_io_error: 5 callbacks suppressed
[  214.362899][ T7473] Buffer I/O error on dev loop6, logical block 0, async page read
[  214.377512][ T7473] Buffer I/O error on dev loop6, logical block 0, async page read
[  214.391691][ T7473] Buffer I/O error on dev loop6, logical block 0, async page read
[  214.400504][ T7473] Buffer I/O error on dev loop6, logical block 0, async page read
[  214.403324][ T7475] FAULT_INJECTION: forcing a failure.
[  214.403324][ T7475] name failslab, interval 1, probability 0, space 0, times 0
[  214.427962][ T7473] Buffer I/O error on dev loop6, logical block 0, async page read
[  214.431378][ T7475] CPU: 1 UID: 0 PID: 7475 Comm: syz.4.380 Not tainted syzkaller #0 PREEMPT(full) 
[  214.431411][ T7475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  214.431440][ T7475] Call Trace:
[  214.431450][ T7475]  <TASK>
[  214.431463][ T7475]  dump_stack_lvl+0x189/0x250
[  214.431495][ T7475]  ? __pfx____ratelimit+0x10/0x10
[  214.431529][ T7475]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.431555][ T7475]  ? __pfx__printk+0x10/0x10
[  214.431593][ T7475]  ? __pfx___might_resched+0x10/0x10
[  214.431614][ T7475]  ? fs_reclaim_acquire+0x7d/0x100
[  214.431655][ T7475]  should_fail_ex+0x414/0x560
[  214.431691][ T7475]  should_failslab+0xa8/0x100
[  214.431725][ T7475]  kmem_cache_alloc_noprof+0x73/0x3c0
[  214.431754][ T7475]  ? skb_clone+0x212/0x3a0
[  214.431786][ T7475]  skb_clone+0x212/0x3a0
[  214.431810][ T7475]  ? nfnetlink_rcv+0x486/0x2520
[  214.431842][ T7475]  nfnetlink_rcv+0x4b4/0x2520
[  214.431877][ T7475]  ? __dev_queue_xmit+0x1d79/0x3b50
[  214.431915][ T7475]  ? __dev_queue_xmit+0x27b/0x3b50
[  214.431956][ T7475]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  214.432004][ T7475]  ? ref_tracker_free+0x63a/0x7d0
[  214.432036][ T7475]  ? __asan_memcpy+0x40/0x70
[  214.432061][ T7475]  ? __pfx_ref_tracker_free+0x10/0x10
[  214.432090][ T7475]  ? __skb_clone+0x63/0x7a0
[  214.432119][ T7475]  ? __skb_clone+0x483/0x7a0
[  214.432151][ T7475]  ? skb_clone+0x246/0x3a0
[  214.432178][ T7475]  ? __netlink_deliver_tap+0x807/0x850
[  214.432213][ T7475]  ? netlink_deliver_tap+0x2e/0x1b0
[  214.432267][ T7475]  netlink_unicast+0x82c/0x9e0
[  214.432307][ T7475]  ? __pfx_netlink_unicast+0x10/0x10
[  214.432341][ T7475]  ? netlink_sendmsg+0x642/0xb30
[  214.432359][ T7475]  ? skb_put+0x11b/0x210
[  214.432386][ T7475]  netlink_sendmsg+0x805/0xb30
[  214.432437][ T7475]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.432460][ T7475]  ? __import_iovec+0x5d4/0x7f0
[  214.432480][ T7475]  ? aa_sock_msg_perm+0xf1/0x1d0
[  214.432507][ T7475]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  214.432529][ T7475]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.432550][ T7475]  __sock_sendmsg+0x219/0x270
[  214.432580][ T7475]  ____sys_sendmsg+0x505/0x830
[  214.432610][ T7475]  ? __pfx_____sys_sendmsg+0x10/0x10
[  214.432668][ T7475]  ___sys_sendmsg+0x21f/0x2a0
[  214.432695][ T7475]  ? __pfx____sys_sendmsg+0x10/0x10
[  214.432760][ T7475]  ? __fget_files+0x2a/0x420
[  214.432778][ T7475]  ? __fget_files+0x3a0/0x420
[  214.432810][ T7475]  __sys_sendmsg+0x164/0x220
[  214.432837][ T7475]  ? __pfx___sys_sendmsg+0x10/0x10
[  214.432889][ T7475]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.432923][ T7475]  __do_fast_syscall_32+0xb6/0x2b0
[  214.432943][ T7475]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.432977][ T7475]  do_fast_syscall_32+0x34/0x80
[  214.432998][ T7475]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  214.433023][ T7475] RIP: 0023:0xf7ff8539
[  214.433040][ T7475] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  214.433058][ T7475] RSP: 002b:00000000f550655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  214.433081][ T7475] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  214.433114][ T7475] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  214.433127][ T7475] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  214.433139][ T7475] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  214.433151][ T7475] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  214.433182][ T7475]  </TASK>
[  214.805772][ T7481] FAULT_INJECTION: forcing a failure.
[  214.805772][ T7481] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.805806][ T7481] CPU: 0 UID: 0 PID: 7481 Comm: syz.2.383 Not tainted syzkaller #0 PREEMPT(full) 
[  214.805827][ T7481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  214.805839][ T7481] Call Trace:
[  214.805846][ T7481]  <TASK>
[  214.805854][ T7481]  dump_stack_lvl+0x189/0x250
[  214.805881][ T7481]  ? __pfx____ratelimit+0x10/0x10
[  214.805911][ T7481]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.805935][ T7481]  ? __pfx__printk+0x10/0x10
[  214.805970][ T7481]  should_fail_ex+0x414/0x560
[  214.806003][ T7481]  _copy_to_user+0x31/0xb0
[  214.806034][ T7481]  simple_read_from_buffer+0xe1/0x170
[  214.806068][ T7481]  proc_fail_nth_read+0x1b3/0x220
[  214.806095][ T7481]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  214.806120][ T7481]  ? rw_verify_area+0x2a6/0x4d0
[  214.806154][ T7481]  ? __lock_acquire+0xab9/0xd20
[  214.806180][ T7481]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  214.806202][ T7481]  vfs_read+0x1fd/0xa30
[  214.806219][ T7481]  ? fdget_pos+0x247/0x320
[  214.806235][ T7481]  ? __pfx___mutex_lock+0x10/0x10
[  214.806248][ T7481]  ? __pfx_vfs_read+0x10/0x10
[  214.806267][ T7481]  ? __fget_files+0x2a/0x420
[  214.806282][ T7481]  ? __fget_files+0x3a0/0x420
[  214.806294][ T7481]  ? __fget_files+0x2a/0x420
[  214.806312][ T7481]  ksys_read+0x145/0x250
[  214.806332][ T7481]  ? __pfx_ksys_read+0x10/0x10
[  214.806353][ T7481]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.806377][ T7481]  __do_fast_syscall_32+0xb6/0x2b0
[  214.806390][ T7481]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.806414][ T7481]  do_fast_syscall_32+0x34/0x80
[  214.806427][ T7481]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  214.806445][ T7481] RIP: 0023:0xf7fc1539
[  214.806458][ T7481] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  214.806477][ T7481] RSP: 002b:00000000f54d6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  214.806497][ T7481] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54d6620
[  214.806510][ T7481] RDX: 000000000000000f RSI: 00000000f7454ff4 RDI: 0000000000000000
[  214.806522][ T7481] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  214.806533][ T7481] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  214.806543][ T7481] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  214.806572][ T7481]  </TASK>
[  214.855564][ T7473]  loop6: unable to read partition table
[  214.855822][ T7473] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  214.885766][ T7477] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  214.885902][ T7477] Buffer I/O error on dev loop6, logical block 1, lost async page write
[  214.886007][ T7477] Buffer I/O error on dev loop6, logical block 2, lost async page write
[  214.886094][ T7477] Buffer I/O error on dev loop6, logical block 3, lost async page write
[  214.886202][ T7477] Buffer I/O error on dev loop6, logical block 4, lost async page write
[  214.913194][ T7483] netlink: 28 bytes leftover after parsing attributes in process `syz.4.381'.
[  215.282594][ T7492] syz_tun: entered allmulticast mode
[  215.297817][ T7492] netlink: 'syz.2.386': attribute type 4 has an invalid length.
[  215.342456][ T7492] dvmrp1: entered allmulticast mode
[  215.428615][ T7491] syz_tun: left allmulticast mode
[  215.903207][   T30] audit: type=1326 audit(1756765488.817:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.0.389" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77539 code=0x7ffc0000
[  216.042830][   T30] audit: type=1326 audit(1756765488.817:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.0.389" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77539 code=0x7ffc0000
[  216.149852][   T30] audit: type=1326 audit(1756765488.817:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.0.389" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f77539 code=0x7ffc0000
[  216.215770][ T7508] netlink: 56 bytes leftover after parsing attributes in process `syz.1.392'.
[  216.241642][   T30] audit: type=1326 audit(1756765488.817:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.0.389" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77539 code=0x7ffc0000
[  216.393557][   T30] audit: type=1326 audit(1756765488.817:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.0.389" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77539 code=0x7ffc0000
[  216.435796][   T24] usb 3-1: new low-speed USB device number 14 using dummy_hcd
[  216.493493][   T30] audit: type=1326 audit(1756765488.817:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.0.389" exe="/root/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf7f77539 code=0x7ffc0000
[  216.610673][   T30] audit: type=1326 audit(1756765488.817:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.0.389" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77539 code=0x7ffc0000
[  216.628031][   T24] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[  216.684019][   T30] audit: type=1326 audit(1756765488.817:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.0.389" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77539 code=0x7ffc0000
[  216.693731][   T24] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  216.718909][ T7515] netlink: 'syz.1.394': attribute type 10 has an invalid length.
[  216.746022][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  216.749862][ T7515] team0: Port device netdevsim0 added
[  216.790862][   T24] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  216.800447][   T30] audit: type=1326 audit(1756765488.817:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7500 comm="syz.0.389" exe="/root/syz-executor" sig=0 arch=40000003 syscall=248 compat=1 ip=0xf7f77539 code=0x7ffc0000
[  216.839963][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  216.889131][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  216.920495][   T24] usb 3-1: string descriptor 0 read error: -22
[  216.927598][   T24] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  216.954683][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.983931][   T24] usb 3-1: config 0 descriptor??
[  216.999453][ T7509] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  217.027177][   T24] hub 3-1:0.0: bad descriptor, ignoring hub
[  217.034767][ T7522] capability: warning: `syz.0.396' uses 32-bit capabilities (legacy support in use)
[  217.065573][   T24] hub 3-1:0.0: probe with driver hub failed with error -5
[  217.103117][   T24] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input12
[  217.355244][ T7529] FAULT_INJECTION: forcing a failure.
[  217.355244][ T7529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  217.425543][ T7529] CPU: 1 UID: 0 PID: 7529 Comm: syz.4.399 Not tainted syzkaller #0 PREEMPT(full) 
[  217.425572][ T7529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  217.425584][ T7529] Call Trace:
[  217.425593][ T7529]  <TASK>
[  217.425601][ T7529]  dump_stack_lvl+0x189/0x250
[  217.425630][ T7529]  ? __pfx____ratelimit+0x10/0x10
[  217.425659][ T7529]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.425682][ T7529]  ? __pfx__printk+0x10/0x10
[  217.425709][ T7529]  ? __might_fault+0xb0/0x130
[  217.425748][ T7529]  should_fail_ex+0x414/0x560
[  217.425780][ T7529]  _copy_from_iter+0x1de/0x1790
[  217.425809][ T7529]  ? rcu_is_watching+0x15/0xb0
[  217.425831][ T7529]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  217.425860][ T7529]  ? __pfx__copy_from_iter+0x10/0x10
[  217.425882][ T7529]  ? __build_skb_around+0x257/0x3e0
[  217.425906][ T7529]  ? netlink_sendmsg+0x642/0xb30
[  217.425922][ T7529]  ? skb_put+0x11b/0x210
[  217.425954][ T7529]  netlink_sendmsg+0x6b2/0xb30
[  217.425982][ T7529]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.426004][ T7529]  ? __import_iovec+0x5d4/0x7f0
[  217.426025][ T7529]  ? aa_sock_msg_perm+0xf1/0x1d0
[  217.426043][ T7529]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  217.426060][ T7529]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.426075][ T7529]  __sock_sendmsg+0x219/0x270
[  217.426099][ T7529]  ____sys_sendmsg+0x505/0x830
[  217.426121][ T7529]  ? __pfx_____sys_sendmsg+0x10/0x10
[  217.426151][ T7529]  ___sys_sendmsg+0x21f/0x2a0
[  217.426169][ T7529]  ? __pfx____sys_sendmsg+0x10/0x10
[  217.426216][ T7529]  ? __fget_files+0x2a/0x420
[  217.426229][ T7529]  ? __fget_files+0x3a0/0x420
[  217.426251][ T7529]  __sys_sendmsg+0x164/0x220
[  217.426270][ T7529]  ? __pfx___sys_sendmsg+0x10/0x10
[  217.426300][ T7529]  ? lockdep_hardirqs_on+0x9c/0x150
[  217.426326][ T7529]  __do_fast_syscall_32+0xb6/0x2b0
[  217.426342][ T7529]  ? lockdep_hardirqs_on+0x9c/0x150
[  217.426368][ T7529]  do_fast_syscall_32+0x34/0x80
[  217.426384][ T7529]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  217.426403][ T7529] RIP: 0023:0xf7ff8539
[  217.426417][ T7529] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  217.426430][ T7529] RSP: 002b:00000000f550655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  217.426467][ T7529] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  217.426479][ T7529] RDX: 0000000000000840 RSI: 0000000000000000 RDI: 0000000000000000
[  217.426488][ T7529] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  217.426497][ T7529] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  217.426506][ T7529] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  217.426529][ T7529]  </TASK>
[  217.700534][    C1] vkms_vblank_simulate: vblank timer overrun
[  217.708025][ T5877] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  217.745316][    C1] usb_acecad 3-1:0.0: can't resubmit intr, dummy_hcd.2-1/input0, status -1
[  217.898991][ T5877] usb 4-1: config 0 has no interfaces?
[  217.910160][ T5877] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  217.990894][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.189827][ T5877] usb 4-1: Product: syz
[  218.194049][ T5877] usb 4-1: Manufacturer: syz
[  218.198773][ T5877] usb 4-1: SerialNumber: syz
[  218.312647][  T888] usb 3-1: USB disconnect, device number 14
[  218.329168][ T7544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.401'.
[  218.340062][ T5877] usb 4-1: config 0 descriptor??
[  218.357958][ T7544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.401'.
[  218.376368][ T7544] netlink: 111 bytes leftover after parsing attributes in process `syz.0.401'.
[  218.410339][ T7545] fuse: Bad value for 'fd'
[  219.491681][ T7554] netlink: 84 bytes leftover after parsing attributes in process `syz.4.405'.
[  219.975552][ T6017] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  220.177133][ T6017] usb 3-1: Using ep0 maxpacket: 8
[  220.188037][ T6017] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  220.223923][ T6017] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.310612][ T6017] usb 3-1: Product: syz
[  220.355015][ T6017] usb 3-1: Manufacturer: syz
[  220.446777][ T6017] usb 3-1: SerialNumber: syz
[  220.511585][ T6017] usb 3-1: config 0 descriptor??
[  220.544812][ T6017] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  220.746058][ T7558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.754605][ T5958] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  220.765024][ T7558] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  220.826159][ T7558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.406'.
[  220.926495][ T5958] usb 5-1: Using ep0 maxpacket: 32
[  220.985051][ T5958] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  221.041104][ T5958] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  221.056099][ T6017] gspca_sonixj: reg_w1 err -110
[  221.061768][ T6017] sonixj 3-1:0.0: probe with driver sonixj failed with error -110
[  221.115958][ T5958] usb 5-1: config 0 has no interface number 0
[  221.151679][ T5958] usb 5-1: config 0 interface 8 altsetting 248 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  221.184126][ T5938] usb 4-1: USB disconnect, device number 16
[  221.345105][ T5958] usb 5-1: config 0 interface 8 altsetting 248 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[  221.364087][ T5958] usb 5-1: config 0 interface 8 has no altsetting 0
[  221.375328][ T5958] usb 5-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[  221.405248][ T5958] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.459607][ T5958] usb 5-1: Product: syz
[  221.463840][ T5958] usb 5-1: Manufacturer: syz
[  221.529073][ T5958] usb 5-1: SerialNumber: syz
[  221.556789][ T5958] usb 5-1: config 0 descriptor??
[  222.055649][ T7572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.120283][ T7572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  222.218132][ T7572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  222.266044][ T7572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  222.287336][ T7587] FAULT_INJECTION: forcing a failure.
