last executing test programs:

15.730190393s ago: executing program 1 (id=6283):
close(0xffffffffffffffff)
socket$tipc(0x1e, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_open_dev$sndmidi(&(0x7f0000000040), 0xa, 0x141101)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0300000004000000040000000100000007ff0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="19"], 0x48)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
r2 = syz_open_dev$loop(0x0, 0x81, 0x101000)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000300)={{}, 0x0, &(0x7f00000002c0)='%-010d \x00'}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec0000000109021200"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
mmap(&(0x7f00001aa000/0x4000)=nil, 0x4000, 0x2000008, 0x10012, r2, 0x0)
mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1)
mlock2(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x0)
r4 = io_uring_setup(0xc34, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2})
socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000340)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58)
close_range(r4, 0xffffffffffffffff, 0x0)
write$tun(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="0000080001000000000014005f0c00008016000000000001907800907800000000450000000000000000210000ac1414aa7f000001"], 0xfdef)

12.570652864s ago: executing program 1 (id=6294):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a"], 0x44}}, 0x0)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff3a4ee9bfd5c3a3696c40af0b", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0) (fail_nth: 5)

11.412275818s ago: executing program 1 (id=6298):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x5, 0x488, 0x0, {}, {}, {}, 0x1, @can={{}, 0x3, 0x2, 0x0, 0x0, "b68c52d2be3c0d90"}}, 0x48}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x2, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0xfffffffc, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x4, 0x5, @void, @value, @void, @value}, 0xfffffffffffffe4e)
socket(0x10, 0x3, 0x0)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmsg$inet6(r3, &(0x7f0000000440)={&(0x7f0000000240)={0xa, 0x4e22, 0x3, @remote, 0x1}, 0x1c, &(0x7f0000000600)}, 0x44044)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r4, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)