[  222.287336][ T7587] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  222.332983][ T7587] CPU: 1 UID: 0 PID: 7587 Comm: syz.3.413 Not tainted syzkaller #0 PREEMPT(full) 
[  222.333012][ T7587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  222.333025][ T7587] Call Trace:
[  222.333033][ T7587]  <TASK>
[  222.333043][ T7587]  dump_stack_lvl+0x189/0x250
[  222.333071][ T7587]  ? __pfx____ratelimit+0x10/0x10
[  222.333101][ T7587]  ? __pfx_dump_stack_lvl+0x10/0x10
[  222.333126][ T7587]  ? __pfx__printk+0x10/0x10
[  222.333154][ T7587]  ? __might_fault+0xb0/0x130
[  222.333195][ T7587]  should_fail_ex+0x414/0x560
[  222.333227][ T7587]  _copy_from_user+0x2d/0xb0
[  222.333252][ T7587]  get_compat_msghdr+0xad/0x4a0
[  222.333280][ T7587]  ? __pfx_get_compat_msghdr+0x10/0x10
[  222.333315][ T7587]  ___sys_sendmsg+0x193/0x2a0
[  222.333340][ T7587]  ? __pfx____sys_sendmsg+0x10/0x10
[  222.333402][ T7587]  ? __fget_files+0x2a/0x420
[  222.333418][ T7587]  ? __fget_files+0x3a0/0x420
[  222.333447][ T7587]  __sys_sendmsg+0x164/0x220
[  222.333471][ T7587]  ? __pfx___sys_sendmsg+0x10/0x10
[  222.333511][ T7587]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.333545][ T7587]  __do_fast_syscall_32+0xb6/0x2b0
[  222.333564][ T7587]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.333598][ T7587]  do_fast_syscall_32+0x34/0x80
[  222.333618][ T7587]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  222.333642][ T7587] RIP: 0023:0xf70fe539
[  222.333660][ T7587] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  222.333677][ T7587] RSP: 002b:00000000f54ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  222.333698][ T7587] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  222.333712][ T7587] RDX: 0000000000001000 RSI: 0000000000000000 RDI: 0000000000000000
[  222.333724][ T7587] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  222.333736][ T7587] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  222.333747][ T7587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  222.333781][ T7587]  </TASK>
[  222.546891][ T5958] ath6kl: Failed to submit usb control message: -71
[  222.553601][ T5958] ath6kl: unable to send the bmi data to the device: -71
[  222.560778][ T5958] ath6kl: Unable to send get target info: -71
[  222.568185][ T5958] ath6kl: Failed to init ath6kl core: -71
[  222.577910][ T5958] ath6kl_usb 5-1:0.8: probe with driver ath6kl_usb failed with error -71
[  222.592193][ T5958] usb 5-1: USB disconnect, device number 15
[  222.746434][  T888] usb 3-1: USB disconnect, device number 15
[  222.962507][ T7595] FAULT_INJECTION: forcing a failure.
[  222.962507][ T7595] name failslab, interval 1, probability 0, space 0, times 0
[  222.979801][ T7595] CPU: 1 UID: 0 PID: 7595 Comm: syz.2.415 Not tainted syzkaller #0 PREEMPT(full) 
[  222.979822][ T7595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  222.979831][ T7595] Call Trace:
[  222.979837][ T7595]  <TASK>
[  222.979843][ T7595]  dump_stack_lvl+0x189/0x250
[  222.979864][ T7595]  ? __pfx____ratelimit+0x10/0x10
[  222.979886][ T7595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  222.979903][ T7595]  ? __pfx__printk+0x10/0x10
[  222.979942][ T7595]  ? __pfx___might_resched+0x10/0x10
[  222.979958][ T7595]  ? fs_reclaim_acquire+0x7d/0x100
[  222.979993][ T7595]  should_fail_ex+0x414/0x560
[  222.980022][ T7595]  ? rhashtable_init_noprof+0x4ee/0xbb0
[  222.980041][ T7595]  should_failslab+0xa8/0x100
[  222.980071][ T7595]  __kvmalloc_node_noprof+0x161/0x5f0
[  222.980099][ T7595]  ? rhashtable_init_noprof+0x4ee/0xbb0
[  222.980125][ T7595]  rhashtable_init_noprof+0x4ee/0xbb0
[  222.980153][ T7595]  rhltable_init_noprof+0x1e/0x60
[  222.980175][ T7595]  nf_tables_newtable+0x68f/0x1890
[  222.980239][ T7595]  nfnetlink_rcv+0x1132/0x2520
[  222.980302][ T7595]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  222.980348][ T7595]  ? ref_tracker_free+0x63a/0x7d0
[  222.980416][ T7595]  ? __netlink_deliver_tap+0x807/0x850
[  222.980448][ T7595]  ? netlink_deliver_tap+0x2e/0x1b0
[  222.980498][ T7595]  netlink_unicast+0x82c/0x9e0
[  222.980537][ T7595]  ? __pfx_netlink_unicast+0x10/0x10
[  222.980568][ T7595]  ? netlink_sendmsg+0x642/0xb30
[  222.980584][ T7595]  ? skb_put+0x11b/0x210
[  222.980609][ T7595]  netlink_sendmsg+0x805/0xb30
[  222.980639][ T7595]  ? __pfx_netlink_sendmsg+0x10/0x10
[  222.980661][ T7595]  ? __import_iovec+0x5d4/0x7f0
[  222.980682][ T7595]  ? aa_sock_msg_perm+0xf1/0x1d0
[  222.980704][ T7595]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  222.980726][ T7595]  ? __pfx_netlink_sendmsg+0x10/0x10
[  222.980747][ T7595]  __sock_sendmsg+0x219/0x270
[  222.980779][ T7595]  ____sys_sendmsg+0x505/0x830
[  222.980806][ T7595]  ? __pfx_____sys_sendmsg+0x10/0x10
[  222.980845][ T7595]  ___sys_sendmsg+0x21f/0x2a0
[  222.980869][ T7595]  ? __pfx____sys_sendmsg+0x10/0x10
[  222.980930][ T7595]  ? __fget_files+0x2a/0x420
[  222.980946][ T7595]  ? __fget_files+0x3a0/0x420
[  222.980974][ T7595]  __sys_sendmsg+0x164/0x220
[  222.981000][ T7595]  ? __pfx___sys_sendmsg+0x10/0x10
[  222.981041][ T7595]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.981088][ T7595]  __do_fast_syscall_32+0xb6/0x2b0
[  222.981108][ T7595]  ? lockdep_hardirqs_on+0x9c/0x150
[  222.981141][ T7595]  do_fast_syscall_32+0x34/0x80
[  222.981160][ T7595]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  222.981202][ T7595] RIP: 0023:0xf7fc1539
[  222.981220][ T7595] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  222.981237][ T7595] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  222.981258][ T7595] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  222.981272][ T7595] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  222.981284][ T7595] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  222.981296][ T7595] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  222.981307][ T7595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  222.981338][ T7595]  </TASK>
[  223.785701][   T44] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  223.881243][ T7603] netlink: 'syz.4.416': attribute type 4 has an invalid length.
[  223.979281][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  224.009502][   T44] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  224.097879][ T7601] syz_tun: entered allmulticast mode
[  224.125618][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.141251][   T44] usb 4-1: config 0 descriptor??
[  224.187275][ T7607] dvmrp1: entered allmulticast mode
[  224.208302][ T7596] syz_tun: left allmulticast mode
[  224.457709][   T44] usbhid 4-1:0.0: can't add hid device: -71
[  224.467212][   T44] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  224.486479][ T7610] syzkaller1: entered promiscuous mode
[  224.528827][ T7610] syzkaller1: entered allmulticast mode
[  224.536362][   T44] usb 4-1: USB disconnect, device number 17
[  224.860693][ T7622] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  225.095245][ T7630] loop2: detected capacity change from 0 to 7
[  225.105603][ T7630] Dev loop2: unable to read RDB block 7
[  225.111301][ T7630]  loop2: AHDI p1 p2 p3 p4
[  225.125730][ T6017] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  225.129972][ T7630] loop2: partition table partially beyond EOD, truncated
[  225.159018][ T7630] loop2: p1 start 1601398130 is beyond EOD, truncated
[  225.195528][ T7630] loop2: p2 start 1702059890 is beyond EOD, truncated
[  225.208934][ T7630] loop2: p3 size 150995200 extends beyond EOD, truncated
[  225.216303][   T44] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  225.317916][ T6017] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.342023][ T5872] udevd[5872]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  225.342234][ T6017] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.358552][ T7641] FAULT_INJECTION: forcing a failure.
[  225.358552][ T7641] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.391805][ T7641] CPU: 1 UID: 0 PID: 7641 Comm: syz.4.429 Not tainted syzkaller #0 PREEMPT(full) 
[  225.391832][ T7641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  225.391846][ T7641] Call Trace:
[  225.391854][ T7641]  <TASK>
[  225.391863][ T7641]  dump_stack_lvl+0x189/0x250
[  225.391892][ T7641]  ? __pfx____ratelimit+0x10/0x10
[  225.391935][ T7641]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.391959][ T7641]  ? __pfx__printk+0x10/0x10
[  225.391986][ T7641]  ? __might_fault+0xb0/0x130
[  225.392042][ T7641]  should_fail_ex+0x414/0x560
[  225.392075][ T7641]  _copy_from_iter+0x1de/0x1790
[  225.392110][ T7641]  ? skb_set_owner_w+0x25b/0x3a0
[  225.392153][ T7641]  ? sock_alloc_send_pskb+0x875/0x990
[  225.392184][ T7641]  ? __pfx__copy_from_iter+0x10/0x10
[  225.392229][ T7641]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  225.392257][ T7641]  skb_copy_datagram_from_iter+0xf5/0x720
[  225.392286][ T7641]  ? dev_get_by_index+0x22/0x2e0
[  225.392312][ T7641]  ? skb_put+0x11b/0x210
[  225.392337][ T7641]  packet_sendmsg+0x3797/0x5080
[  225.392374][ T7641]  ? aa_unix_file_perm+0xe06/0x1250
[  225.392414][ T7641]  ? __pfx___might_resched+0x10/0x10
[  225.392433][ T7641]  ? __lock_acquire+0xab9/0xd20
[  225.392477][ T7641]  ? __pfx_packet_sendmsg+0x10/0x10
[  225.392500][ T7641]  ? aa_sk_perm+0x81e/0x950
[  225.392537][ T7641]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  225.392565][ T7641]  ? aa_sock_msg_perm+0xf1/0x1d0
[  225.392585][ T7641]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  225.392607][ T7641]  ? __pfx_packet_sendmsg+0x10/0x10
[  225.392633][ T7641]  __sock_sendmsg+0x219/0x270
[  225.392663][ T7641]  __sys_sendto+0x3bd/0x520
[  225.392686][ T7641]  ? __pfx___sys_sendto+0x10/0x10
[  225.392703][ T7641]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  225.392748][ T7641]  ? __fget_files+0x3a0/0x420
[  225.392782][ T7641]  ? ksys_write+0x22a/0x250
[  225.392819][ T7641]  __ia32_sys_sendto+0xdd/0x100
[  225.392844][ T7641]  __do_fast_syscall_32+0xb6/0x2b0
[  225.392865][ T7641]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.392898][ T7641]  do_fast_syscall_32+0x34/0x80
[  225.392918][ T7641]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  225.392943][ T7641] RIP: 0023:0xf7ff8539
[  225.392961][ T7641] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  225.392979][ T7641] RSP: 002b:00000000f550655c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  225.393001][ T7641] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0
[  225.393015][ T7641] RDX: 000000000000fce0 RSI: 0000000000000004 RDI: 0000000080000140
[  225.393027][ T7641] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000
[  225.393039][ T7641] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  225.393051][ T7641] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  225.393080][ T7641]  </TASK>
[  225.399871][ T6017] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  225.404997][   T44] usb 4-1: Using ep0 maxpacket: 32
[  225.448898][ T6017] usb 3-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00
[  225.709558][ T6017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.723238][ T6017] usb 3-1: config 0 descriptor??
[  225.724922][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.758880][   T44] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  225.773714][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.787451][   T44] usb 4-1: config 0 descriptor??
[  225.807150][   T44] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  225.832633][   T44] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  225.931276][   T44] usb 4-1: USB disconnect, device number 18
[  226.000276][   T44] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  226.061607][ T7645] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  226.457748][ T6017] usbhid 3-1:0.0: can't add hid device: -71
[  226.484468][ T6017] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  226.511522][ T6017] usb 3-1: USB disconnect, device number 16
[  226.535147][ T7651] netlink: 32 bytes leftover after parsing attributes in process `syz.1.432'.
[  229.733734][ T7700] netlink: 4 bytes leftover after parsing attributes in process `syz.4.441'.
[  229.857757][ T7704] netlink: 8 bytes leftover after parsing attributes in process `syz.0.443'.
[  230.134429][   T44] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  230.512934][ T7721] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  230.572132][   T44] usb 2-1: unable to get BOS descriptor or descriptor too short
[  230.589709][ T7721] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  230.625315][   T44] usb 2-1: config 7 has an invalid interface number: 174 but max is 0
[  230.669118][   T44] usb 2-1: config 7 has no interface number 0
[  230.675273][   T44] usb 2-1: config 7 interface 174 has no altsetting 0
[  230.753208][   T44] usb 2-1: New USB device found, idVendor=04dd, idProduct=9031, bcdDevice=92.f8
[  230.803070][   T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.838593][   T44] usb 2-1: Product: syz
[  230.842830][   T44] usb 2-1: Manufacturer: syz
[  230.881911][   T44] usb 2-1: SerialNumber: syz
[  231.389101][   T44] zaurus 2-1:7.174: More than one union descriptor, skipping ...
[  231.425811][   T44] usb 2-1: bad CDC descriptors
[  231.459145][   T44] usb 2-1: USB disconnect, device number 9
[  233.926760][ T7784] FAULT_INJECTION: forcing a failure.
[  233.926760][ T7784] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  233.944569][ T7784] CPU: 0 UID: 0 PID: 7784 Comm: syz.1.459 Not tainted syzkaller #0 PREEMPT(full) 
[  233.944598][ T7784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  233.944611][ T7784] Call Trace:
[  233.944620][ T7784]  <TASK>
[  233.944629][ T7784]  dump_stack_lvl+0x189/0x250
[  233.944661][ T7784]  ? __pfx____ratelimit+0x10/0x10
[  233.944691][ T7784]  ? __pfx_dump_stack_lvl+0x10/0x10
[  233.944716][ T7784]  ? __pfx__printk+0x10/0x10
[  233.944745][ T7784]  ? __might_fault+0xb0/0x130
[  233.944784][ T7784]  should_fail_ex+0x414/0x560
[  233.944817][ T7784]  _copy_from_user+0x2d/0xb0
[  233.944842][ T7784]  get_compat_msghdr+0xad/0x4a0
[  233.944870][ T7784]  ? __pfx_get_compat_msghdr+0x10/0x10
[  233.944893][ T7784]  ? rcu_is_watching+0x15/0xb0
[  233.944912][ T7784]  ? ___sys_recvmsg+0x1c4/0x510
[  233.944942][ T7784]  ___sys_recvmsg+0x17f/0x510
[  233.944971][ T7784]  ? __pfx____sys_recvmsg+0x10/0x10
[  233.945021][ T7784]  ? __fget_files+0x3a0/0x420
[  233.945052][ T7784]  do_recvmmsg+0x36a/0x770
[  233.945085][ T7784]  ? __pfx_do_recvmmsg+0x10/0x10
[  233.945122][ T7784]  ? __pfx_vfs_write+0x10/0x10
[  233.945165][ T7784]  __sys_recvmmsg+0x19d/0x280
[  233.945192][ T7784]  ? __pfx___sys_recvmmsg+0x10/0x10
[  233.945212][ T7784]  ? ksys_write+0x22a/0x250
[  233.945249][ T7784]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[  233.945277][ T7784]  __do_fast_syscall_32+0xb6/0x2b0
[  233.945298][ T7784]  ? lockdep_hardirqs_on+0x9c/0x150
[  233.945332][ T7784]  do_fast_syscall_32+0x34/0x80
[  233.945351][ T7784]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  233.945377][ T7784] RIP: 0023:0xf703e539
[  233.945394][ T7784] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  233.945414][ T7784] RSP: 002b:00000000f542e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  233.945434][ T7784] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  233.945455][ T7784] RDX: 000000000400029c RSI: 0000000040010142 RDI: 0000000000000000
[  233.945466][ T7784] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  233.945477][ T7784] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  233.945488][ T7784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  233.945515][ T7784]  </TASK>
[  234.847400][ T7803] binder: BINDER_SET_CONTEXT_MGR already set
[  234.853455][ T7803] binder: 7802:7803 ioctl 4018620d 80000040 returned -16
[  234.866759][ T7803] binder: 7802:7803 ioctl c018620c 80000240 returned -1
[  235.095739][ T5938] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  235.259529][ T5938] usb 1-1: Using ep0 maxpacket: 32
[  235.279145][ T5938] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  235.297573][ T5938] usb 1-1: config 0 has no interface number 0
[  235.354855][ T5938] usb 1-1: config 0 interface 184 has no altsetting 0
[  235.552798][ T5938] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  235.577866][ T5938] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.611534][ T5938] usb 1-1: Product: syz
[  235.624682][ T5938] usb 1-1: Manufacturer: syz
[  235.635895][ T5938] usb 1-1: SerialNumber: syz
[  235.638036][ T7815] FAULT_INJECTION: forcing a failure.
[  235.638036][ T7815] name failslab, interval 1, probability 0, space 0, times 0
[  235.698600][ T7815] CPU: 1 UID: 0 PID: 7815 Comm: syz.2.466 Not tainted syzkaller #0 PREEMPT(full) 
[  235.698622][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  235.698632][ T7815] Call Trace:
[  235.698638][ T7815]  <TASK>
[  235.698645][ T7815]  dump_stack_lvl+0x189/0x250
[  235.698667][ T7815]  ? __pfx____ratelimit+0x10/0x10
[  235.698690][ T7815]  ? __pfx_dump_stack_lvl+0x10/0x10
[  235.698708][ T7815]  ? __pfx__printk+0x10/0x10
[  235.698732][ T7815]  ? __pfx___might_resched+0x10/0x10
[  235.698746][ T7815]  ? fs_reclaim_acquire+0x7d/0x100
[  235.698772][ T7815]  should_fail_ex+0x414/0x560
[  235.698804][ T7815]  should_failslab+0xa8/0x100
[  235.698827][ T7815]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  235.698848][ T7815]  ? __alloc_skb+0x112/0x2d0
[  235.698865][ T7815]  __alloc_skb+0x112/0x2d0
[  235.698881][ T7815]  netlink_ack+0x146/0xa50
[  235.698902][ T7815]  ? __pfx_genl_rcv_msg+0x10/0x10
[  235.698918][ T7815]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  235.698935][ T7815]  ? __pfx_nl80211_post_doit+0x10/0x10
[  235.698953][ T7815]  ? __asan_memcpy+0x40/0x70
[  235.698969][ T7815]  ? __pfx_ref_tracker_free+0x10/0x10
[  235.698995][ T7815]  netlink_rcv_skb+0x28c/0x470
[  235.699016][ T7815]  ? __lock_acquire+0xab9/0xd20
[  235.699038][ T7815]  ? __pfx_genl_rcv_msg+0x10/0x10
[  235.699056][ T7815]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  235.699092][ T7815]  ? down_read+0x1ad/0x2e0
[  235.699109][ T7815]  genl_rcv+0x28/0x40
[  235.699125][ T7815]  netlink_unicast+0x82c/0x9e0
[  235.699152][ T7815]  ? __pfx_netlink_unicast+0x10/0x10
[  235.699173][ T7815]  ? netlink_sendmsg+0x642/0xb30
[  235.699185][ T7815]  ? skb_put+0x11b/0x210
[  235.699201][ T7815]  netlink_sendmsg+0x805/0xb30
[  235.699222][ T7815]  ? __pfx_netlink_sendmsg+0x10/0x10
[  235.699237][ T7815]  ? __import_iovec+0x5d4/0x7f0
[  235.699253][ T7815]  ? aa_sock_msg_perm+0xf1/0x1d0
[  235.699268][ T7815]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  235.699290][ T7815]  ? __pfx_netlink_sendmsg+0x10/0x10
[  235.699304][ T7815]  __sock_sendmsg+0x219/0x270
[  235.699327][ T7815]  ____sys_sendmsg+0x505/0x830
[  235.699348][ T7815]  ? __pfx_____sys_sendmsg+0x10/0x10
[  235.699376][ T7815]  ___sys_sendmsg+0x21f/0x2a0
[  235.699393][ T7815]  ? __pfx____sys_sendmsg+0x10/0x10
[  235.699436][ T7815]  ? __fget_files+0x2a/0x420
[  235.699448][ T7815]  ? __fget_files+0x3a0/0x420
[  235.699468][ T7815]  __sys_sendmsg+0x164/0x220
[  235.699486][ T7815]  ? __pfx___sys_sendmsg+0x10/0x10
[  235.699514][ T7815]  ? lockdep_hardirqs_on+0x9c/0x150
[  235.699538][ T7815]  __do_fast_syscall_32+0xb6/0x2b0
[  235.699553][ T7815]  ? lockdep_hardirqs_on+0x9c/0x150
[  235.699577][ T7815]  do_fast_syscall_32+0x34/0x80
[  235.699591][ T7815]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  235.699609][ T7815] RIP: 0023:0xf7fc1539
[  235.699622][ T7815] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  235.699634][ T7815] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  235.699650][ T7815] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  235.699660][ T7815] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[  235.699668][ T7815] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  235.699677][ T7815] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  235.699685][ T7815] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  235.699706][ T7815]  </TASK>
[  236.058825][ T5938] usb 1-1: config 0 descriptor??
[  236.155152][ T5938] smsc75xx v1.0.0
[  236.849667][ T5938] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  236.883609][ T5938] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  237.250748][ T7839] fuse: Unknown parameter '��������0x000000000000000b'
[  237.530491][ T7838] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  237.542224][ T7838] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  237.564693][ T5938] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71
[  237.594406][ T7838] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  237.617539][ T7838] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  237.633361][ T7838] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  237.647912][ T5938] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71
[  237.658211][ T5938] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  237.677531][ T5938] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  237.699693][ T5938] usb 1-1: USB disconnect, device number 16
[  237.781180][ T7854] FAULT_INJECTION: forcing a failure.
[  237.781180][ T7854] name failslab, interval 1, probability 0, space 0, times 0
[  237.833558][ T7854] CPU: 0 UID: 0 PID: 7854 Comm: syz.1.475 Not tainted syzkaller #0 PREEMPT(full) 
[  237.833587][ T7854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  237.833600][ T7854] Call Trace:
[  237.833610][ T7854]  <TASK>
[  237.833619][ T7854]  dump_stack_lvl+0x189/0x250
[  237.833648][ T7854]  ? __pfx____ratelimit+0x10/0x10
[  237.833679][ T7854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.833705][ T7854]  ? __pfx__printk+0x10/0x10
[  237.833741][ T7854]  ? __pfx___might_resched+0x10/0x10
[  237.833759][ T7854]  ? fs_reclaim_acquire+0x7d/0x100
[  237.833797][ T7854]  should_fail_ex+0x414/0x560
[  237.833831][ T7854]  should_failslab+0xa8/0x100
[  237.833863][ T7854]  __kmalloc_noprof+0xcb/0x4f0
[  237.833889][ T7854]  ? kfree+0x4d/0x440
[  237.833912][ T7854]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  237.833940][ T7854]  tomoyo_realpath_from_path+0xe3/0x5d0
[  237.833963][ T7854]  ? tomoyo_domain+0xd9/0x130
[  237.833991][ T7854]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  237.834021][ T7854]  tomoyo_path_number_perm+0x1e8/0x5a0
[  237.834058][ T7854]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  237.834107][ T7854]  ? __lock_acquire+0xab9/0xd20
[  237.834159][ T7854]  ? __fget_files+0x2a/0x420
[  237.834183][ T7854]  ? __fget_files+0x3a0/0x420
[  237.834200][ T7854]  ? __fget_files+0x2a/0x420
[  237.834222][ T7854]  security_file_ioctl_compat+0xcb/0x2d0
[  237.834253][ T7854]  __ia32_compat_sys_ioctl+0x128/0x840
[  237.834283][ T7854]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  237.834311][ T7854]  ? __fget_files+0x3a0/0x420
[  237.834337][ T7854]  ? fput+0xa0/0xd0
[  237.834359][ T7854]  ? ksys_write+0x22a/0x250
[  237.834403][ T7854]  ? lockdep_hardirqs_on+0x9c/0x150
[  237.834437][ T7854]  __do_fast_syscall_32+0xb6/0x2b0
[  237.834459][ T7854]  ? lockdep_hardirqs_on+0x9c/0x150
[  237.834494][ T7854]  do_fast_syscall_32+0x34/0x80
[  237.834514][ T7854]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  237.834539][ T7854] RIP: 0023:0xf703e539
[  237.834557][ T7854] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  237.834575][ T7854] RSP: 002b:00000000f542e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  237.834596][ T7854] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008914
[  237.834611][ T7854] RDX: 0000000080002280 RSI: 0000000000000000 RDI: 0000000000000000
[  237.834623][ T7854] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  237.834635][ T7854] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  237.834647][ T7854] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  237.834678][ T7854]  </TASK>
[  238.092693][ T7854] ERROR: Out of memory at tomoyo_realpath_from_path.
[  238.101239][ T7854] syzkaller0: entered promiscuous mode
[  238.106958][ T7854] syzkaller0: entered allmulticast mode
[  238.114288][ T6017] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  238.312425][ T7858] netlink: 36 bytes leftover after parsing attributes in process `syz.3.476'.
[  238.325596][ T6017] usb 5-1: Using ep0 maxpacket: 16
[  238.387259][ T7858] bridge: RTM_NEWNEIGH with invalid ether address
[  238.397048][ T7858] bridge: RTM_NEWNEIGH with invalid ether address
[  238.550185][ T7863] dns_resolver: Unsupported content type (82)
[  238.867743][ T7874] netlink: 4 bytes leftover after parsing attributes in process `syz.3.480'.
[  238.909885][ T6017] usb 5-1: unable to get BOS descriptor or descriptor too short
[  238.930416][ T6017] usb 5-1: unable to read config index 0 descriptor/start: -71
[  238.941709][ T6017] usb 5-1: can't read configurations, error -71
[  239.095367][ T7876] gretap0: entered promiscuous mode
[  239.172193][ T7876] vlan2: entered promiscuous mode
[  239.419221][ T5880] Bluetooth: hci1: command 0x0c1a tx timeout
[  239.565730][ T5880] Bluetooth: hci3: command 0x0c1a tx timeout
[  239.645614][ T5880] Bluetooth: hci0: command 0x0405 tx timeout
[  239.653529][ T5876] Bluetooth: hci2: command 0x0c1a tx timeout
[  239.661864][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  240.346553][ T7900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.486'.
[  240.430230][ T7900] FAULT_INJECTION: forcing a failure.
[  240.430230][ T7900] name failslab, interval 1, probability 0, space 0, times 0
[  240.515837][ T7900] CPU: 1 UID: 0 PID: 7900 Comm: syz.0.486 Not tainted syzkaller #0 PREEMPT(full) 
[  240.515865][ T7900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  240.515876][ T7900] Call Trace:
[  240.515882][ T7900]  <TASK>
[  240.515889][ T7900]  dump_stack_lvl+0x189/0x250
[  240.515911][ T7900]  ? __pfx____ratelimit+0x10/0x10
[  240.515934][ T7900]  ? __pfx_dump_stack_lvl+0x10/0x10
[  240.515951][ T7900]  ? __pfx__printk+0x10/0x10
[  240.515981][ T7900]  should_fail_ex+0x414/0x560
[  240.516004][ T7900]  should_failslab+0xa8/0x100
[  240.516027][ T7900]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  240.516047][ T7900]  ? __alloc_skb+0x112/0x2d0
[  240.516064][ T7900]  __alloc_skb+0x112/0x2d0
[  240.516081][ T7900]  xfrm_send_policy_notify+0x29d/0x1bb0
[  240.516108][ T7900]  ? __lock_acquire+0xab9/0xd20
[  240.516134][ T7900]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[  240.516154][ T7900]  ? km_policy_notify+0x28/0x200
[  240.516174][ T7900]  ? xfrm_policy_destroy+0x182/0x210
[  240.516192][ T7900]  ? km_policy_notify+0x28/0x200
[  240.516209][ T7900]  ? __pfx_xfrm_send_policy_notify+0x10/0x10
[  240.516227][ T7900]  km_policy_notify+0x121/0x200
[  240.516244][ T7900]  ? km_policy_notify+0x28/0x200
[  240.516263][ T7900]  xfrm_add_policy+0x4c7/0x800
[  240.516286][ T7900]  ? __pfx_xfrm_add_policy+0x10/0x10
[  240.516310][ T7900]  ? __nla_parse+0x40/0x60
[  240.516336][ T7900]  xfrm_user_rcv_msg+0x7a0/0xab0
[  240.516359][ T7900]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  240.516404][ T7900]  ? __pfx___mutex_trylock_common+0x10/0x10
[  240.516423][ T7900]  ? rcu_is_watching+0x15/0xb0
[  240.516438][ T7900]  ? trace_contention_end+0x39/0x120
[  240.516466][ T7900]  ? __mutex_lock+0x335/0x1350
[  240.516485][ T7900]  netlink_rcv_skb+0x205/0x470
[  240.516509][ T7900]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  240.516528][ T7900]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  240.516562][ T7900]  ? netlink_deliver_tap+0x2e/0x1b0
[  240.516583][ T7900]  ? netlink_deliver_tap+0x2e/0x1b0
[  240.516607][ T7900]  xfrm_netlink_rcv+0x79/0x90
[  240.516626][ T7900]  netlink_unicast+0x82c/0x9e0
[  240.516652][ T7900]  ? __pfx_netlink_unicast+0x10/0x10
[  240.516680][ T7900]  ? netlink_sendmsg+0x642/0xb30
[  240.516696][ T7900]  ? skb_put+0x11b/0x210
[  240.516720][ T7900]  netlink_sendmsg+0x805/0xb30
[  240.516751][ T7900]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.516774][ T7900]  ? __import_iovec+0x5d4/0x7f0
[  240.516796][ T7900]  ? aa_sock_msg_perm+0xf1/0x1d0
[  240.516818][ T7900]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  240.516841][ T7900]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.516861][ T7900]  __sock_sendmsg+0x219/0x270
[  240.516894][ T7900]  ____sys_sendmsg+0x505/0x830
[  240.516923][ T7900]  ? __pfx_____sys_sendmsg+0x10/0x10
[  240.516966][ T7900]  ___sys_sendmsg+0x21f/0x2a0
[  240.516992][ T7900]  ? __pfx____sys_sendmsg+0x10/0x10
[  240.517055][ T7900]  ? __fget_files+0x2a/0x420
[  240.517073][ T7900]  ? __fget_files+0x3a0/0x420
[  240.517111][ T7900]  __sys_sendmsg+0x164/0x220
[  240.517136][ T7900]  ? __pfx___sys_sendmsg+0x10/0x10
[  240.517177][ T7900]  ? lockdep_hardirqs_on+0x9c/0x150
[  240.517212][ T7900]  __do_fast_syscall_32+0xb6/0x2b0
[  240.517233][ T7900]  ? lockdep_hardirqs_on+0x9c/0x150
[  240.517267][ T7900]  do_fast_syscall_32+0x34/0x80
[  240.517287][ T7900]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  240.517311][ T7900] RIP: 0023:0xf7f77539
[  240.517329][ T7900] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  240.517347][ T7900] RSP: 002b:00000000f548655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  240.517369][ T7900] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480
[  240.517384][ T7900] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  240.517396][ T7900] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  240.517407][ T7900] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  240.517420][ T7900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  240.517450][ T7900]  </TASK>
[  241.255546][ T5938] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  241.421474][ T5938] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.435515][ T5938] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  241.479625][ T5938] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  241.491914][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.508876][ T5938] usb 5-1: Product: syz
[  241.532737][ T5938] usb 5-1: Manufacturer: syz
[  241.549370][ T5938] usb 5-1: SerialNumber: syz
[  241.576994][ T5938] cdc_mbim 5-1:1.0: skipping garbage
[  241.671553][ T7920] FAULT_INJECTION: forcing a failure.