8.168476102s ago: executing program 1 (id=6308):
syz_usb_connect(0x0, 0x24, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0xe4, 0xfc, 0xea, 0x8, 0xa257, 0x2013, 0x5448, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4c, 0x96, 0x78}}]}}]}}, 0x0)
syz_usb_connect$printer(0x3, 0x36, &(0x7f0000001680)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xf, 0x80, 0xd, [{{0x9, 0x4, 0x0, 0x38, 0x1, 0x7, 0x1, 0x1, 0xd, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0xc3, 0x9, 0x2}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x3, 0x9}}]}}}]}}]}}, &(0x7f0000001dc0)={0xa, &(0x7f00000016c0)={0xa, 0x6, 0x300, 0x3, 0x0, 0x3, 0x10, 0xd}, 0x5, &(0x7f0000001b00)={0x5, 0xf, 0x5}, 0x7, [{0x4, &(0x7f0000001b40)=@lang_id={0x4, 0x3, 0x812}}, {0x5b, &(0x7f0000001b80)=@string={0x5b, 0x3, "b4e737f42a3bc98e14b6ffa716a8a65c6fe12f67137090d43758e0dd0adab79cc3df5b242d41ebc929747fb2008716aa885a74d57b4bd086b32ac39c0de2991174559c222df3a9b20211cc8ad0033984ebe6227a5dc5917de3"}}, {0x4, &(0x7f0000001c00)=@lang_id={0x4, 0x3, 0x3c0a}}, {0x4, &(0x7f0000001c40)=@lang_id={0x4, 0x3, 0x42d}}, {0x4, &(0x7f0000001c80)=@lang_id={0x4, 0x3, 0x42f}}, {0xaf, &(0x7f0000001cc0)=@string={0xaf, 0x3, "cf1b381687e1fe97e33e4569d3ff044d8fb0139f4a40b5db4c47fe2e6d75f32accaab0965d2e8c8c5e5fdfc810a022c198ed1711184f63de8b86f3bfe1e0b9745e7b6df0c32b9c6a2617b51cded48f5482e7333013798a68cb917862afc5ba0ea4d57a5f9b8c6af94b36171f836a83678eec8906ffb4fc64a0a956a0ab3464a89d2f09137c576f1226a56b2e9a5c382431a0da1822a10f198c3254a06d2d5c23848615f4065973a2f48f339274"}}, {0x4, &(0x7f0000001d80)=@lang_id={0x4, 0x3, 0x448}}]}) (async)
syz_usb_connect$printer(0x3, 0x36, &(0x7f0000001680)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xf, 0x80, 0xd, [{{0x9, 0x4, 0x0, 0x38, 0x1, 0x7, 0x1, 0x1, 0xd, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0xc3, 0x9, 0x2}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x3, 0x9}}]}}}]}}]}}, &(0x7f0000001dc0)={0xa, &(0x7f00000016c0)={0xa, 0x6, 0x300, 0x3, 0x0, 0x3, 0x10, 0xd}, 0x5, &(0x7f0000001b00)={0x5, 0xf, 0x5}, 0x7, [{0x4, &(0x7f0000001b40)=@lang_id={0x4, 0x3, 0x812}}, {0x5b, &(0x7f0000001b80)=@string={0x5b, 0x3, "b4e737f42a3bc98e14b6ffa716a8a65c6fe12f67137090d43758e0dd0adab79cc3df5b242d41ebc929747fb2008716aa885a74d57b4bd086b32ac39c0de2991174559c222df3a9b20211cc8ad0033984ebe6227a5dc5917de3"}}, {0x4, &(0x7f0000001c00)=@lang_id={0x4, 0x3, 0x3c0a}}, {0x4, &(0x7f0000001c40)=@lang_id={0x4, 0x3, 0x42d}}, {0x4, &(0x7f0000001c80)=@lang_id={0x4, 0x3, 0x42f}}, {0xaf, &(0x7f0000001cc0)=@string={0xaf, 0x3, "cf1b381687e1fe97e33e4569d3ff044d8fb0139f4a40b5db4c47fe2e6d75f32accaab0965d2e8c8c5e5fdfc810a022c198ed1711184f63de8b86f3bfe1e0b9745e7b6df0c32b9c6a2617b51cded48f5482e7333013798a68cb917862afc5ba0ea4d57a5f9b8c6af94b36171f836a83678eec8906ffb4fc64a0a956a0ab3464a89d2f09137c576f1226a56b2e9a5c382431a0da1822a10f198c3254a06d2d5c23848615f4065973a2f48f339274"}}, {0x4, &(0x7f0000001d80)=@lang_id={0x4, 0x3, 0x448}}]})
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x88002, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000040)=0x13)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000040010000000400ae"], 0x18}}, 0x4000)
recvmmsg(r2, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000380)=""/174, 0xae}], 0x1}, 0x80000000}], 0x1, 0x10000, 0x0) (async)
recvmmsg(r2, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000380)=""/174, 0xae}], 0x1}, 0x80000000}], 0x1, 0x10000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000340)={0x0, 0x4, 0x10}, &(0x7f0000000380)=0xc)
write$dsp(r1, &(0x7f0000001e40)="9d5e7dd3f0c70b5424ba671daaad7227ad79c3aae51c9fbd1af2f29424cf842843090becd1c4ea46f1dff30b70bf6d7714795deed0f82182aa2638d606ea1d4406ede246805af9c9f358b950dec77256c115f51dc2915f84411627b14ed04bde0d176e248da0ef12f17ae1bd67fef29b42e6fb8f7aaff3e2ead2423773e338b30017c529f06525e4aff460696eb06843a2fd1723b3d5b342eca7f54f52dd5aa345b144fdee477ee8fa7c3d45d435677143ec3c6b92dbeb903121b0d0372164d995e0099cf3487b10f901859ed34d91a445", 0xd1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a050000e22dcbc80b47befa0000000900010073797a30000000002c000000030a01020000000000000000010000030900030073797a30000000000900010073797a3000000000540000001a0a010400000000000000000100000008000b40000000000900010073797a30000000002c0004"], 0xc8}}, 0x0)
ioctl$SNDCTL_DSP_POST(r1, 0x5008, 0x0) (async)
ioctl$SNDCTL_DSP_POST(r1, 0x5008, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x280000b, 0x11, r1, 0x0)