[  241.671553][ T7920] name failslab, interval 1, probability 0, space 0, times 0
[  241.732964][ T7920] CPU: 0 UID: 0 PID: 7920 Comm: syz.0.490 Not tainted syzkaller #0 PREEMPT(full) 
[  241.732992][ T7920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  241.733005][ T7920] Call Trace:
[  241.733013][ T7920]  <TASK>
[  241.733021][ T7920]  dump_stack_lvl+0x189/0x250
[  241.733048][ T7920]  ? __pfx____ratelimit+0x10/0x10
[  241.733077][ T7920]  ? __pfx_dump_stack_lvl+0x10/0x10
[  241.733100][ T7920]  ? __pfx__printk+0x10/0x10
[  241.733131][ T7920]  ? __pfx___might_resched+0x10/0x10
[  241.733149][ T7920]  ? fs_reclaim_acquire+0x7d/0x100
[  241.733184][ T7920]  should_fail_ex+0x414/0x560
[  241.733214][ T7920]  should_failslab+0xa8/0x100
[  241.733246][ T7920]  __kmalloc_noprof+0xcb/0x4f0
[  241.733272][ T7920]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  241.733323][ T7920]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  241.733357][ T7920]  genl_family_rcv_msg_doit+0xb8/0x300
[  241.733390][ T7920]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  241.733424][ T7920]  ? apparmor_capable+0x137/0x1b0
[  241.733451][ T7920]  ? bpf_lsm_capable+0x9/0x20
[  241.733479][ T7920]  ? security_capable+0x7e/0x2e0
[  241.733516][ T7920]  genl_rcv_msg+0x60e/0x790
[  241.733547][ T7920]  ? __pfx_genl_rcv_msg+0x10/0x10
[  241.733570][ T7920]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  241.733593][ T7920]  ? __pfx_nl80211_join_mesh+0x10/0x10
[  241.733623][ T7920]  ? __pfx_nl80211_post_doit+0x10/0x10
[  241.733648][ T7920]  ? __asan_memcpy+0x40/0x70
[  241.733670][ T7920]  ? __pfx_ref_tracker_free+0x10/0x10
[  241.733708][ T7920]  netlink_rcv_skb+0x205/0x470
[  241.733748][ T7920]  ? __lock_acquire+0xab9/0xd20
[  241.733778][ T7920]  ? __pfx_genl_rcv_msg+0x10/0x10
[  241.733804][ T7920]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  241.733854][ T7920]  ? down_read+0x1ad/0x2e0
[  241.733879][ T7920]  genl_rcv+0x28/0x40
[  241.733901][ T7920]  netlink_unicast+0x82c/0x9e0
[  241.733938][ T7920]  ? __pfx_netlink_unicast+0x10/0x10
[  241.733968][ T7920]  ? netlink_sendmsg+0x642/0xb30
[  241.733989][ T7920]  ? skb_put+0x11b/0x210
[  241.734016][ T7920]  netlink_sendmsg+0x805/0xb30
[  241.734044][ T7920]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.734066][ T7920]  ? __import_iovec+0x5d4/0x7f0
[  241.734087][ T7920]  ? aa_sock_msg_perm+0xf1/0x1d0
[  241.734108][ T7920]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  241.734131][ T7920]  ? __pfx_netlink_sendmsg+0x10/0x10
[  241.734151][ T7920]  __sock_sendmsg+0x219/0x270
[  241.734182][ T7920]  ____sys_sendmsg+0x505/0x830
[  241.734212][ T7920]  ? __pfx_____sys_sendmsg+0x10/0x10
[  241.734250][ T7920]  ___sys_sendmsg+0x21f/0x2a0
[  241.734277][ T7920]  ? __pfx____sys_sendmsg+0x10/0x10
[  241.734339][ T7920]  ? __fget_files+0x2a/0x420
[  241.734357][ T7920]  ? __fget_files+0x3a0/0x420
[  241.734386][ T7920]  __sys_sendmsg+0x164/0x220
[  241.734411][ T7920]  ? __pfx___sys_sendmsg+0x10/0x10
[  241.734453][ T7920]  ? lockdep_hardirqs_on+0x9c/0x150
[  241.734487][ T7920]  __do_fast_syscall_32+0xb6/0x2b0
[  241.734507][ T7920]  ? lockdep_hardirqs_on+0x9c/0x150
[  241.734542][ T7920]  do_fast_syscall_32+0x34/0x80
[  241.734563][ T7920]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  241.734608][ T7920] RIP: 0023:0xf7f77539
[  241.734626][ T7920] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  241.734645][ T7920] RSP: 002b:00000000f548655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  241.734667][ T7920] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  241.734681][ T7920] RDX: 0000000000000840 RSI: 0000000000000000 RDI: 0000000000000000
[  241.734694][ T7920] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  241.734707][ T7920] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  241.734724][ T7920] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  241.734754][ T7920]  </TASK>
[  241.772910][ T7905] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  241.775915][    C0] vkms_vblank_simulate: vblank timer overrun
[  241.925554][ T5958] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  241.927593][    C0] vkms_vblank_simulate: vblank timer overrun
[  242.130314][    C0] hrtimer: interrupt took 394909551 ns
[  242.230350][    C0] vkms_vblank_simulate: vblank timer overrun
[  242.389512][ T5958] usb 2-1: config 0 has no interfaces?
[  242.437651][ T5958] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  242.583613][ T7930] FAULT_INJECTION: forcing a failure.
[  242.583613][ T7930] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  242.596723][ T5958] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.601364][ T7930] CPU: 0 UID: 0 PID: 7930 Comm: syz.3.493 Not tainted syzkaller #0 PREEMPT(full) 
[  242.601397][ T7930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  242.601413][ T7930] Call Trace:
[  242.601422][ T7930]  <TASK>
[  242.601433][ T7930]  dump_stack_lvl+0x189/0x250
[  242.601468][ T7930]  ? __pfx____ratelimit+0x10/0x10
[  242.601501][ T7930]  ? __pfx_dump_stack_lvl+0x10/0x10
[  242.601529][ T7930]  ? __pfx__printk+0x10/0x10
[  242.601575][ T7930]  should_fail_ex+0x414/0x560
[  242.601614][ T7930]  _copy_to_user+0x31/0xb0
[  242.601643][ T7930]  simple_read_from_buffer+0xe1/0x170
[  242.601683][ T7930]  proc_fail_nth_read+0x1b3/0x220
[  242.601724][ T7930]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  242.601753][ T7930]  ? rw_verify_area+0x2a6/0x4d0
[  242.601781][ T7930]  ? __lock_acquire+0xab9/0xd20
[  242.601814][ T7930]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  242.601841][ T7930]  vfs_read+0x1fd/0xa30
[  242.601871][ T7930]  ? fdget_pos+0x247/0x320
[  242.601897][ T7930]  ? __pfx___mutex_lock+0x10/0x10
[  242.601921][ T7930]  ? __pfx_vfs_read+0x10/0x10
[  242.601954][ T7930]  ? __fget_files+0x2a/0x420
[  242.601977][ T7930]  ? __fget_files+0x3a0/0x420
[  242.601996][ T7930]  ? __fget_files+0x2a/0x420
[  242.602027][ T7930]  ksys_read+0x145/0x250
[  242.602059][ T7930]  ? __pfx_ksys_read+0x10/0x10
[  242.602093][ T7930]  ? lockdep_hardirqs_on+0x9c/0x150
[  242.602131][ T7930]  __do_fast_syscall_32+0xb6/0x2b0
[  242.602154][ T7930]  ? lockdep_hardirqs_on+0x9c/0x150
[  242.602192][ T7930]  do_fast_syscall_32+0x34/0x80
[  242.602214][ T7930]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  242.602243][ T7930] RIP: 0023:0xf70fe539
[  242.602263][ T7930] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  242.602282][ T7930] RSP: 002b:00000000f54ee590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  242.602305][ T7930] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54ee620
[  242.602333][ T7930] RDX: 000000000000000f RSI: 00000000f7474ff4 RDI: 0000000000000000
[  242.602347][ T7930] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  242.602359][ T7930] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  242.602372][ T7930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  242.602404][ T7930]  </TASK>
[  242.846976][ T5938] cdc_mbim 5-1:1.0: bind() failure
[  242.900328][ T5938] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[  242.940235][ T5938] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  243.035994][ T5938] usbtest 5-1:1.1: probe with driver usbtest failed with error -71
[  243.084203][ T5938] usb 5-1: USB disconnect, device number 18
[  243.315162][ T5958] usb 2-1: Product: syz
[  243.344731][ T5958] usb 2-1: Manufacturer: syz
[  243.596263][ T5958] usb 2-1: SerialNumber: syz
[  243.667237][ T5958] usb 2-1: config 0 descriptor??
[  244.220775][ T7962] FAULT_INJECTION: forcing a failure.
[  244.220775][ T7962] name failslab, interval 1, probability 0, space 0, times 0
[  244.272699][ T7962] CPU: 0 UID: 0 PID: 7962 Comm: syz.2.503 Not tainted syzkaller #0 PREEMPT(full) 
[  244.272727][ T7962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  244.272740][ T7962] Call Trace:
[  244.272748][ T7962]  <TASK>
[  244.272757][ T7962]  dump_stack_lvl+0x189/0x250
[  244.272785][ T7962]  ? __pfx____ratelimit+0x10/0x10
[  244.272815][ T7962]  ? __pfx_dump_stack_lvl+0x10/0x10
[  244.272838][ T7962]  ? __pfx__printk+0x10/0x10
[  244.272867][ T7962]  ? __lock_acquire+0xab9/0xd20
[  244.272906][ T7962]  should_fail_ex+0x414/0x560
[  244.272938][ T7962]  should_failslab+0xa8/0x100
[  244.272969][ T7962]  kmem_cache_alloc_noprof+0x73/0x3c0
[  244.272996][ T7962]  ? skb_clone+0x212/0x3a0
[  244.273024][ T7962]  skb_clone+0x212/0x3a0
[  244.273050][ T7962]  __netlink_deliver_tap+0x404/0x850
[  244.273095][ T7962]  ? netlink_deliver_tap+0x2e/0x1b0
[  244.273127][ T7962]  netlink_deliver_tap+0x19c/0x1b0
[  244.273159][ T7962]  netlink_unicast+0x7fa/0x9e0
[  244.273196][ T7962]  ? __pfx_netlink_unicast+0x10/0x10
[  244.273226][ T7962]  ? netlink_sendmsg+0x642/0xb30
[  244.273242][ T7962]  ? skb_put+0x11b/0x210
[  244.273265][ T7962]  netlink_sendmsg+0x805/0xb30
[  244.273294][ T7962]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.273315][ T7962]  ? __import_iovec+0x5d4/0x7f0
[  244.273335][ T7962]  ? aa_sock_msg_perm+0xf1/0x1d0
[  244.273356][ T7962]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  244.273378][ T7962]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.273396][ T7962]  __sock_sendmsg+0x219/0x270
[  244.273445][ T7962]  ____sys_sendmsg+0x505/0x830
[  244.273485][ T7962]  ? __pfx_____sys_sendmsg+0x10/0x10
[  244.273532][ T7962]  ___sys_sendmsg+0x21f/0x2a0
[  244.273557][ T7962]  ? __pfx____sys_sendmsg+0x10/0x10
[  244.273623][ T7962]  ? __fget_files+0x2a/0x420
[  244.273647][ T7962]  ? __fget_files+0x3a0/0x420
[  244.273676][ T7962]  __sys_sendmsg+0x164/0x220
[  244.273699][ T7962]  ? __pfx___sys_sendmsg+0x10/0x10
[  244.273740][ T7962]  ? lockdep_hardirqs_on+0x9c/0x150
[  244.273774][ T7962]  __do_fast_syscall_32+0xb6/0x2b0
[  244.273794][ T7962]  ? lockdep_hardirqs_on+0x9c/0x150
[  244.273827][ T7962]  do_fast_syscall_32+0x34/0x80
[  244.273846][ T7962]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  244.273871][ T7962] RIP: 0023:0xf7fc1539
[  244.273889][ T7962] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  244.273906][ T7962] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  244.273927][ T7962] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  244.273941][ T7962] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[  244.273953][ T7962] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  244.273965][ T7962] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  244.273977][ T7962] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  244.274007][ T7962]  </TASK>
[  245.994831][ T5938] usb 2-1: USB disconnect, device number 10
[  246.515934][ T5958] usb 5-1: new low-speed USB device number 19 using dummy_hcd
[  246.707997][ T5958] usb 5-1: No LPM exit latency info found, disabling LPM.
[  246.750519][ T5958] usb 5-1: config 1 interface 0 altsetting 60 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  246.878550][ T5958] usb 5-1: config 1 interface 0 has no altsetting 0
[  246.892680][ T5958] usb 5-1: string descriptor 0 read error: -22
[  246.899621][ T5958] usb 5-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.40
[  246.922957][ T5958] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.450635][ T5958] usbhid 5-1:1.0: can't add hid device: -71
[  247.491997][ T5958] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  247.567122][ T5958] usb 5-1: USB disconnect, device number 19
[  247.865845][ T6017] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  248.065557][ T6017] usb 1-1: Using ep0 maxpacket: 8
[  248.078034][ T6017] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  248.098494][ T6017] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  248.130621][ T6017] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  248.145506][ T6017] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.163892][ T6017] usb 1-1: Product: syz
[  248.174370][ T8021] netlink: 8 bytes leftover after parsing attributes in process `syz.2.517'.
[  248.183610][ T6017] usb 1-1: Manufacturer: syz
[  248.188423][ T6017] usb 1-1: SerialNumber: syz
[  248.437120][ T6017] usb 1-1: 0:2 : does not exist
[  248.483575][ T6017] usb 1-1: USB disconnect, device number 17
[  248.570127][ T5872] udevd[5872]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  248.587613][  T888] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  248.764052][  T888] usb 4-1: config 0 has no interfaces?
[  248.774976][  T888] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  248.785783][  T888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.793836][  T888] usb 4-1: Product: syz
[  248.803599][  T888] usb 4-1: Manufacturer: syz
[  248.808803][  T888] usb 4-1: SerialNumber: syz
[  248.827264][  T888] usb 4-1: config 0 descriptor??
[  249.041043][ T8028] netlink: 16 bytes leftover after parsing attributes in process `syz.3.522'.
[  249.066525][ T8028] netlink: 4 bytes leftover after parsing attributes in process `syz.3.522'.
[  249.197522][ T5938] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  249.375602][ T5938] usb 3-1: Using ep0 maxpacket: 16
[  249.378980][ T8064] netlink: 8 bytes leftover after parsing attributes in process `syz.4.534'.
[  249.402873][ T5938] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  249.416706][ T5938] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  249.443943][ T5938] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  249.463973][ T8068] veth0_to_bridge: entered promiscuous mode
[  249.470095][ T5938] usb 3-1: config 1 has no interface number 1
[  249.530477][ T5938] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  249.628527][ T5938] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  249.660125][ T5938] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  249.674926][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.732579][ T5938] usb 3-1: Product: syz
[  249.754038][ T5938] usb 3-1: Manufacturer: syz
[  249.795202][ T5938] usb 3-1: SerialNumber: syz
[  249.824992][ T8074] netlink: 'syz.4.537': attribute type 12 has an invalid length.
[  249.842266][ T8066] veth0_to_bridge: left promiscuous mode
[  250.036982][ T8083] FAULT_INJECTION: forcing a failure.
[  250.036982][ T8083] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  250.052627][ T8083] CPU: 0 UID: 0 PID: 8083 Comm: syz.0.539 Not tainted syzkaller #0 PREEMPT(full) 
[  250.052656][ T8083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  250.052669][ T8083] Call Trace:
[  250.052678][ T8083]  <TASK>
[  250.052686][ T8083]  dump_stack_lvl+0x189/0x250
[  250.052716][ T8083]  ? __pfx____ratelimit+0x10/0x10
[  250.052746][ T8083]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.052770][ T8083]  ? __pfx__printk+0x10/0x10
[  250.052812][ T8083]  should_fail_ex+0x414/0x560
[  250.052845][ T8083]  _copy_to_user+0x31/0xb0
[  250.052870][ T8083]  simple_read_from_buffer+0xe1/0x170
[  250.052905][ T8083]  proc_fail_nth_read+0x1b3/0x220
[  250.052932][ T8083]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  250.052959][ T8083]  ? rw_verify_area+0x2a6/0x4d0
[  250.052985][ T8083]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  250.053009][ T8083]  vfs_read+0x1fd/0xa30
[  250.053033][ T8083]  ? __pfx_vfs_fallocate+0x10/0x10
[  250.053070][ T8083]  ? __pfx_vfs_read+0x10/0x10
[  250.053096][ T8083]  ? __ia32_compat_sys_ioctl+0x164/0x840
[  250.053124][ T8083]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  250.053149][ T8083]  ? count_memcg_event_mm+0x21/0x260
[  250.053187][ T8083]  ksys_read+0x145/0x250
[  250.053217][ T8083]  ? __pfx_ksys_read+0x10/0x10
[  250.053255][ T8083]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.053289][ T8083]  __do_fast_syscall_32+0xb6/0x2b0
[  250.053309][ T8083]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.053344][ T8083]  do_fast_syscall_32+0x34/0x80
[  250.053363][ T8083]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  250.053387][ T8083] RIP: 0023:0xf7f77539
[  250.053404][ T8083] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  250.053422][ T8083] RSP: 002b:00000000f5486590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  250.053443][ T8083] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5486620
[  250.053456][ T8083] RDX: 000000000000000f RSI: 00000000f7404ff4 RDI: 0000000000000000
[  250.053468][ T8083] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  250.053479][ T8083] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  250.053490][ T8083] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  250.053519][ T8083]  </TASK>
[  250.062863][ T5938] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  250.379457][ T5938] usb 3-1: found format II with max.bitrate = 0, frame size=0
[  250.391379][ T5938] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  250.433577][ T8092] FAULT_INJECTION: forcing a failure.