r5 = dup(r0)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) (async)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_usb_connect$uac1(0x6, 0xd7, &(0x7f0000001540)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc5, 0x3, 0x1, 0x3, 0x40, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6, 0x3}, [@output_terminal={0x9, 0x24, 0x3, 0x6, 0x100, 0x6, 0x4, 0x9}, @input_terminal={0xc, 0x24, 0x2, 0x4, 0x203, 0x5, 0xc, 0x51, 0x5, 0x3}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x0, 0xffc, 0x2, "f95d5425"}, @as_header={0x7, 0x24, 0x1, 0xb, 0x7, 0x3}, @as_header={0x7, 0x24, 0x1, 0xe, 0xe5, 0x1001}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x8, 0xfc, 0x0, {0x7, 0x25, 0x1, 0x81, 0x4, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x97, 0x8, 0x5}, @as_header={0x7, 0x24, 0x1, 0xf, 0x40, 0x1}, @format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x1, 0x4, 0x14, 0xc8, "e2169d", "0e863f"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x9, 0xd, 0x3}, @as_header={0x7, 0x24, 0x1, 0x1, 0xa, 0x6}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x7, 0x1, 0x4, 0x81, "c606"}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x80, 0x0, 0x4, {0x7, 0x25, 0x1, 0x2, 0xa7, 0x40}}}}}}}]}}, &(0x7f0000001900)={0xa, &(0x7f0000001640)={0xa, 0x6, 0x110, 0x1, 0xf, 0x0, 0x20, 0xcb}, 0x156, &(0x7f0000001980)={0x5, 0xf, 0x156, 0x4, [@ssp_cap={0x24, 0x10, 0xa, 0x12, 0x6, 0x3, 0xff00, 0x1ff, [0xc0, 0xffc00f, 0x0, 0x0, 0xc000, 0xf0]}, @generic={0xd9, 0x10, 0xa, "6995731ab8d5458f4bed112554ae2def42674fba8b964305ec392af8c14673acf2d0cd5c8840246e58c57c7953d12ebc112e37d9657a7c93cc3e5776e93560c627ed82c488532eb6a54ddbed35d97e21aec2851f8bfa46e76aaa265c7d241f4fd56ad0ce3666c72ef717edeb16ceb36ecaa3d14194efce27809fbb34f229933a7472329004c69f3951011dd428137502762204703c4a9211c0af0fb9b3f1fabd063ab061ed5dd7e1487bd146917e675a84435f3a37a532e38ef988ff70753b4af91c8166568c72636f634216f26729ae18d816c20523"}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x8, 0x3, 0x1}, @generic={0x4d, 0x10, 0x2, "5d0088b88f6f53edc4aa9df28e54333479964623b173a5371274b7f78095a7c22f523627de658f77d8ef6b193efd02d614e6c07c931b8c3d3aa5e6851d0a0db547f51b2c652642031ef3"}]}, 0x4, [{0x93, &(0x7f0000001700)=@string={0x93, 0x3, "4090a5f4206d0909ec7f20ce57920be2d23c894dc7eb95ae49f4e34dbdb86230ca0ac804e8102cd3b333f1f99b941d8afe0b90a083e96ddc2b1bd653679325f5ee592767dd743f3a554bbdaed40c277e19a0428df97a92368cfef86203d9371a3afbb63528ea4219423b26a460bec221fb514b880c189dddfba4edef6172fea9d88a079eb4dd26c1c5330bef0bb1f2e799"}}, {0x4, &(0x7f00000017c0)=@lang_id={0x4, 0x3, 0x423}}, {0xbd, &(0x7f0000001800)=@string={0xbd, 0x3, "2676cdffeb43756bb8478125bcb4ad3d3e7f361c6105c8db166ba0669aa60b3311b83f75a7240342686d7555fb79a0c0e3808ec94b03c9d63f35005096a30e0ba4c698246fa2d695e49e20aa8a62e6b104227a97606220a8f89269dab8b061ed6834a770b49203a16cc14a0f16ff6c68d20536caa639266da344bed1d986e6c4dd8030e8007e537dff82b010055cfd4df7466c80950fde48e22508710ce10ca40b23cfcdeaf707476789b1bb4c454e7148ac698632d16ed2286a1c"}}, {0x4, &(0x7f00000018c0)=@lang_id={0x4, 0x3, 0x340a}}]}) (async)
syz_usb_connect$uac1(0x6, 0xd7, &(0x7f0000001540)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc5, 0x3, 0x1, 0x3, 0x40, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6, 0x3}, [@output_terminal={0x9, 0x24, 0x3, 0x6, 0x100, 0x6, 0x4, 0x9}, @input_terminal={0xc, 0x24, 0x2, 0x4, 0x203, 0x5, 0xc, 0x51, 0x5, 0x3}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x0, 0xffc, 0x2, "f95d5425"}, @as_header={0x7, 0x24, 0x1, 0xb, 0x7, 0x3}, @as_header={0x7, 0x24, 0x1, 0xe, 0xe5, 0x1001}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x8, 0xfc, 0x0, {0x7, 0x25, 0x1, 0x81, 0x4, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x97, 0x8, 0x5}, @as_header={0x7, 0x24, 0x1, 0xf, 0x40, 0x1}, @format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x1, 0x4, 0x14, 0xc8, "e2169d", "0e863f"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x9, 0xd, 0x3}, @as_header={0x7, 0x24, 0x1, 0x1, 0xa, 0x6}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x7, 0x1, 0x4, 0x81, "c606"}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x80, 0x0, 0x4, {0x7, 0x25, 0x1, 0x2, 0xa7, 0x40}}}}}}}]}}, &(0x7f0000001900)={0xa, &(0x7f0000001640)={0xa, 0x6, 0x110, 0x1, 0xf, 0x0, 0x20, 0xcb}, 0x156, &(0x7f0000001980)={0x5, 0xf, 0x156, 0x4, [@ssp_cap={0x24, 0x10, 0xa, 0x12, 0x6, 0x3, 0xff00, 0x1ff, [0xc0, 0xffc00f, 0x0, 0x0, 0xc000, 0xf0]}, @generic={0xd9, 0x10, 0xa, "6995731ab8d5458f4bed112554ae2def42674fba8b964305ec392af8c14673acf2d0cd5c8840246e58c57c7953d12ebc112e37d9657a7c93cc3e5776e93560c627ed82c488532eb6a54ddbed35d97e21aec2851f8bfa46e76aaa265c7d241f4fd56ad0ce3666c72ef717edeb16ceb36ecaa3d14194efce27809fbb34f229933a7472329004c69f3951011dd428137502762204703c4a9211c0af0fb9b3f1fabd063ab061ed5dd7e1487bd146917e675a84435f3a37a532e38ef988ff70753b4af91c8166568c72636f634216f26729ae18d816c20523"}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x8, 0x3, 0x1}, @generic={0x4d, 0x10, 0x2, "5d0088b88f6f53edc4aa9df28e54333479964623b173a5371274b7f78095a7c22f523627de658f77d8ef6b193efd02d614e6c07c931b8c3d3aa5e6851d0a0db547f51b2c652642031ef3"}]}, 0x4, [{0x93, &(0x7f0000001700)=@string={0x93, 0x3, "4090a5f4206d0909ec7f20ce57920be2d23c894dc7eb95ae49f4e34dbdb86230ca0ac804e8102cd3b333f1f99b941d8afe0b90a083e96ddc2b1bd653679325f5ee592767dd743f3a554bbdaed40c277e19a0428df97a92368cfef86203d9371a3afbb63528ea4219423b26a460bec221fb514b880c189dddfba4edef6172fea9d88a079eb4dd26c1c5330bef0bb1f2e799"}}, {0x4, &(0x7f00000017c0)=@lang_id={0x4, 0x3, 0x423}}, {0xbd, &(0x7f0000001800)=@string={0xbd, 0x3, "2676cdffeb43756bb8478125bcb4ad3d3e7f361c6105c8db166ba0669aa60b3311b83f75a7240342686d7555fb79a0c0e3808ec94b03c9d63f35005096a30e0ba4c698246fa2d695e49e20aa8a62e6b104227a97606220a8f89269dab8b061ed6834a770b49203a16cc14a0f16ff6c68d20536caa639266da344bed1d986e6c4dd8030e8007e537dff82b010055cfd4df7466c80950fde48e22508710ce10ca40b23cfcdeaf707476789b1bb4c454e7148ac698632d16ed2286a1c"}}, {0x4, &(0x7f00000018c0)=@lang_id={0x4, 0x3, 0x340a}}]})