[  250.433577][ T8092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  250.454966][ T8092] CPU: 0 UID: 0 PID: 8092 Comm: syz.1.542 Not tainted syzkaller #0 PREEMPT(full) 
[  250.454994][ T8092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  250.455007][ T8092] Call Trace:
[  250.455015][ T8092]  <TASK>
[  250.455024][ T8092]  dump_stack_lvl+0x189/0x250
[  250.455053][ T8092]  ? __pfx____ratelimit+0x10/0x10
[  250.455083][ T8092]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.455107][ T8092]  ? __pfx__printk+0x10/0x10
[  250.455136][ T8092]  ? __might_fault+0xb0/0x130
[  250.455174][ T8092]  should_fail_ex+0x414/0x560
[  250.455206][ T8092]  _copy_from_iter+0x1de/0x1790
[  250.455233][ T8092]  ? rcu_is_watching+0x15/0xb0
[  250.455261][ T8092]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  250.455289][ T8092]  ? __pfx__copy_from_iter+0x10/0x10
[  250.455312][ T8092]  ? __build_skb_around+0x257/0x3e0
[  250.455336][ T8092]  ? netlink_sendmsg+0x642/0xb30
[  250.455354][ T8092]  ? skb_put+0x11b/0x210
[  250.455378][ T8092]  netlink_sendmsg+0x6b2/0xb30
[  250.455411][ T8092]  ? __pfx_netlink_sendmsg+0x10/0x10
[  250.455432][ T8092]  ? __import_iovec+0x5d4/0x7f0
[  250.455452][ T8092]  ? aa_sock_msg_perm+0xf1/0x1d0
[  250.455472][ T8092]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  250.455494][ T8092]  ? __pfx_netlink_sendmsg+0x10/0x10
[  250.455515][ T8092]  __sock_sendmsg+0x219/0x270
[  250.455545][ T8092]  ____sys_sendmsg+0x505/0x830
[  250.455573][ T8092]  ? __pfx_____sys_sendmsg+0x10/0x10
[  250.455611][ T8092]  ___sys_sendmsg+0x21f/0x2a0
[  250.455635][ T8092]  ? __pfx____sys_sendmsg+0x10/0x10
[  250.455696][ T8092]  ? __fget_files+0x2a/0x420
[  250.455713][ T8092]  ? __fget_files+0x3a0/0x420
[  250.455742][ T8092]  __sys_sendmsg+0x164/0x220
[  250.455766][ T8092]  ? __pfx___sys_sendmsg+0x10/0x10
[  250.455805][ T8092]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.455839][ T8092]  __do_fast_syscall_32+0xb6/0x2b0
[  250.455860][ T8092]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.455894][ T8092]  do_fast_syscall_32+0x34/0x80
[  250.455914][ T8092]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  250.455939][ T8092] RIP: 0023:0xf703e539
[  250.455957][ T8092] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  250.455974][ T8092] RSP: 002b:00000000f542e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  250.455995][ T8092] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  250.456006][ T8092] RDX: 0000000000000840 RSI: 0000000000000000 RDI: 0000000000000000
[  250.456017][ T8092] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  250.456028][ T8092] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  250.456038][ T8092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  250.456068][ T8092]  </TASK>
[  250.731912][ T5938] usb 3-1: USB disconnect, device number 17
[  250.816075][ T6017] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  250.851662][ T5872] udevd[5872]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  250.968581][ T6017] usb 5-1: Using ep0 maxpacket: 32
[  250.976129][ T6017] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  250.984558][ T6017] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  250.993542][ T6017] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  251.002726][ T6017] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  251.013122][ T6017] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  251.023090][ T6017] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  251.036566][ T6017] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  251.045870][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.068623][ T6017] usb 5-1: config 0 descriptor??
[  251.286629][ T6017] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  251.391289][ T5938] usb 4-1: USB disconnect, device number 19
[  251.400596][ T6017] usb 5-1: USB disconnect, device number 20
[  251.464613][ T6017] usblp0: removed
[  251.826932][ T8127] netlink: 'syz.1.547': attribute type 13 has an invalid length.
[  251.868799][ T6017] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  251.888807][ T8129] FAULT_INJECTION: forcing a failure.
[  251.888807][ T8129] name failslab, interval 1, probability 0, space 0, times 0
[  251.925656][ T8129] CPU: 1 UID: 0 PID: 8129 Comm: syz.0.551 Not tainted syzkaller #0 PREEMPT(full) 
[  251.925682][ T8129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  251.925695][ T8129] Call Trace:
[  251.925702][ T8129]  <TASK>
[  251.925711][ T8129]  dump_stack_lvl+0x189/0x250
[  251.925740][ T8129]  ? __pfx____ratelimit+0x10/0x10
[  251.925769][ T8129]  ? __pfx_dump_stack_lvl+0x10/0x10
[  251.925791][ T8129]  ? __pfx__printk+0x10/0x10
[  251.925820][ T8129]  ? __lock_acquire+0xab9/0xd20
[  251.925857][ T8129]  should_fail_ex+0x414/0x560
[  251.925889][ T8129]  should_failslab+0xa8/0x100
[  251.925922][ T8129]  kmem_cache_alloc_noprof+0x73/0x3c0
[  251.925948][ T8129]  ? skb_clone+0x212/0x3a0
[  251.925976][ T8129]  skb_clone+0x212/0x3a0
[  251.926003][ T8129]  __netlink_deliver_tap+0x404/0x850
[  251.926047][ T8129]  ? netlink_deliver_tap+0x2e/0x1b0
[  251.926086][ T8129]  netlink_deliver_tap+0x19c/0x1b0
[  251.926119][ T8129]  netlink_unicast+0x7fa/0x9e0
[  251.926156][ T8129]  ? __pfx_netlink_unicast+0x10/0x10
[  251.926186][ T8129]  ? netlink_sendmsg+0x642/0xb30
[  251.926202][ T8129]  ? skb_put+0x11b/0x210
[  251.926226][ T8129]  netlink_sendmsg+0x805/0xb30
[  251.926255][ T8129]  ? __pfx_netlink_sendmsg+0x10/0x10
[  251.926277][ T8129]  ? __import_iovec+0x5d4/0x7f0
[  251.926298][ T8129]  ? aa_sock_msg_perm+0xf1/0x1d0
[  251.926319][ T8129]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  251.926341][ T8129]  ? __pfx_netlink_sendmsg+0x10/0x10
[  251.926361][ T8129]  __sock_sendmsg+0x219/0x270
[  251.926392][ T8129]  ____sys_sendmsg+0x505/0x830
[  251.926420][ T8129]  ? __pfx_____sys_sendmsg+0x10/0x10
[  251.926459][ T8129]  ___sys_sendmsg+0x21f/0x2a0
[  251.926485][ T8129]  ? __pfx____sys_sendmsg+0x10/0x10
[  251.926544][ T8129]  ? __fget_files+0x2a/0x420
[  251.926561][ T8129]  ? __fget_files+0x3a0/0x420
[  251.926589][ T8129]  __sys_sendmsg+0x164/0x220
[  251.926614][ T8129]  ? __pfx___sys_sendmsg+0x10/0x10
[  251.926653][ T8129]  ? lockdep_hardirqs_on+0x9c/0x150
[  251.926687][ T8129]  __do_fast_syscall_32+0xb6/0x2b0
[  251.926708][ T8129]  ? lockdep_hardirqs_on+0x9c/0x150
[  251.926741][ T8129]  do_fast_syscall_32+0x34/0x80
[  251.926760][ T8129]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  251.926785][ T8129] RIP: 0023:0xf7f77539
[  251.926802][ T8129] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  251.926820][ T8129] RSP: 002b:00000000f548655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  251.926841][ T8129] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  251.926855][ T8129] RDX: 0000000000000840 RSI: 0000000000000000 RDI: 0000000000000000
[  251.926866][ T8129] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  251.926877][ T8129] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  251.926889][ T8129] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  251.926918][ T8129]  </TASK>
[  252.223577][ T8127] gretap0: refused to change device tx_queue_len
[  252.235486][ T6017] usb 5-1: device descriptor read/64, error -71
[  252.255904][ T8127] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  252.325857][ T5938] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  252.488986][ T6017] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  252.525487][ T5938] usb 3-1: Using ep0 maxpacket: 8
[  252.750216][ T5938] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  252.776649][ T5938] usb 3-1: config 0 has no interface number 0
[  252.831984][ T5938] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  252.845317][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.862452][ T8136] netlink: 4 bytes leftover after parsing attributes in process `syz.3.548'.
[  252.876892][ T5938] usb 3-1: Product: syz
[  252.878436][ T8136] netlink: 4 bytes leftover after parsing attributes in process `syz.3.548'.
[  252.885486][ T5938] usb 3-1: Manufacturer: syz
[  252.890350][ T6017] usb 5-1: device descriptor read/64, error -71
[  252.901588][ T5938] usb 3-1: SerialNumber: syz
[  252.917841][ T5938] usb 3-1: config 0 descriptor??
[  252.967755][ T8143] debugfs: '!' already exists in 'ieee80211'
[  253.057622][ T6017] usb usb5-port1: attempt power cycle
[  253.063604][   T30] audit: type=1326 audit(1756765525.877:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  253.140537][ T8146] input: syz1 as /devices/virtual/input/input13
[  253.147632][   T30] audit: type=1326 audit(1756765525.877:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  253.308325][   T30] audit: type=1326 audit(1756765525.877:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf703e539 code=0x7ffc0000
[  253.572324][   T30] audit: type=1326 audit(1756765525.877:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  253.623803][ T5938] usb 3-1: Found UVC 0.04 device syz (046d:08c3)
[  253.649540][ T5938] usb 3-1: No valid video chain found.
[  253.742184][ T5938] usb 3-1: USB disconnect, device number 18
[  253.758461][   T30] audit: type=1326 audit(1756765525.877:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  253.844421][   T30] audit: type=1326 audit(1756765525.877:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf703e539 code=0x7ffc0000
[  253.925620][   T30] audit: type=1326 audit(1756765525.877:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  253.965567][   T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  254.000777][   T30] audit: type=1326 audit(1756765525.877:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  254.138660][   T30] audit: type=1326 audit(1756765525.877:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf703e539 code=0x7ffc0000
[  254.182848][   T24] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  254.196192][   T24] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  254.226858][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  254.245672][   T30] audit: type=1326 audit(1756765525.877:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz.1.553" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  254.274817][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  254.286610][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  254.301984][   T24] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  254.311420][   T24] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  254.319982][   T24] usb 4-1: Product: syz
[  254.325567][   T24] usb 4-1: Manufacturer: syz
[  254.343756][   T24] cdc_wdm 4-1:1.0: skipping garbage
[  254.350143][   T24] cdc_wdm 4-1:1.0: skipping garbage
[  254.361658][   T24] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  254.367837][   T24] cdc_wdm 4-1:1.0: Unknown control protocol
[  254.584128][   T10] usb 4-1: USB disconnect, device number 20
[  255.886063][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  255.892469][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  256.144791][ T8172] FAULT_INJECTION: forcing a failure.
[  256.144791][ T8172] name failslab, interval 1, probability 0, space 0, times 0
[  256.162628][ T8172] CPU: 1 UID: 0 PID: 8172 Comm: syz.3.562 Not tainted syzkaller #0 PREEMPT(full) 
[  256.162656][ T8172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  256.162670][ T8172] Call Trace:
[  256.162678][ T8172]  <TASK>
[  256.162687][ T8172]  dump_stack_lvl+0x189/0x250
[  256.162717][ T8172]  ? __pfx____ratelimit+0x10/0x10
[  256.162747][ T8172]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.162772][ T8172]  ? __pfx__printk+0x10/0x10
[  256.162806][ T8172]  ? __pfx___might_resched+0x10/0x10
[  256.162831][ T8172]  should_fail_ex+0x414/0x560
[  256.162864][ T8172]  should_failslab+0xa8/0x100
[  256.162895][ T8172]  __kmalloc_noprof+0xcb/0x4f0
[  256.162932][ T8172]  ? __kasan_kmalloc+0x93/0xb0
[  256.162956][ T8172]  ? nla_strdup+0x9d/0x140
[  256.162979][ T8172]  nla_strdup+0x9d/0x140
[  256.162999][ T8172]  nf_tables_newtable+0x491/0x1890
[  256.163040][ T8172]  ? nfnetlink_has_listeners+0x12/0x50
[  256.163088][ T8172]  nfnetlink_rcv+0x1132/0x2520
[  256.163163][ T8172]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  256.163207][ T8172]  ? ref_tracker_free+0x63a/0x7d0
[  256.163264][ T8172]  ? __netlink_deliver_tap+0x807/0x850
[  256.163295][ T8172]  ? netlink_deliver_tap+0x2e/0x1b0
[  256.163343][ T8172]  netlink_unicast+0x82c/0x9e0
[  256.163380][ T8172]  ? __pfx_netlink_unicast+0x10/0x10
[  256.163409][ T8172]  ? netlink_sendmsg+0x642/0xb30
[  256.163435][ T8172]  ? skb_put+0x11b/0x210
[  256.163459][ T8172]  netlink_sendmsg+0x805/0xb30
[  256.163487][ T8172]  ? __pfx_netlink_sendmsg+0x10/0x10
[  256.163509][ T8172]  ? __import_iovec+0x5d4/0x7f0
[  256.163529][ T8172]  ? aa_sock_msg_perm+0xf1/0x1d0
[  256.163550][ T8172]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  256.163572][ T8172]  ? __pfx_netlink_sendmsg+0x10/0x10
[  256.163591][ T8172]  __sock_sendmsg+0x219/0x270
[  256.163622][ T8172]  ____sys_sendmsg+0x505/0x830
[  256.163650][ T8172]  ? __pfx_____sys_sendmsg+0x10/0x10
[  256.163689][ T8172]  ___sys_sendmsg+0x21f/0x2a0
[  256.163714][ T8172]  ? __pfx____sys_sendmsg+0x10/0x10
[  256.163775][ T8172]  ? __fget_files+0x2a/0x420
[  256.163792][ T8172]  ? __fget_files+0x3a0/0x420
[  256.163820][ T8172]  __sys_sendmsg+0x164/0x220
[  256.163844][ T8172]  ? __pfx___sys_sendmsg+0x10/0x10
[  256.163884][ T8172]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.163917][ T8172]  __do_fast_syscall_32+0xb6/0x2b0
[  256.163937][ T8172]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.163969][ T8172]  do_fast_syscall_32+0x34/0x80
[  256.163988][ T8172]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  256.164011][ T8172] RIP: 0023:0xf70fe539
[  256.164028][ T8172] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  256.164045][ T8172] RSP: 002b:00000000f54ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  256.164066][ T8172] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  256.164080][ T8172] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  256.164091][ T8172] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  256.164102][ T8172] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  256.164114][ T8172] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  256.164143][ T8172]  </TASK>
[  256.567991][ T8174] FAULT_INJECTION: forcing a failure.
[  256.567991][ T8174] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  256.582273][ T8174] CPU: 1 UID: 0 PID: 8174 Comm: syz.3.563 Not tainted syzkaller #0 PREEMPT(full) 
[  256.582300][ T8174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  256.582313][ T8174] Call Trace:
[  256.582321][ T8174]  <TASK>
[  256.582330][ T8174]  dump_stack_lvl+0x189/0x250
[  256.582359][ T8174]  ? __pfx____ratelimit+0x10/0x10
[  256.582389][ T8174]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.582414][ T8174]  ? __pfx__printk+0x10/0x10
[  256.582441][ T8174]  ? __might_fault+0xb0/0x130
[  256.582482][ T8174]  should_fail_ex+0x414/0x560
[  256.582515][ T8174]  _copy_from_user+0x2d/0xb0
[  256.582539][ T8174]  csum_and_copy_from_iter_full+0x1e1/0x1ed0
[  256.582586][ T8174]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  256.582623][ T8174]  ? trace_kmalloc+0x1f/0xd0
[  256.582659][ T8174]  ip_generic_getfrag+0x12f/0x2b0
[  256.582688][ T8174]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  256.582717][ T8174]  ? skb_put+0x11b/0x210
[  256.582742][ T8174]  __ip6_append_data+0x3971/0x3f30
[  256.582796][ T8174]  ? __pfx_raw6_getfrag+0x10/0x10
[  256.582835][ T8174]  ? __pfx___ip6_append_data+0x10/0x10
[  256.582860][ T8174]  ? __pfx_ip6_mtu+0x10/0x10
[  256.582896][ T8174]  ip6_append_data+0x1c4/0x380
[  256.582928][ T8174]  ? __pfx_raw6_getfrag+0x10/0x10
[  256.582949][ T8174]  rawv6_sendmsg+0x127a/0x1820
[  256.583000][ T8174]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  256.583059][ T8174]  ? __pfx_aa_sk_perm+0x10/0x10
[  256.583093][ T8174]  ? sock_rps_record_flow+0x19/0x410
[  256.583123][ T8174]  ? inet_sendmsg+0x2f4/0x370
[  256.583147][ T8174]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  256.583173][ T8174]  __sock_sendmsg+0x19c/0x270
[  256.583204][ T8174]  sock_write_iter+0x258/0x330
[  256.583232][ T8174]  ? __pfx_sock_write_iter+0x10/0x10
[  256.583283][ T8174]  do_iter_readv_writev+0x619/0x8b0
[  256.583320][ T8174]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  256.583347][ T8174]  ? common_file_perm+0x1b5/0x230
[  256.583371][ T8174]  ? bpf_lsm_file_permission+0x9/0x20
[  256.583395][ T8174]  ? security_file_permission+0x75/0x290
[  256.583423][ T8174]  ? rw_verify_area+0x255/0x4d0
[  256.583453][ T8174]  vfs_writev+0x31a/0x960
[  256.583478][ T8174]  ? __lock_acquire+0xab9/0xd20
[  256.583510][ T8174]  ? __pfx_vfs_writev+0x10/0x10
[  256.583545][ T8174]  ? __fget_files+0x2a/0x420
[  256.583568][ T8174]  ? __fget_files+0x3a0/0x420
[  256.583585][ T8174]  ? __fget_files+0x2a/0x420
[  256.583613][ T8174]  do_writev+0x14d/0x2d0
[  256.583635][ T8174]  ? __pfx_do_writev+0x10/0x10
[  256.583666][ T8174]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.583699][ T8174]  __do_fast_syscall_32+0xb6/0x2b0
[  256.583719][ T8174]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.583754][ T8174]  do_fast_syscall_32+0x34/0x80
[  256.583774][ T8174]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  256.583798][ T8174] RIP: 0023:0xf70fe539
[  256.583816][ T8174] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  256.583834][ T8174] RSP: 002b:00000000f54ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000092
[  256.583856][ T8174] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0
[  256.583869][ T8174] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  256.583880][ T8174] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  256.583892][ T8174] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  256.583904][ T8174] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  256.583934][ T8174]  </TASK>
[  258.996908][ T8196] FAULT_INJECTION: forcing a failure.
[  258.996908][ T8196] name failslab, interval 1, probability 0, space 0, times 0
[  259.021157][ T8196] CPU: 0 UID: 0 PID: 8196 Comm: syz.4.571 Not tainted syzkaller #0 PREEMPT(full) 
[  259.021198][ T8196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  259.021210][ T8196] Call Trace:
[  259.021219][ T8196]  <TASK>
[  259.021228][ T8196]  dump_stack_lvl+0x189/0x250
[  259.021258][ T8196]  ? __pfx____ratelimit+0x10/0x10
[  259.021288][ T8196]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.021313][ T8196]  ? __pfx__printk+0x10/0x10
[  259.021345][ T8196]  ? __pfx___might_resched+0x10/0x10
[  259.021370][ T8196]  should_fail_ex+0x414/0x560
[  259.021402][ T8196]  should_failslab+0xa8/0x100
[  259.021432][ T8196]  __kmalloc_noprof+0xcb/0x4f0
[  259.021458][ T8196]  ? sock_kmalloc+0xd6/0x160
[  259.021485][ T8196]  sock_kmalloc+0xd6/0x160
[  259.021509][ T8196]  af_alg_alloc_areq+0x8d/0x260
[  259.021536][ T8196]  skcipher_recvmsg+0x356/0x11c0
[  259.021568][ T8196]  ? aa_sk_perm+0x81e/0x950
[  259.021609][ T8196]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  259.021639][ T8196]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  259.021660][ T8196]  ? security_socket_recvmsg+0x7e/0x2e0
[  259.021684][ T8196]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  259.021711][ T8196]  sock_recvmsg+0x229/0x270
[  259.021744][ T8196]  __sys_recvfrom+0x1f6/0x340
[  259.021768][ T8196]  ? __pfx___sys_recvfrom+0x10/0x10
[  259.021804][ T8196]  ? __might_fault+0xb0/0x130
[  259.021856][ T8196]  __ia32_compat_sys_socketcall+0x852/0x9c0
[  259.021881][ T8196]  ? __fget_files+0x3a0/0x420
[  259.021904][ T8196]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[  259.021928][ T8196]  ? fput+0xa0/0xd0
[  259.021949][ T8196]  ? ksys_write+0x22a/0x250
[  259.021986][ T8196]  ? lockdep_hardirqs_on+0x9c/0x150
[  259.022020][ T8196]  __do_fast_syscall_32+0xb6/0x2b0
[  259.022041][ T8196]  ? lockdep_hardirqs_on+0x9c/0x150
[  259.022075][ T8196]  do_fast_syscall_32+0x34/0x80
[  259.022095][ T8196]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  259.022120][ T8196] RIP: 0023:0xf7ff8539
[  259.022137][ T8196] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  259.022155][ T8196] RSP: 002b:00000000f5505440 EFLAGS: 00000206 ORIG_RAX: 0000000000000066
[  259.022182][ T8196] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f550545c
[  259.022196][ T8196] RDX: 0000000000000000 RSI: 00000000f5505560 RDI: 00000000f7484ff4
[  259.022209][ T8196] RBP: 00000000f5505560 R08: 0000000000000000 R09: 0000000000000000
[  259.022222][ T8196] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  259.022233][ T8196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  259.022263][ T8196]  </TASK>
[  259.445744][   T44] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  259.935491][   T44] usb 3-1: Using ep0 maxpacket: 8
[  259.944242][   T44] usb 3-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  259.953480][   T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.965035][   T44] usb 3-1: Product: syz
[  259.980858][   T44] usb 3-1: Manufacturer: syz
[  260.019509][   T44] usb 3-1: SerialNumber: syz
[  260.031103][   T44] usb 3-1: config 0 descriptor??
[  260.058238][   T44] gspca_main: vc032x-2.14.0 probing 046d:0896
[  260.277923][   T44] gspca_vc032x: reg_r err -71
[  260.282787][   T44] vc032x 3-1:0.0: probe with driver vc032x failed with error -71
[  260.323352][   T44] usb 3-1: USB disconnect, device number 19
[  261.926995][ T8230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.583'.
[  262.686746][ T8202] veth0_to_bridge: entered promiscuous mode
[  262.698937][ T8208] veth0_to_bridge: left promiscuous mode
[  262.958761][ T8246] netlink: 36 bytes leftover after parsing attributes in process `syz.1.589'.
[  263.055246][ T8251] netlink: 'syz.1.589': attribute type 2 has an invalid length.
[  263.378251][ T8253] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  263.391389][ T8253] block device autoloading is deprecated and will be removed.
[  263.886519][   T10] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  264.106243][ T8263] hsr0: entered promiscuous mode
[  264.111559][ T8263] macsec1: entered promiscuous mode
[  264.135232][   T10] usb 5-1: not running at top speed; connect to a high speed hub
[  264.226659][   T10] usb 5-1: config 130 has an invalid interface number: 203 but max is 1
[  264.249512][   T10] usb 5-1: config 130 has an invalid interface number: 147 but max is 1
[  264.260284][   T10] usb 5-1: config 130 has an invalid interface number: 228 but max is 1
[  264.269226][   T10] usb 5-1: config 130 contains an unexpected descriptor of type 0x2, skipping
[  264.298875][   T10] usb 5-1: config 130 has an invalid descriptor of length 1, skipping remainder of the config
[  264.375535][   T10] usb 5-1: config 130 has 3 interfaces, different from the descriptor's value: 2
[  264.397636][   T10] usb 5-1: config 130 has no interface number 0
[  264.403964][   T10] usb 5-1: config 130 has no interface number 1
[  264.465616][   T10] usb 5-1: config 130 has no interface number 2
[  264.472013][   T10] usb 5-1: config 130 interface 203 altsetting 1 endpoint 0x4 has invalid maxpacket 1024, setting to 64
[  264.537082][ T8267] input: syz1 as /devices/virtual/input/input14
[  264.563271][   T10] usb 5-1: config 130 interface 203 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  264.575041][   T10] usb 5-1: config 130 interface 203 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  264.611276][   T10] usb 5-1: config 130 interface 203 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  264.624615][   T10] usb 5-1: config 130 interface 203 altsetting 1 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  264.673560][   T10] usb 5-1: config 130 interface 203 altsetting 1 has 6 endpoint descriptors, different from the interface descriptor's value: 8
[  264.692452][   T10] usb 5-1: too many endpoints for config 130 interface 147 altsetting 230: 254, using maximum allowed: 30
[  264.705802][   T10] usb 5-1: config 130 interface 147 altsetting 230 endpoint 0xD has invalid maxpacket 1024, setting to 64
[  264.758620][   T10] usb 5-1: config 130 interface 147 altsetting 230 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  264.785044][   T10] usb 5-1: config 130 interface 147 altsetting 230 has 2 endpoint descriptors, different from the interface descriptor's value: 254
[  264.839338][ T8276] FAULT_INJECTION: forcing a failure.
[  264.839338][ T8276] name failslab, interval 1, probability 0, space 0, times 0
[  264.852944][ T8276] CPU: 1 UID: 0 PID: 8276 Comm: syz.2.600 Not tainted syzkaller #0 PREEMPT(full) 
[  264.852972][ T8276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  264.852985][ T8276] Call Trace:
[  264.852993][ T8276]  <TASK>
[  264.853002][ T8276]  dump_stack_lvl+0x189/0x250
[  264.853032][ T8276]  ? __pfx____ratelimit+0x10/0x10
[  264.853062][ T8276]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.853086][ T8276]  ? __pfx__printk+0x10/0x10
[  264.853121][ T8276]  ? __pfx___might_resched+0x10/0x10
[  264.853139][ T8276]  ? fs_reclaim_acquire+0x7d/0x100
[  264.853176][ T8276]  should_fail_ex+0x414/0x560
[  264.853209][ T8276]  should_failslab+0xa8/0x100
[  264.853240][ T8276]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  264.853268][ T8276]  ? __alloc_skb+0x112/0x2d0
[  264.853292][ T8276]  __alloc_skb+0x112/0x2d0
[  264.853315][ T8276]  netlink_ack+0x146/0xa50
[  264.853343][ T8276]  ? __pfx_genl_rcv_msg+0x10/0x10
[  264.853366][ T8276]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  264.853388][ T8276]  ? __pfx_nl80211_post_doit+0x10/0x10
[  264.853414][ T8276]  ? __asan_memcpy+0x40/0x70
[  264.853436][ T8276]  ? __pfx_ref_tracker_free+0x10/0x10
[  264.853473][ T8276]  netlink_rcv_skb+0x28c/0x470
[  264.853502][ T8276]  ? __lock_acquire+0xab9/0xd20
[  264.853532][ T8276]  ? __pfx_genl_rcv_msg+0x10/0x10
[  264.853558][ T8276]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  264.853610][ T8276]  ? down_read+0x1ad/0x2e0
[  264.853634][ T8276]  genl_rcv+0x28/0x40
[  264.853656][ T8276]  netlink_unicast+0x82c/0x9e0
[  264.853694][ T8276]  ? __pfx_netlink_unicast+0x10/0x10
[  264.853724][ T8276]  ? netlink_sendmsg+0x642/0xb30
[  264.853741][ T8276]  ? skb_put+0x11b/0x210
[  264.853765][ T8276]  netlink_sendmsg+0x805/0xb30
[  264.853794][ T8276]  ? __pfx_netlink_sendmsg+0x10/0x10
[  264.853816][ T8276]  ? __import_iovec+0x5d4/0x7f0
[  264.853837][ T8276]  ? aa_sock_msg_perm+0xf1/0x1d0
[  264.853858][ T8276]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  264.853886][ T8276]  ? __pfx_netlink_sendmsg+0x10/0x10
[  264.853906][ T8276]  __sock_sendmsg+0x219/0x270
[  264.853937][ T8276]  ____sys_sendmsg+0x505/0x830
[  264.853967][ T8276]  ? __pfx_____sys_sendmsg+0x10/0x10
[  264.854007][ T8276]  ___sys_sendmsg+0x21f/0x2a0
[  264.854032][ T8276]  ? __pfx____sys_sendmsg+0x10/0x10
[  264.854095][ T8276]  ? __fget_files+0x2a/0x420
[  264.854112][ T8276]  ? __fget_files+0x3a0/0x420
[  264.854142][ T8276]  __sys_sendmsg+0x164/0x220
[  264.854166][ T8276]  ? __pfx___sys_sendmsg+0x10/0x10
[  264.854207][ T8276]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.854241][ T8276]  __do_fast_syscall_32+0xb6/0x2b0
[  264.854261][ T8276]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.854296][ T8276]  do_fast_syscall_32+0x34/0x80
[  264.854316][ T8276]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  264.854340][ T8276] RIP: 0023:0xf7fc1539
[  264.854357][ T8276] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  264.854375][ T8276] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  264.854396][ T8276] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  264.854410][ T8276] RDX: 0000000004004090 RSI: 0000000000000000 RDI: 0000000000000000
[  264.854422][ T8276] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  264.854434][ T8276] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  264.854446][ T8276] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  264.854477][ T8276]  </TASK>
[  264.865243][   T10] usb 5-1: config 130 interface 228 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  265.410949][   T10] usb 5-1: config 130 interface 228 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[  265.432468][   T10] usb 5-1: config 130 interface 228 altsetting 2 endpoint 0xB has invalid maxpacket 512, setting to 64
[  265.455496][   T10] usb 5-1: config 130 interface 228 altsetting 2 has a duplicate endpoint with address 0xD, skipping
[  265.495491][   T10] usb 5-1: config 130 interface 228 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  265.534099][   T10] usb 5-1: config 130 interface 228 altsetting 2 has a duplicate endpoint with address 0xD, skipping
[  265.555658][   T10] usb 5-1: config 130 interface 228 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  265.585472][   T10] usb 5-1: config 130 interface 228 altsetting 2 has a duplicate endpoint with address 0xB, skipping
[  265.605472][   T10] usb 5-1: config 130 interface 228 altsetting 2 has 11 endpoint descriptors, different from the interface descriptor's value: 16
[  265.635480][   T10] usb 5-1: config 130 interface 203 has no altsetting 0
[  265.663006][   T10] usb 5-1: config 130 interface 147 has no altsetting 0
[  265.673134][   T10] usb 5-1: config 130 interface 228 has no altsetting 0
[  265.696399][   T10] usb 5-1: New USB device found, idVendor=2109, idProduct=0715, bcdDevice=99.99
[  265.705743][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.724424][   T10] usb 5-1: Product: Й
[  265.730705][   T10] usb 5-1: Manufacturer: П
[  265.739571][   T10] usb 5-1: SerialNumber: 䔼ꚜ琬ჵ朠橳㾝榊瞪䁉쎝絀퀐མ擇羬䄀ꦼ锢❲
[  265.943643][ T8258] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  266.042471][ T8297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.603'.
[  266.405201][   T10] usb-storage 5-1:130.203: USB Mass Storage device detected
[  266.430801][   T10] usb-storage 5-1:130.203: Quirks match for vid 2109 pid 0715: 800000
[  266.630837][   T10] usb-storage 5-1:130.147: USB Mass Storage device detected
[  266.716002][   T10] usb-storage 5-1:130.147: Quirks match for vid 2109 pid 0715: 800000
[  266.809018][   T10] usb-storage 5-1:130.228: USB Mass Storage device detected
[  266.844113][   T10] usb-storage 5-1:130.228: Quirks match for vid 2109 pid 0715: 800000
[  267.025949][   T10] usb 5-1: USB disconnect, device number 24
[  267.646032][   T10] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  267.805527][   T10] usb 1-1: Using ep0 maxpacket: 16
[  267.814591][   T10] usb 1-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  267.824502][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.836916][   T10] usb 1-1: Product: syz
[  267.841128][   T10] usb 1-1: Manufacturer: syz
[  267.857100][   T10] usb 1-1: SerialNumber: syz
[  267.895099][   T10] usb 1-1: config 0 descriptor??