sendmsg$kcm(r5, &(0x7f0000001500)={&(0x7f0000000080)=@x25, 0x80, &(0x7f0000000200)=[{&(0x7f0000000100)="57b20b3d54c4f0a17a887d397838bbaa217aaf47f5b84c3cec97af51ea8fe88884d5f4555da9d7374f42e98cd9323a97697eb35a8e9555ca0fb2c96599a36027c7bf4e984277c6e5216a2f22d532b3304865d29d31168ab0ff6fe55fc0ab09773d57f8515f6d27c032b69e6a81e83b988a381758f66ce0654185f6f93fb2bf248dc6760b9af22c7c2b2306ae7af2ce1b54e4c992389ea917b9bfd16332999b760c30c5fc38bad7d837d22b2525a502d509549943e90a85ccd4929fc8a8b94287c7126b63a9075fefc372d9ac4609cfbe5b65422a3473efd939", 0xd9}, {&(0x7f0000000280)="b0f4cf274797eb0f0f1d6a7b93ae1abd56b40e2df1669104e07a0f562ac15c9a371f096cfb53466689b09d91aa064fad0958e50429cc9cdad66b97ce16a097db0de6deec7b23d35cf7a65edefbd056ad4ce494cc1335ecd2875fd7ed7457632021e4bf366e971903f567321502058eb171bea38f53df1d03aa6b1a3e2458c8f434321e7c2e1560b4e86946ed540635f837c8bb23ae89d143671abf9402ab2ef491a2b38f2d77c5fe586ca24df2197f050e8ad4d940e88f5d084e95e469e0209122149290f29ac2c00a359b2364f07fbf289e40375e48e4a573a999d96bff48d67f637c9370b439f314fd5bed9f3e21cb343385822f50175a7187ed93681d720b8ed55e35bffcbac8db336932ee23a8d5b543a2024aa01390d40eb8137fb8c8215aedc61bae7ef9be8782bc4169c2a975c4298c0e370889d0a6afc4b7f44d66dcd9876ab8a962dd840fe9c5988483bd1d9e46e2cf43bbfe7774941a599b1387039f0488dd819e03228addb292e6e437164d026243c0d40c41bbe939d06317ebbc0d4f98fa425f1c72c79a0c94c6a191412df0dc40f7de5c566d35a6328503571f881f5040f9a3de2eed3e520fd6eb370727cc391d0ee1d25394ad37b1ffbc7e18a86fb29b988e80d1d4ce34b64f9903f6c4d544dbf6c437f3d695e59a924950406a32167d8e579a44139a6acc8f0a69c9bebbfc06cc870c2f60f4639c739638617ef3581249a55cb24d9d0318b66eccecfd5df0b31a898ef367844b22f1bf87da6f51b9af33109d4c4aace7f0e5abdeedc75cc3cf7048c1e3c90d4f91d3098a522e07b05420a36b32d8059e8829cefaace6a946c51eeb8d12f7ffc3ffd04bbf6d116e6e29662fcb0e94df0fae08b5d0deb7ae32794313a3e49c9a33dc53427f6f36576f5d96063b96f1597ae3d6b2c5f514f253c2c7de3af2dd5f6922345e7d9f270cdc5763cb3a54fdcc14a103dbb0a3031cec6475e575668ec42cc767390c59ece603a8b428e4c7bbc7c239b78d6eefd64cff067ab6922b3cee0d580e188e3728e25272f05679205d1d833aa0c74287092656c406609a015fd32e6c77bdfefb6b714a2a7e9285649c024156b5f29b46eb52cc99fbd8026400e2826cf8d600ee0190eee34edd49992802a7af12717eb078af8818f718b610f6e48552ef2d815d5143f03384a93bd5e024fbeecff5d5bf85b489e0a438fddcb9c59906a59cda898244df06c1d9b469456131b122782174b0b470b9ca7abfa01c4df28f66d0d72acb7ec9e0f73dd22b6659db9d9ffcb84498c265a76520d6e145b6106f313d8f9f7c7fabfc24a5624adba3f8eda6f17b1be50adb20136242aee81725afb48adf50a88bfa6e0378080043405712ac9e505a5c4e2ac37cc169a0b1f4972651a24a7c3e6e46416596285ac54983d3faa059bc2805224a504dade6560450083df8e7caa759664f68e48f883fb1e20557afc525c8a58f590b51e61a12d3b44112340a44b69eed65287baad7333598d205fccdc4c4456be4a886d1202f0e9d3af863b1e9e28e2c176f915cc9ab60b0145c59f740184d49bdba90d99bca43c06e85075753b2dec7d28501ea4a7abcdd4f757189d7e673f7f98f50cc1bed91832270aa5390c56963a3c967c60a4c033ed83a44be9e868e4e3929b9209b38b5ebafa62a4fe64b4917864ad053aee7e43e3a3e2bea7548c344cae8b2b75a499ea2c839655e8d8a5333424fde70d78ef8c62d65846996ffda053e81a65ca59b761daa552b0d86b1ccabc1c9b7585af92bd86ed817975f6e92310e1fa08906b92f6bb732783f80c8045d86158aa2aab26ba553e4ee9cebe794bddc35de4a1d4d6c79493f6408b10ccb4d4381ef18a1e1d40d6ccf8123e190b5a4681cbaa7e7c5408ea6ea9433f5a717b85c3b22a62f3db2483e023aeabb10385332770a93bc9cd9cc27d25a5463b16377c84f40f4759e0c997660214e43a67f77c2ab8865eb2dfd29d62576608a68d55645d7d8e9f51e95409694ef5acc3f4e815bbc7f78bceed1562d05bca20fe177c1d2e3648f01bf33a4bba57ce9d49bd529bbbe48ad0d7480ebe4d618b46cb927c906a39d1bfdbc7a50c5415bda0e41fa0dfebc0f7f8d2480882dfe3caf3415c8bbfd7b53d1c3ff7714bca70d6fa549167311e29f999e100a9b09ac68b614de1a8f55b382ea65aab11d12a9ad94258aa32571e957398bc2d81a59dec33f4477e102c0543ddf8e5ea47e25e78fbe64ff368eca05ea90ca9679fb5e0f1afd6250d7f60aff44146d304914894743505cfbca6109a9e909fd338dbb8637e90592147687bc170692d26e7ede24d797801c0840bc8219355a0648534eacaa6b6505e194e49f3e56609920c5cf2fd2f23a24cfd3baffcba9f81903bbcf39f945d93c5b6c65f1ed1848231c9fe6b286fcfcbb5d2b347c63bc00594480a22ac3fccf9bb362a8afbca99328ca51cf61555ff09bdfb121585670b8098e409dc06f95ec9f78a49ed6658219cb916258c371bcdb36c36302e4b69cef0a79ea26bae6f6f4bbef609dbde2354e80824f44d93496ddfed723e477086add34044d7a5677083a1e79bee57450592ec783880680de475a3e1f7c1f8367b1e27a057b4ed450f5166f31abf757825e448af56ee8d475a77a6cf481e516aa884bce9c9c00460186c41860595176944c94bc68d9e1a074d3d4ec26d253bc9a6224e03ee7c81e88df498ce756843e7232d73cdb56bf1d2ecd4cf6ba85fc005ae53e26daaf6cb9c306e8e23b882ff52272d835cb4cfad274e401e975af9eddfc80d4e5fde9c7b90ddb5fae1ed5f483bc57319f66def6024b123f751a2b2453382294c025f428f5d7b6e9587036f7f8304065d79eced731b0ca612ceefaff5a56de3f089de7905e7f14ccbdad8536e649469dae3d1da5cc36cfcb8f90191c5c068f43c3006e331af2e9039726a1298715246899ae5413bbb251177c1886bca283cfe753480bb604bd8d7c7007db7a9bd73975e1f11937f6e1c09a6086a4bcd9f71