[  267.933331][   T10] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  267.995739][   T44] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  268.201133][   T10] gp8psk: usb in 128 operation failed.
[  268.233771][   T10] gp8psk: usb in 137 operation failed.
[  268.239469][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  268.299663][   T44] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  268.311529][   T44] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  268.325323][   T44] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  268.345128][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.346208][   T10] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  268.380459][   T44] usb 3-1: config 0 descriptor??
[  268.393962][   T44] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  268.401387][   T44] dvb-usb: bulk message failed: -22 (3/0)
[  268.419314][   T44] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  268.445987][   T10] usb 1-1: media controller created
[  268.485234][   T44] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  268.497444][   T44] usb 3-1: media controller created
[  268.573629][   T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  268.867346][   T44] dvb-usb: bulk message failed: -22 (6/0)
[  268.898062][   T44] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  268.947348][   T44] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input15
[  268.958555][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  269.005275][   T10] gp8psk_fe: Frontend revision 1 attached
[  269.026198][   T44] dvb-usb: schedule remote query interval to 150 msecs.
[  269.060167][   T44] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  269.129520][   T10] usb 1-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  269.190644][ T8344] cifs: Unknown parameter 'f,'
[  269.217450][   T44] dvb-usb: bulk message failed: -22 (1/0)
[  269.224460][   T44] dvb-usb: error while querying for an remote control event.
[  269.376655][   T10] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  269.388686][   T44] dvb-usb: bulk message failed: -22 (1/0)
[  269.394620][   T44] dvb-usb: error while querying for an remote control event.
[  269.559720][   T10] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  269.574908][   T44] dvb-usb: bulk message failed: -22 (1/0)
[  269.583060][   T44] dvb-usb: error while querying for an remote control event.
[  269.600631][   T10] gp8psk: found Genpix USB device pID = 201 (hex)
[  269.756066][   T44] dvb-usb: bulk message failed: -22 (1/0)
[  269.778387][   T10] usb 1-1: USB disconnect, device number 18
[  269.784827][   T44] dvb-usb: error while querying for an remote control event.
[  270.088433][   T44] dvb-usb: bulk message failed: -22 (1/0)
[  270.094346][   T44] dvb-usb: error while querying for an remote control event.
[  270.152572][   T10] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  270.259862][   T44] dvb-usb: bulk message failed: -22 (1/0)
[  270.266103][   T44] dvb-usb: error while querying for an remote control event.
[  270.285717][ T5876] Bluetooth: hci0: command 0x0405 tx timeout
[  270.436632][   T44] dvb-usb: bulk message failed: -22 (1/0)
[  270.443989][   T44] dvb-usb: error while querying for an remote control event.
[  270.451674][ T5880] Bluetooth: hci1: command 0x0c1a tx timeout
[  270.455764][ T8333] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  270.629308][   T44] dvb-usb: bulk message failed: -22 (1/0)
[  270.637518][   T44] dvb-usb: error while querying for an remote control event.
[  270.657098][   T10] usb 3-1: USB disconnect, device number 20
[  270.742678][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  270.760279][ T8333] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  270.773763][ T8333] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  270.780863][ T8333] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  270.787802][ T8333] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  270.802995][ T8354] loop2: detected capacity change from 0 to 7
[  270.873882][ T5893] Dev loop2: unable to read RDB block 7
[  270.880079][ T5893]  loop2: unable to read partition table
[  270.912635][ T5893] loop2: partition table beyond EOD, truncated
[  270.922347][ T8354] Dev loop2: unable to read RDB block 7
[  270.934764][ T8354]  loop2: unable to read partition table
[  270.940930][ T8354] loop2: partition table beyond EOD, truncated
[  270.948638][ T8354] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  271.045631][   T44] usb 4-1: new low-speed USB device number 21 using dummy_hcd
[  271.255159][   T44] usb 4-1: unable to get BOS descriptor or descriptor too short
[  271.277706][   T44] usb 4-1: unable to read config index 0 descriptor/start: -71
[  271.292443][   T44] usb 4-1: can't read configurations, error -71
[  271.485665][ T5877] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  271.655606][ T5877] usb 3-1: Using ep0 maxpacket: 8
[  271.663715][ T5877] usb 3-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[  271.715758][ T5877] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  271.764878][ T5877] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  271.819329][ T5877] usb 3-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  271.885505][ T5877] usb 3-1: config 0 interface 0 has no altsetting 0
[  271.918613][ T5877] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  271.952947][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.994646][ T5877] usb 3-1: config 0 descriptor??
[  272.262244][ T5877] asus 0003:0B05:1822.0005: item fetching failed at offset 6/7
[  272.302404][ T5877] asus 0003:0B05:1822.0005: Asus hid parse failed: -22
[  272.341978][ T5877] asus 0003:0B05:1822.0005: probe with driver asus failed with error -22
[  272.460614][ T5877] usb 3-1: USB disconnect, device number 21
[  272.529743][ T5880] Bluetooth: hci3: command 0x0c1a tx timeout
[  272.694955][ T8382] netlink: 4 bytes leftover after parsing attributes in process `syz.4.624'.
[  272.855569][ T5880] Bluetooth: hci0: command 0x0405 tx timeout
[  272.855588][ T5876] Bluetooth: hci2: command 0x0c1a tx timeout
[  272.855635][ T5876] Bluetooth: hci4: command 0x0c1a tx timeout
[  274.407275][ T8400] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  274.413714][ T8400] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  274.519194][ T8400] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  274.550976][ T8400] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  274.566804][ T8400] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  274.957128][ T8411] FAULT_INJECTION: forcing a failure.
[  274.957128][ T8411] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.974821][ T8411] CPU: 0 UID: 0 PID: 8411 Comm: syz.0.637 Not tainted syzkaller #0 PREEMPT(full) 
[  274.974850][ T8411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  274.974863][ T8411] Call Trace:
[  274.974875][ T8411]  <TASK>
[  274.974885][ T8411]  dump_stack_lvl+0x189/0x250
[  274.974928][ T8411]  ? __pfx____ratelimit+0x10/0x10
[  274.974958][ T8411]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.974982][ T8411]  ? __pfx__printk+0x10/0x10
[  274.975029][ T8411]  should_fail_ex+0x414/0x560
[  274.975061][ T8411]  _copy_to_user+0x31/0xb0
[  274.975086][ T8411]  simple_read_from_buffer+0xe1/0x170
[  274.975120][ T8411]  proc_fail_nth_read+0x1b3/0x220
[  274.975146][ T8411]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  274.975171][ T8411]  ? rw_verify_area+0x2a6/0x4d0
[  274.975212][ T8411]  ? __lock_acquire+0xab9/0xd20
[  274.975239][ T8411]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  274.975263][ T8411]  vfs_read+0x1fd/0xa30
[  274.975289][ T8411]  ? fdget_pos+0x247/0x320
[  274.975311][ T8411]  ? __pfx___mutex_lock+0x10/0x10
[  274.975331][ T8411]  ? __pfx_vfs_read+0x10/0x10
[  274.975359][ T8411]  ? __fget_files+0x2a/0x420
[  274.975381][ T8411]  ? __fget_files+0x3a0/0x420
[  274.975398][ T8411]  ? __fget_files+0x2a/0x420
[  274.975424][ T8411]  ksys_read+0x145/0x250
[  274.975453][ T8411]  ? __pfx_ksys_read+0x10/0x10
[  274.975482][ T8411]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.975514][ T8411]  __do_fast_syscall_32+0xb6/0x2b0
[  274.975533][ T8411]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.975567][ T8411]  do_fast_syscall_32+0x34/0x80
[  274.975586][ T8411]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  274.975611][ T8411] RIP: 0023:0xf7f77539
[  274.975629][ T8411] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  274.975647][ T8411] RSP: 002b:00000000f5486590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  274.975670][ T8411] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5486620
[  274.975684][ T8411] RDX: 000000000000000f RSI: 00000000f7404ff4 RDI: 0000000000000000
[  274.975696][ T8411] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  274.975708][ T8411] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  274.975720][ T8411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  274.975749][ T8411]  </TASK>
[  275.565696][ T8420] FAULT_INJECTION: forcing a failure.
[  275.565696][ T8420] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  275.579711][ T8420] CPU: 0 UID: 0 PID: 8420 Comm: syz.1.642 Not tainted syzkaller #0 PREEMPT(full) 
[  275.579748][ T8420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  275.579762][ T8420] Call Trace:
[  275.579770][ T8420]  <TASK>
[  275.579778][ T8420]  dump_stack_lvl+0x189/0x250
[  275.579808][ T8420]  ? __pfx____ratelimit+0x10/0x10
[  275.579838][ T8420]  ? __pfx_dump_stack_lvl+0x10/0x10
[  275.579863][ T8420]  ? __pfx__printk+0x10/0x10
[  275.579892][ T8420]  ? __might_fault+0xb0/0x130
[  275.579933][ T8420]  should_fail_ex+0x414/0x560
[  275.579965][ T8420]  _copy_from_iter+0x1de/0x1790
[  275.579996][ T8420]  ? rcu_is_watching+0x15/0xb0
[  275.580018][ T8420]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  275.580048][ T8420]  ? __pfx__copy_from_iter+0x10/0x10
[  275.580071][ T8420]  ? __build_skb_around+0x257/0x3e0
[  275.580096][ T8420]  ? netlink_sendmsg+0x642/0xb30
[  275.580125][ T8420]  ? skb_put+0x11b/0x210
[  275.580148][ T8420]  netlink_sendmsg+0x6b2/0xb30
[  275.580176][ T8420]  ? __pfx_netlink_sendmsg+0x10/0x10
[  275.580198][ T8420]  ? __import_iovec+0x5d4/0x7f0
[  275.580218][ T8420]  ? aa_sock_msg_perm+0xf1/0x1d0
[  275.580239][ T8420]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  275.580260][ T8420]  ? __pfx_netlink_sendmsg+0x10/0x10
[  275.580280][ T8420]  __sock_sendmsg+0x219/0x270
[  275.580311][ T8420]  ____sys_sendmsg+0x505/0x830
[  275.580339][ T8420]  ? __pfx_____sys_sendmsg+0x10/0x10
[  275.580377][ T8420]  ___sys_sendmsg+0x21f/0x2a0
[  275.580402][ T8420]  ? __pfx____sys_sendmsg+0x10/0x10
[  275.580462][ T8420]  ? __fget_files+0x2a/0x420
[  275.580478][ T8420]  ? __fget_files+0x3a0/0x420
[  275.580506][ T8420]  __sys_sendmsg+0x164/0x220
[  275.580531][ T8420]  ? __pfx___sys_sendmsg+0x10/0x10
[  275.580588][ T8420]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.580622][ T8420]  __do_fast_syscall_32+0xb6/0x2b0
[  275.580642][ T8420]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.580681][ T8420]  do_fast_syscall_32+0x34/0x80
[  275.580701][ T8420]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  275.580732][ T8420] RIP: 0023:0xf703e539
[  275.580750][ T8420] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  275.580767][ T8420] RSP: 002b:00000000f542e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  275.580788][ T8420] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000240
[  275.580802][ T8420] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[  275.580813][ T8420] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  275.580824][ T8420] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  275.580834][ T8420] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  275.580863][ T8420]  </TASK>
[  275.605555][   T44] usb 5-1: new low-speed USB device number 25 using dummy_hcd
[  276.138051][   T44] usb 5-1: unable to get BOS descriptor or descriptor too short
[  276.171046][   T44] usb 5-1: unable to read config index 0 descriptor/start: -71
[  276.273885][   T44] usb 5-1: can't read configurations, error -71
[  276.476837][ T5876] Bluetooth: hci3: command 0x0c1a tx timeout
[  276.476866][ T5880] Bluetooth: hci1: command 0x0c1a tx timeout
[  276.538529][ T5880] Bluetooth: hci4: command 0x0c1a tx timeout
[  276.605822][ T5880] Bluetooth: hci0: command 0x0405 tx timeout
[  276.607703][ T5876] Bluetooth: hci2: command 0x0c1a tx timeout
[  277.306742][ T8449] FAULT_INJECTION: forcing a failure.
[  277.306742][ T8449] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  277.355900][ T8449] CPU: 0 UID: 0 PID: 8449 Comm: syz.4.651 Not tainted syzkaller #0 PREEMPT(full) 
[  277.355934][ T8449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  277.355947][ T8449] Call Trace:
[  277.355955][ T8449]  <TASK>
[  277.355963][ T8449]  dump_stack_lvl+0x189/0x250
[  277.355993][ T8449]  ? __pfx____ratelimit+0x10/0x10
[  277.356024][ T8449]  ? __pfx_dump_stack_lvl+0x10/0x10
[  277.356048][ T8449]  ? __pfx__printk+0x10/0x10
[  277.356091][ T8449]  should_fail_ex+0x414/0x560
[  277.356123][ T8449]  _copy_to_user+0x31/0xb0
[  277.356150][ T8449]  simple_read_from_buffer+0xe1/0x170
[  277.356184][ T8449]  proc_fail_nth_read+0x1b3/0x220
[  277.356211][ T8449]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  277.356237][ T8449]  ? rw_verify_area+0x2a6/0x4d0
[  277.356261][ T8449]  ? __lock_acquire+0xab9/0xd20
[  277.356289][ T8449]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  277.356314][ T8449]  vfs_read+0x1fd/0xa30
[  277.356339][ T8449]  ? fdget_pos+0x247/0x320
[  277.356362][ T8449]  ? __pfx___mutex_lock+0x10/0x10
[  277.356381][ T8449]  ? __pfx_vfs_read+0x10/0x10
[  277.356409][ T8449]  ? __fget_files+0x2a/0x420
[  277.356432][ T8449]  ? __fget_files+0x3a0/0x420
[  277.356448][ T8449]  ? __fget_files+0x2a/0x420
[  277.356475][ T8449]  ksys_read+0x145/0x250
[  277.356504][ T8449]  ? __pfx_ksys_read+0x10/0x10
[  277.356535][ T8449]  ? lockdep_hardirqs_on+0x9c/0x150
[  277.356579][ T8449]  __do_fast_syscall_32+0xb6/0x2b0
[  277.356599][ T8449]  ? lockdep_hardirqs_on+0x9c/0x150
[  277.356632][ T8449]  do_fast_syscall_32+0x34/0x80
[  277.356650][ T8449]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  277.356675][ T8449] RIP: 0023:0xf7ff8539
[  277.356691][ T8449] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  277.356707][ T8449] RSP: 002b:00000000f5506590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  277.356727][ T8449] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5506620
[  277.356741][ T8449] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[  277.356753][ T8449] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  277.356770][ T8449] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  277.356781][ T8449] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  277.356810][ T8449]  </TASK>
[  277.622284][ T5877] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  277.917115][ T8458] FAULT_INJECTION: forcing a failure.
[  277.917115][ T8458] name failslab, interval 1, probability 0, space 0, times 0
[  277.949141][ T8458] CPU: 0 UID: 0 PID: 8458 Comm: syz.4.656 Not tainted syzkaller #0 PREEMPT(full) 
[  277.949167][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  277.949180][ T8458] Call Trace:
[  277.949188][ T8458]  <TASK>
[  277.949196][ T8458]  dump_stack_lvl+0x189/0x250
[  277.949225][ T8458]  ? __pfx____ratelimit+0x10/0x10
[  277.949257][ T8458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  277.949282][ T8458]  ? __pfx__printk+0x10/0x10
[  277.949308][ T8458]  ? genl_rcv+0x28/0x40
[  277.949331][ T8458]  ? ____sys_sendmsg+0x505/0x830
[  277.949352][ T8458]  ? __sys_sendmsg+0x164/0x220
[  277.949385][ T8458]  should_fail_ex+0x414/0x560
[  277.949418][ T8458]  should_failslab+0xa8/0x100
[  277.949450][ T8458]  kmem_cache_alloc_noprof+0x73/0x3c0
[  277.949477][ T8458]  ? skb_clone+0x212/0x3a0
[  277.949505][ T8458]  skb_clone+0x212/0x3a0
[  277.949533][ T8458]  __netlink_deliver_tap+0x404/0x850
[  277.949579][ T8458]  ? netlink_deliver_tap+0x2e/0x1b0
[  277.949611][ T8458]  netlink_deliver_tap+0x19c/0x1b0
[  277.949645][ T8458]  netlink_sendskb+0x68/0x140
[  277.949676][ T8458]  netlink_unicast+0x397/0x9e0
[  277.949710][ T8458]  ? __asan_memcpy+0x40/0x70
[  277.949743][ T8458]  ? __pfx_netlink_unicast+0x10/0x10
[  277.949782][ T8458]  netlink_rcv_skb+0x28c/0x470
[  277.949811][ T8458]  ? __lock_acquire+0xab9/0xd20
[  277.949841][ T8458]  ? __pfx_genl_rcv_msg+0x10/0x10
[  277.949868][ T8458]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  277.949921][ T8458]  ? down_read+0x1ad/0x2e0
[  277.949945][ T8458]  genl_rcv+0x28/0x40
[  277.949967][ T8458]  netlink_unicast+0x82c/0x9e0
[  277.950005][ T8458]  ? __pfx_netlink_unicast+0x10/0x10
[  277.950036][ T8458]  ? netlink_sendmsg+0x642/0xb30
[  277.950053][ T8458]  ? skb_put+0x11b/0x210
[  277.950078][ T8458]  netlink_sendmsg+0x805/0xb30
[  277.950108][ T8458]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.950130][ T8458]  ? __import_iovec+0x5d4/0x7f0
[  277.950152][ T8458]  ? aa_sock_msg_perm+0xf1/0x1d0
[  277.950174][ T8458]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  277.950196][ T8458]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.950217][ T8458]  __sock_sendmsg+0x219/0x270
[  277.950248][ T8458]  ____sys_sendmsg+0x505/0x830
[  277.950278][ T8458]  ? __pfx_____sys_sendmsg+0x10/0x10
[  277.950319][ T8458]  ___sys_sendmsg+0x21f/0x2a0
[  277.950345][ T8458]  ? __pfx____sys_sendmsg+0x10/0x10
[  277.950409][ T8458]  ? __fget_files+0x2a/0x420
[  277.950426][ T8458]  ? __fget_files+0x3a0/0x420
[  277.950456][ T8458]  __sys_sendmsg+0x164/0x220
[  277.950481][ T8458]  ? __pfx___sys_sendmsg+0x10/0x10
[  277.950522][ T8458]  ? lockdep_hardirqs_on+0x9c/0x150
[  277.950555][ T8458]  __do_fast_syscall_32+0xb6/0x2b0
[  277.950575][ T8458]  ? lockdep_hardirqs_on+0x9c/0x150
[  277.950610][ T8458]  do_fast_syscall_32+0x34/0x80
[  277.950629][ T8458]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  277.950654][ T8458] RIP: 0023:0xf7ff8539
[  277.950672][ T8458] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  277.950696][ T8458] RSP: 002b:00000000f550655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  277.950719][ T8458] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000240
[  277.950733][ T8458] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  277.950745][ T8458] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  277.950756][ T8458] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  277.950768][ T8458] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  277.950799][ T8458]  </TASK>
[  278.591435][ T5877] usb 4-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  278.600709][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.614294][ T5877] usb 4-1: config 0 descriptor??
[  278.707749][ T6017] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  278.840805][ T8443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  278.851525][ T6017] usb 2-1: device descriptor read/64, error -71
[  278.862295][ T8443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  278.874769][ T5877] usb 4-1: can't set first interface for hiFace device.
[  278.941919][   T10] usb 3-1: new low-speed USB device number 22 using dummy_hcd
[  278.949920][ T5877] snd-usb-hiface 4-1:0.0: probe with driver snd-usb-hiface failed with error -5
[  278.964796][ T5877] usb 4-1: USB disconnect, device number 23
[  278.983913][ T8478] netlink: 14 bytes leftover after parsing attributes in process `syz.0.662'.
[  279.106068][ T8476] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  279.115894][ T8476] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  279.122222][ T8476] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  279.128627][ T8476] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  279.164545][ T6017] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  279.175838][ T8476] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  279.199597][   T10] usb 3-1: unable to get BOS descriptor or descriptor too short
[  279.239950][ T5876] ==================================================================
[  279.248085][ T5876] BUG: KASAN: slab-use-after-free in l2cap_disconn_ind+0x79/0xc0
[  279.255861][ T5876] Read of size 1 at addr ffff8880792c72b0 by task kworker/u9:3/5876
[  279.264035][ T5876] 
[  279.266372][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[  279.266398][ T5876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  279.266411][ T5876] Workqueue: hci0 hci_conn_timeout
[  279.266439][ T5876] Call Trace:
[  279.266448][ T5876]  <TASK>
[  279.266457][ T5876]  dump_stack_lvl+0x189/0x250
[  279.266482][ T5876]  ? __virt_addr_valid+0x1c8/0x5c0
[  279.266506][ T5876]  ? rcu_is_watching+0x15/0xb0
[  279.266524][ T5876]  ? __kasan_check_byte+0x12/0x40
[  279.266553][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.266575][ T5876]  ? rcu_is_watching+0x15/0xb0
[  279.266594][ T5876]  ? lock_release+0x4b/0x3e0
[  279.266625][ T5876]  ? __virt_addr_valid+0x1c8/0x5c0
[  279.266657][ T5876]  ? __virt_addr_valid+0x4a5/0x5c0
[  279.266683][ T5876]  print_report+0xca/0x240
[  279.266702][ T5876]  ? l2cap_disconn_ind+0x79/0xc0
[  279.266728][ T5876]  kasan_report+0x118/0x150
[  279.266758][ T5876]  ? l2cap_disconn_ind+0x79/0xc0
[  279.266788][ T5876]  l2cap_disconn_ind+0x79/0xc0
[  279.266816][ T5876]  hci_conn_timeout+0xdd/0x290
[  279.266837][ T5876]  ? process_scheduled_works+0x9ef/0x17b0
[  279.266857][ T5876]  process_scheduled_works+0xae1/0x17b0
[  279.266891][ T5876]  ? __pfx_process_scheduled_works+0x10/0x10
[  279.266919][ T5876]  worker_thread+0x8a0/0xda0
[  279.266951][ T5876]  kthread+0x70e/0x8a0
[  279.266977][ T5876]  ? __pfx_worker_thread+0x10/0x10
[  279.266997][ T5876]  ? __pfx_kthread+0x10/0x10
[  279.267022][ T5876]  ? _raw_spin_unlock_irq+0x23/0x50
[  279.267048][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  279.267077][ T5876]  ? __pfx_kthread+0x10/0x10
[  279.267101][ T5876]  ret_from_fork+0x3fc/0x770
[  279.267122][ T5876]  ? __pfx_ret_from_fork+0x10/0x10
[  279.267145][ T5876]  ? __switch_to_asm+0x39/0x70
[  279.267170][ T5876]  ? __switch_to_asm+0x33/0x70
[  279.267195][ T5876]  ? __pfx_kthread+0x10/0x10
[  279.267219][ T5876]  ret_from_fork_asm+0x1a/0x30
[  279.267254][ T5876]  </TASK>
[  279.267261][ T5876] 
[  279.455636][ T5876] Allocated by task 8476:
[  279.459974][ T5876]  kasan_save_track+0x3e/0x80
[  279.464667][ T5876]  __kasan_kmalloc+0x93/0xb0
[  279.469264][ T5876]  __kmalloc_cache_noprof+0x230/0x3d0
[  279.474835][ T5876]  l2cap_conn_add+0xaa/0x8d0
[  279.479452][ T5876]  l2cap_chan_connect+0x6c8/0xe30
[  279.484593][ T5876]  lowpan_control_write+0x421/0x6c0
[  279.490110][ T5876]  full_proxy_write+0x124/0x1f0
[  279.495250][ T5876]  vfs_write+0x27e/0xb30
[  279.500138][ T5876]  ksys_write+0x145/0x250
[  279.504532][ T5876]  __do_fast_syscall_32+0xb6/0x2b0
[  279.509687][ T5876]  do_fast_syscall_32+0x34/0x80
[  279.514569][ T5876]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  279.520926][ T5876] 
[  279.523258][ T5876] Freed by task 8476:
[  279.527671][ T5876]  kasan_save_track+0x3e/0x80
[  279.532362][ T5876]  kasan_save_free_info+0x46/0x50
[  279.537387][ T5876]  __kasan_slab_free+0x5b/0x80
[  279.542159][ T5876]  kfree+0x18e/0x440
[  279.546058][ T5876]  l2cap_connect_cfm+0x11d/0x1040
[  279.551360][ T5876]  hci_conn_failed+0x1cb/0x310
[  279.556133][ T5876]  hci_abort_conn_sync+0x658/0xe30
[  279.561256][ T5876]  hci_disconnect_all_sync+0x1b5/0x350
[  279.566712][ T5876]  hci_suspend_sync+0x3fc/0xc60
[  279.571568][ T5876]  hci_suspend_dev+0x28d/0x4d0
[  279.576349][ T5876]  hci_suspend_notifier+0xf2/0x290
[  279.581468][ T5876]  notifier_call_chain+0x1b6/0x3e0
[  279.586582][ T5876]  blocking_notifier_call_chain_robust+0x85/0x100
[  279.593010][ T5876]  pm_notifier_call_chain_robust+0x2c/0x60
[  279.598825][ T5876]  snapshot_open+0x19c/0x280
[  279.603423][ T5876]  misc_open+0x2bc/0x330
[  279.607672][ T5876]  chrdev_open+0x4c9/0x5e0
[  279.612096][ T5876]  do_dentry_open+0x950/0x13f0
[  279.616860][ T5876]  vfs_open+0x3b/0x340
[  279.620927][ T5876]  path_openat+0x2ee5/0x3830
[  279.625520][ T5876]  do_filp_open+0x1fa/0x410
[  279.630029][ T5876]  do_sys_openat2+0x121/0x1c0
[  279.634703][ T5876]  __ia32_compat_sys_openat+0x131/0x160
[  279.640248][ T5876]  __do_fast_syscall_32+0xb6/0x2b0
[  279.645357][ T5876]  do_fast_syscall_32+0x34/0x80
[  279.650207][ T5876]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  279.656561][ T5876] 
[  279.658888][ T5876] The buggy address belongs to the object at ffff8880792c7000
[  279.658888][ T5876]  which belongs to the cache kmalloc-1k of size 1024
[  279.672939][ T5876] The buggy address is located 688 bytes inside of
[  279.672939][ T5876]  freed 1024-byte region [ffff8880792c7000, ffff8880792c7400)
[  279.686837][ T5876] 
[  279.689164][ T5876] The buggy address belongs to the physical page:
[  279.695594][ T5876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x792c0
[  279.704376][ T5876] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  279.712878][ T5876] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  279.720426][ T5876] page_type: f5(slab)
[  279.724411][ T5876] raw: 00fff00000000040 ffff88801a441dc0 dead000000000100 dead000000000122
[  279.733343][ T5876] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  279.741932][ T5876] head: 00fff00000000040 ffff88801a441dc0 dead000000000100 dead000000000122
[  279.750608][ T5876] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  279.759281][ T5876] head: 00fff00000000003 ffffea0001e4b001 00000000ffffffff 00000000ffffffff
[  279.767969][ T5876] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  279.776635][ T5876] page dumped because: kasan: bad access detected
[  279.783044][ T5876] page_owner tracks the page as allocated
[  279.788752][ T5876] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5618, tgid 5618 (dhcpcd-run-hook), ts 58859895623, free_ts 58810430731
[  279.810385][ T5876]  post_alloc_hook+0x240/0x2a0
[  279.815163][ T5876]  get_page_from_freelist+0x21e4/0x22c0
[  279.820711][ T5876]  __alloc_frozen_pages_noprof+0x181/0x370
[  279.826537][ T5876]  alloc_pages_mpol+0x232/0x4a0
[  279.831394][ T5876]  allocate_slab+0x8a/0x370
[  279.835902][ T5876]  ___slab_alloc+0xbeb/0x1410
[  279.840582][ T5876]  __kmalloc_noprof+0x305/0x4f0
[  279.845451][ T5876]  load_elf_phdrs+0x13e/0x230
[  279.850135][ T5876]  load_elf_binary+0x959/0x2740
[  279.854994][ T5876]  bprm_execve+0x999/0x1450
[  279.859502][ T5876]  do_execveat_common+0x510/0x6a0
[  279.864539][ T5876]  __x64_sys_execve+0x94/0xb0
[  279.869303][ T5876]  do_syscall_64+0xfa/0x3b0
[  279.873808][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.879702][ T5876] page last free pid 5617 tgid 5617 stack trace:
[  279.886022][ T5876]  __free_frozen_pages+0xbc4/0xd30
[  279.891150][ T5876]  __put_partials+0x156/0x1a0
[  279.895824][ T5876]  put_cpu_partial+0x17c/0x250
[  279.900589][ T5876]  __slab_free+0x2d5/0x3c0
[  279.905004][ T5876]  qlist_free_all+0x97/0x140
[  279.909595][ T5876]  kasan_quarantine_reduce+0x148/0x160
[  279.915074][ T5876]  __kasan_slab_alloc+0x22/0x80
[  279.919933][ T5876]  __kmalloc_noprof+0x224/0x4f0
[  279.924789][ T5876]  load_elf_binary+0x326/0x2740
[  279.929645][ T5876]  bprm_execve+0x999/0x1450
[  279.934167][ T5876]  do_execveat_common+0x510/0x6a0
[  279.939194][ T5876]  __x64_sys_execve+0x94/0xb0
[  279.943884][ T5876]  do_syscall_64+0xfa/0x3b0
[  279.948384][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.954277][ T5876] 
[  279.956599][ T5876] Memory state around the buggy address:
[  279.962229][ T5876]  ffff8880792c7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  279.970292][ T5876]  ffff8880792c7200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  279.978369][ T5876] >ffff8880792c7280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  279.986445][ T5876]                                      ^
[  279.992073][ T5876]  ffff8880792c7300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  280.000133][ T5876]  ffff8880792c7380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  280.008287][ T5876] ==================================================================
[  280.018976][ T5876] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  280.026178][ T5876] CPU: 0 UID: 0 PID: 5876 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[  280.035632][ T5876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  280.045727][ T5876] Workqueue: hci0 hci_conn_timeout
[  280.050852][ T5876] Call Trace:
[  280.054150][ T5876]  <TASK>
[  280.057084][ T5876]  dump_stack_lvl+0x99/0x250
[  280.061689][ T5876]  ? __asan_memcpy+0x40/0x70
[  280.066276][ T5876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  280.071478][ T5876]  ? __pfx__printk+0x10/0x10
[  280.076077][ T5876]  vpanic+0x281/0x750
[  280.080061][ T5876]  ? __pfx_print_hex_dump+0x10/0x10
[  280.085282][ T5876]  ? __pfx_vpanic+0x10/0x10
[  280.089783][ T5876]  ? preempt_schedule_common+0x83/0xd0
[  280.095246][ T5876]  ? preempt_schedule+0xae/0xc0
[  280.100101][ T5876]  panic+0xb9/0xc0
[  280.103821][ T5876]  ? __pfx_panic+0x10/0x10
[  280.108235][ T5876]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  280.114564][ T5876]  ? l2cap_disconn_ind+0x79/0xc0
[  280.119589][ T5876]  check_panic_on_warn+0x89/0xb0
[  280.124704][ T5876]  ? l2cap_disconn_ind+0x79/0xc0
[  280.129662][ T5876]  end_report+0x78/0x160
[  280.133907][ T5876]  kasan_report+0x129/0x150
[  280.138417][ T5876]  ? l2cap_disconn_ind+0x79/0xc0
[  280.143361][ T5876]  l2cap_disconn_ind+0x79/0xc0
[  280.148124][ T5876]  hci_conn_timeout+0xdd/0x290
[  280.152889][ T5876]  ? process_scheduled_works+0x9ef/0x17b0
[  280.158619][ T5876]  process_scheduled_works+0xae1/0x17b0
[  280.164258][ T5876]  ? __pfx_process_scheduled_works+0x10/0x10
[  280.170415][ T5876]  worker_thread+0x8a0/0xda0
[  280.175018][ T5876]  kthread+0x70e/0x8a0
[  280.179098][ T5876]  ? __pfx_worker_thread+0x10/0x10
[  280.184236][ T5876]  ? __pfx_kthread+0x10/0x10
[  280.188846][ T5876]  ? _raw_spin_unlock_irq+0x23/0x50
[  280.194068][ T5876]  ? lockdep_hardirqs_on+0x9c/0x150
[  280.199321][ T5876]  ? __pfx_kthread+0x10/0x10
[  280.203916][ T5876]  ret_from_fork+0x3fc/0x770
[  280.208524][ T5876]  ? __pfx_ret_from_fork+0x10/0x10
[  280.213641][ T5876]  ? __switch_to_asm+0x39/0x70
[  280.218425][ T5876]  ? __switch_to_asm+0x33/0x70
[  280.223202][ T5876]  ? __pfx_kthread+0x10/0x10
[  280.227796][ T5876]  ret_from_fork_asm+0x1a/0x30
[  280.232585][ T5876]  </TASK>
[  280.235914][ T5876] Kernel Offset: disabled
[  280.240254][ T5876] Rebooting in 86400 seconds..