bfc55949178943c2cbb598683d7999895edf580b9aeaaf495ac4fbb85ca3acdcdd756948332c063b4184bcd2893a8fa79f08284bd0cb0ad474449c275208a2803fc6db6d6b4ce372b309dceb08ffb456e526f6fee38b3fd1362e4ad9c91d9df2b700cc387d231bb7976155ffd6bb6e48f534264dc0d9e518df868efdb570db9165e7af2b48aa16eb1172109ffca62aa99bcb586f423fbe712dab92b2b36c3a1295969936e07d0778906bc9853ebec739e015ca78499175a7ccf29e8e10199a24a9fe22fdf4769c8066b7ef238c8d90599b70d14d0cf8979e284e24947f980f8ce2df6da4c1583509ff18f20b75d22249d9a78b6a0cf28c098c340d30abf3138c643eecc18d41eecd67c8ac124629e0f459b7fa4d86bac2b192a937c6bfbdf0476c9f242fa1026b22fb3250da1fa1a94fc955bdf9a031107bef238c8edacfb59dcf3f6fdd2925da5c4b775f4bacda2e86d8df2dc9eaa2a75b297241eb4c73a84913dee0b70353a3ac12cc33dfe12262573e7d8e5a527470490659ce8b3ba0518096f922a2cfa967d9a19e0be731aca4090533ad0b2d1b96fbba7d1a706002448e8bf9664f2aee701d0f516425b2058357a5e25b68d407bb578727b6b3731e86d4884ff456e3da7f2ba2aeefedd65bdf1d4ea06c026e2937b087c86aa168c01fb9959dd013dc5a63f633af51940402ac05ea5cbc4b17dc54db2cbdf892012b30064a5386046ff4e3c8c5671c50af00977d675810b72e40aedb8660ca3dd80682e52099ceed7f25d962eb15135a6f210046c10784656b6c277c9abccabca437ee97b4fdd67959ec19f842efa1342898434cebee50f35c9741e40243d19b194c4bee5c221835433e756310b1ea8f64d60cf7286bea7ba1a29cfe611e8490738e0f3fdca7c5c18658bfb1ddc33c57b5bb47f098bf34f37dda8dec2e3dc55dffe42cd3cfd0911858009e49f587682370246939a572e849da6acfb64b4a2b3d3350083a58622ac88befcf42c8ed279d7ed1677c08be8db530c8e34ea2319ca56ea1ed4504edcba4bc75044922985857479379ab84edfd12538adb91a1d66204f03e2531ac7383acc82f54f536f6333750d865202c04cbcf95d5aca0cb53e53c7a4925417b8a46153dbac11583758456cb78501e6601e6cbd616c401a10fa982e26ebde3162eac55bd907616959cc8408ec681b84f4057e36bd5f5a63c40205d373c14a77bc8bfde353b54a9acae5627b50a30a5a6567f9ee015e0081c58789a4d651d69964c9b9b8e0cd58830c1f894322ccdc8958aa1660296d49ee55a4207177b49173ff89c6e294826c9538d8972282e7b05b2fdaa8bbb0f6bb7cc4772a497186d7d189639fb9d7e06d2728f2a0c6fa5b736b7e6cc7d3cfc38c5ac8768533dd051fe652b514d6ea8a294ecbe18de4212aae278a1f8e8c05360bec64d08c8699c21f5a4eb3d2800c3a7dae305fc241a7395cb23f7dc57a48376dc1cfdb9b655e7aced60106bbf9a15014f4fbb41bb88595673e1d79ca43e656b58ddee16fd26eb21f5bc3615b3264a0d07b10293ad859e74983fd279b422126ba2d48e3ec97bcedcdc0bc544c7d84faebb0d48a0df5dceb97c0f8c8fde1ee416db0a76ec3e2e47ff613f6533fec4c978cb2d3fa2d7cb4dabee612ab1f707a58970450b8e9cdc10c482c66bf3fb521c8f178e969e7aaf5ab8350580ebf8f56b3c391d3518a2be740cd737cb22edba30728c79b6d6e78a941f95e8f301eb9e3a7c77f0f71fad9a6ed583de7da842c5ecbe1688d8df2e0e75c0eabdaa2edf27ec94d0d2b20c18c27ef67ac319ca40f96e9d66462e7078ecc2d5c7789d250782c079f3250e433f8412bdfe3d4ec0684763d63fb9448b2887bd53b5abedd5ac888d53b370ec50b06d759e6b51ad8c592942be9de136456e809086a6e3b958794df1dbaede131783ebbac0111bc37f31d38707a29917c59fa1d0eef8d0d794eaad74f06a1ef2751b18830025064591cd88eff99a408ecda7a68e56556316310a0598cb29cac6b295467930b20d1d706f877dcc2f0d0d4c0d636dd903c31e5f5fd157b2cb67bee3c5a6b402240db56f21245a04d8d7735cddbcef19b32da76a12f39a489ed4e241144ca80db5e2848e8ff873b2ad39e99b41ca68377b0e7fe3aad99a8ba360caeff699579d00e35a1848274eb5e85e5c2434373d74a9686d958540652669bdc8d307915a4ffe5db288c28599a2ec724f1aa2d53b5965e4f9cbfd64802972c72197c8f8d9bbc8d10d3b34553b12406199baa2c31868171d5a964cac9a0174eaf9febefab2862b9210d1593cf5dcceb4ca4722078185e418f82b13c55a53249042ce1b775ece4f194c973effaec4401560be0d747ef6e1fc92f9d032f438c788678bf482d874128b88c9575402a07c2c6e744823bb11709476c1a281f31090bd4bd6b7cc3039e4d907d6379f8012b004088e3184503001b09d837e054b351f5fb3a17b25ac40492851963eec6c5565ce87ca1c51e8866ed0947b863571e3f7b8b87667628eeafde6f27b45c768b20a39ff358f41419c9291cf430da35377c31d770ed2b84404ac649b5b4fb5b2e1901084a06daba0f028e16f9e26fcf20193e381fcb511bacf37d38d4c91da2296b25ba64fa63ec9c469730fdc5320ea0be5027da28d11b9933b30d7ab9fab4a0057a35b72db81d07a0ec8b7286429b6e8f1cd07f9cb44b57fb332d95072879b8a1c692b7b45d8cb046a3cfee91fbc5352452c76111b7312da589f78fc2312e19229fdddc", 0x1000}, {&(0x7f0000001280)="98f57cbd3f217493fb17e9f33f26ff2f3dc2d3403b8a5299995b9a872db7898bb391abc6df283bc8ffa21b2892396c494853647425b1c6dfed585ae2d6b57f97bf1b35f596babd7a796203c711d009582a", 0x51}, {&(0x7f0000001300)="104030401a0e0f504c5e9d54b92be1c36525c9d7a2419b91dc4ec435375aa57f0e07767b83c5f367a54bbc1c1f72253debe5ed9fe41c6826198ed05a956d2ad7fff869abfaf4b8d7ed3b71d5925cda7b738262c65c6078d3b9cd90ddbcaa7c38b57f3a1d6c26a4136b1e9ba96530b98c65cec04c1a3be1076530435c1ced7b14189adfddca36b40e7aacf069e1b54bcfed6c4f2b11e513e00e4642f9493d57768233e4ade93c3eee728d433eb29f7a335c5a8bd24567d23fc9cb0cf1b451168ad3d3f0d2", 0xc4}], 0x4, &(0x7f0000001400)=ANY=[@ANYBLOB="f0000000000000000d01000000000100f7cbe360c669e42c7570a525743ace22270d00f826086a805bb8681d941229e10a6c66ded2a11ee207d9e8d3c28b0bfbe7813b28ea0c940bba7033f1a5de385f624a25e2cdbcc921a0f207bc5f26de1dca03a3822375f594c73552637db7ef5b29cc78c12e7e57a68121b1f83fa0d9acb2f54105e4c8dfad59c182767290635087ea75803f3e6464608470cc022fcff8eee6ff006b2caee2a9a6e5c770688fb5729a9efd150196a2dcf42c7a6f661c432b0d40eb525eab0474f6886a00f7086fd3d9ccc79d5c5fee20990b0e7996369f78da7233de40e06e543cb500"], 0xf0}, 0x20040000)

7.43702142s ago: executing program 4 (id=6312):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) (async)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) (async)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0) (async)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x2000, 0x1) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x8, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_usb_connect(0x0, 0x24, &(0x7f0000001580)=ANY=[@ANYBLOB="12010000c166a0108304341276ff000008010902120001000000000904"], 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20) (async, rerun: 32)
renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000200)='.\x02\x00', 0x4) (async, rerun: 32)
setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000000)=0x9, 0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005740)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfff, 0x7}}]}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4640}, 0x0)

7.158471167s ago: executing program 4 (id=6314):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, 0x0, 0x40001)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x3b9aca00}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

7.063089534s ago: executing program 4 (id=6316):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r2, &(0x7f0000000240)=@other={'trylock', ' ', 'mem'}, 0xc)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ptrace(0x10, 0x1)
bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
socket$kcm(0xa, 0x2, 0x3a)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000), 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newqdisc={0x9c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x17, 0x2, {{0x3, 0x1, 0x0, 0x2, 0x4}, 0xa4ca, 0x0, 0x0, 0x6, 0x0, 0x18, 0xb, 0xe, 0x3, 0x9, {0x10001, 0x7, 0x2, 0x7, 0x2, 0x7fffffff}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x4, 0x7, 0x6, 0x0, 0x1}}, {0x4}}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4c840}, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0xc000)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r7, 0x1, 0x8, 0x0, &(0x7f0000000200))
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0)

6.15753803s ago: executing program 3 (id=6317):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
preadv(r1, &(0x7f0000000540)=[{&(0x7f0000000080)=""/91, 0x5b}], 0x1, 0xfe, 0x5b3)

5.938291187s ago: executing program 0 (id=6318):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000020305030000000000000000000016b9080001000157a292deef9f8de86e8a15a7ff2c2d063b47220b936ff5a5d38147d7c4517e32f0f41e824ab9179b314ce51833eac60de2f2fde5fd2334587e8a417aaaf106e152d7751e49a2356f47c7254d0860446ca8653d944a58b2a844012961abaea8f2b5b678f28e5e4f4e078812b9e2c23205fa4818486ccaee2fb5fe2ba117d0555629867d27aec10ce27306aec1fc74027d897fc880a6eb46e4ebb15fb06e5880159f719f626148039903ca0b47bb54cd452f9c044d"], 0x1c}}, 0x0)
write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x28, 0x0, 0x1c, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)

5.69662684s ago: executing program 0 (id=6320):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x20}}, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100, 0x0, 0xffffffff}, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000008009b000040"])
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000c00)=@newtfilter={0x24, 0x2c, 0xd29, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r4, {0xa, 0xfff3}, {}, {0xc, 0xa}}}, 0x24}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)

5.174213416s ago: executing program 2 (id=6321):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x20010, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x314b, &(0x7f00000001c0)={0x0, 0x7ad1, 0x200, 0x1, 0x2f4}, &(0x7f00000000c0), &(0x7f00000002c0)=<r5=>0x0)
r6 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
ioctl$I2C_RDWR(r6, 0x707, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000340)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000300)=[r6, r1, r0, r3], 0x4, 0x0, 0x0, {0x0, r7}})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = memfd_secret(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xf654, 0x40, 0xffffffff, 0x94}, &(0x7f0000000000)=<r10=>0x0, &(0x7f0000000280)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x24000055, 0x1})
io_uring_enter(r9, 0x47f6, 0x0, 0x2, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000040)=0xff)
r12 = socket$tipc(0x1e, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bind$tipc(r12, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r13 = socket$tipc(0x1e, 0x5, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$tipc(r13, &(0x7f0000000240)={&(0x7f00000003c0)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0)
r14 = userfaultfd(0x80801)
cachestat(r14, &(0x7f0000000fc0)={0x7, 0x294b9e89}, &(0x7f0000001000), 0x0)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x6, 0x7, 0x1000000, 0x9}, 0x0, &(0x7f0000000680)={0x7ff, 0x2, 0x100000009, 0x7, 0x4, 0x9, 0xffffffff, 0x7}, 0x0, 0x0)

5.090577017s ago: executing program 0 (id=6322):
socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x10000029, 0x0, 0x0, 0xb49, 0x7, 0x9, 0x0, 0x3}, 0x0)
r2 = accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCDELRT(r2, 0x890c, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r3 = io_uring_setup(0x58c, &(0x7f00000001c0)={0x0, 0x6714, 0x1, 0x3})
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', <r8=>0x0})
setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000040)={r8, 0x1, 0x6, @multicast}, 0x10)
setsockopt$packet_drop_memb(r7, 0x107, 0x2, &(0x7f0000000080)={r8, 0x1, 0x6, @multicast}, 0x10)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r6, 0x0)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r9, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
close_range(r3, 0xffffffffffffffff, 0x0)

4.99564954s ago: executing program 3 (id=6323):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000008c0)=ANY=[@ANYRES8], &(0x7f00000002c0)='syzkaller\x00', 0x3, 0xc3, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x13, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffff83, 0x0, 0x0, 0x0, 0xfffffffd}, [@map_idx_val={0x18, 0x4, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x20007}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6f19}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000040)='syzkaller\x00', 0x3, 0x53, &(0x7f0000000180)=""/83, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0x2, 0x6, 0x1ff}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$key(0xf, 0x3, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xfc, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x54}, {0xac, 0x5, 0x0, 0x7ffffcb9}]})
close(0x4)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ptrace(0x10, 0x1)
landlock_create_ruleset(&(0x7f0000000080)={0x800, 0x2}, 0x18, 0x2)
socket$kcm(0xa, 0x2, 0x3a)
add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000040)="00000000f5ff", 0x6, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbff, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100)
r4 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x80200)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", '\x00', "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
r5 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000340)={"6d71f879", 0x5, 0x0, 0x0, 0x7f, 0x0, "244a18d1c4e6469a005caf0c0ff58a", "ce4250d8", "bf513d1d", "934712b9", ["4c995e8ac700", "5e10229555954b0f02cd1469", "cb0e83d38d5978155c384d00", "79f56ca733270000a829edbf"]})
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

4.786404877s ago: executing program 1 (id=6324):
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x24ac4, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
close_range(r1, r1, 0x0)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)

4.465571613s ago: executing program 4 (id=6325):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000040))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x414040, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
pipe2(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4800)
getdents64(r4, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x24fc, &(0x7f0000000080)={0x0, 0x3e61, 0x8, 0x3, 0x0, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
fallocate(r4, 0x8, 0x3, 0x84)
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r9, 0x163e2000)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_READ_FIXED)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000001c0)={0xe886c5ffc5249171, 0x4, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})

3.960860659s ago: executing program 2 (id=6326):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000004700)=""/4098, 0x1002}, {&(0x7f0000002500)=""/4137, 0x1029}, {&(0x7f0000000340)=""/181, 0xb5}, {&(0x7f0000000140)=""/175, 0xaf}], 0x4}, 0x0) (fail_nth: 3)

3.910389777s ago: executing program 4 (id=6327):
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8916, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000100)={0xfff5ffffffffffff, 0xa00})

3.180744264s ago: executing program 4 (id=6328):
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
syz_emit_ethernet(0x9a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603000bb00642b00fc02007fbcec7a4d6ba6df4d91bdcd0200000000000000000000000000fe80"], 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000180)=ANY=[@ANYBLOB="faffffffffffffff"], 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='0.::/', 0x0)
r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002340)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)='O', 0x1}], 0x1}}], 0x1, 0x8044000)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r0, r1}, &(0x7f00000000c0)=""/83, 0x3a, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)=[{{&(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'veth0_to_bridge\x00', 0x10})
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00')
unshare(0x3e070f00)
syz_io_uring_setup(0xf04, &(0x7f0000000180)={0x0, 0xdb0d, 0x3f, 0xfffffffe, 0x24000}, 0x0, 0x0)
preadv(r5, 0x0, 0x0, 0x8, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FIONCLEX(r6, 0x5450)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r7, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r8, 0xc01064c8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r7, 0x0, 0xffffffffffffffff, 0x1})

3.063693071s ago: executing program 0 (id=6329):
r0 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$MRT6(r0, 0x3a, 0x1, 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @dev}, @in={0x2, 0x0, @local}, @in={0x2, 0x0, @multicast1}], 0x40)
r2 = syz_open_dev$media(&(0x7f0000000000), 0x10000, 0x80000)
ioctl$MEDIA_IOC_G_TOPOLOGY(r2, 0xc0487c04, &(0x7f0000000840)={0x0, 0x7, 0x0, &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}, {}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendto$inet(r1, &(0x7f0000000300)="faab", 0x2, 0x44054, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)

2.986219156s ago: executing program 2 (id=6330):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x54121)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x5, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000500)="43dd935738", 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r1, 0x84, 0x80, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000200)={0x0, 0xb2b4}, 0x8)
sendto$inet6(r1, &(0x7f0000000500)="a4", 0x1, 0x404c891, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x90400)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r4}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r5, 0x800)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb34902, 0x1000006, 0x28011, r7, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
fadvise64(r6, 0x18, 0x0, 0x4)
r8 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r9 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$setperm(0x5, r9, 0x10000)
keyctl$KEYCTL_MOVE(0x1e, r8, 0xffffffffffffffff, r9, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000040)={<r10=>0x0, 0x9c7}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f00000000c0)={r10, 0x168}, 0x8)

2.87625975s ago: executing program 0 (id=6331):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a00"], 0x44}}, 0x0)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff"], 0x3}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)

2.722340653s ago: executing program 2 (id=6332):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r1 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r1)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$netlink(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000))
write$dsp(r2, &(0x7f00000012c0)="a5287683", 0x4)
syz_usb_connect(0x5, 0x3f, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r5 = syz_io_uring_setup(0x10d2, &(0x7f00000000c0)={0x0, 0xd69f, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r6=>0x0, &(0x7f00000005c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x1cd83f7c25e05491, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x1, {0x3}})
io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41)

2.498348231s ago: executing program 1 (id=6333):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
preadv(r1, &(0x7f0000000540)=[{&(0x7f0000000080)=""/91, 0x5b}], 0x1, 0xfe, 0x5b3)

2.147699781s ago: executing program 3 (id=6334):
openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x1e1081, 0x0)
syz_open_procfs(0x0, &(0x7f00000020c0)='fd/3\x00')
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="16011003e236bb40f00a57d30000010203010902"], &(0x7f0000000380)={0x0, 0x0, 0x23, &(0x7f0000000140)=ANY=[], 0x1, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x814}}]})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900016673797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001e69504fe84eac7cfc09e4bdffdb2d306f1be9a254ab3b1c7f07bc1a0f339aea8ab01122295d1e1f47ebf8cec67bf47ce56dafcbf4b3ffaca18822b05403cd4e8b0a5f8c6f34ed9"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r1], 0xa8}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
unshare(0x22020600)
r2 = mq_open(&(0x7f00000019c0)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0)
mq_getsetattr(r2, 0x0, &(0x7f0000000180))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40002001, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f3021600000000000000200000000200090008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fcff000020030005000000000002000000ac1414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRESDEC=r1, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x8, 0xf, &(0x7f00000000c0)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000b9658c8b8500000084000000b7000000000000009500000000000000", @ANYBLOB="18000000fbffffff000020000800000018110000"], &(0x7f0000000080)='syzkaller\x00', 0xc, 0xff2, &(0x7f0000002e00)=""/4082, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000200)=@attr_other={0x0, 0x0, 0xfffffffffffffff9, 0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000906010a000000080000000000000040"], 0x14}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r5 = fsmount(0xffffffffffffffff, 0x0, 0x0)
fchdir(r5)
symlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000004540)='./file0\x00')
syz_usb_connect(0x4, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xf)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

1.855391116s ago: executing program 0 (id=6335):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r2, &(0x7f0000000240)=@other={'trylock', ' ', 'mem'}, 0xc)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ptrace(0x10, 0x1)
bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
socket$kcm(0xa, 0x2, 0x3a)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000), 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newqdisc={0x9c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x17, 0x2, {{0x3, 0x1, 0x0, 0x2, 0x4}, 0xa4ca, 0x0, 0x0, 0x6, 0x0, 0x18, 0xb, 0xe, 0x3, 0x9, {0x10001, 0x7, 0x2, 0x7, 0x2, 0x7fffffff}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x4, 0x7, 0x6, 0x0, 0x1}}, {0x4}}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4c840}, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0xc000)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_int(r7, 0x1, 0x8, 0x0, &(0x7f0000000200))
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}]}, 0x34}}, 0x0)

1.494361591s ago: executing program 2 (id=6336):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x2e4, 0x30, 0x8, 0x71bd2a, 0x25dfdbff, {}, [{0x2d0, 0x1, [@m_connmark={0x10c, 0x1e, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1f, 0x7, 0xffffffffffffffff, 0x400, 0xfffffffb}, 0x1ff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x4, 0x5, 0x9, 0x8}, 0x101}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xffffffff, 0x1, 0x6, 0x4, 0x73c}, 0xe}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xe1d2, 0x20000000, 0x60, 0x7}, 0x5}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2, 0x13, 0x10000000, 0x5, 0x1}, 0x8}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x800, 0x1, 0x0, 0xaf4, 0x80}, 0x8}}]}, {0x31, 0x6, "67c7b27a4378851b97aa66571d5b0cf966a6054542e229656184b141f750d40363b299ea9d7c35bce4cfef9dcd"}, {0xc}, {0xc, 0x8, {0x7, 0x1}}}}, @m_bpf={0x158, 0x10, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0xf4, 0x10, 0x10000006, 0x8, 0x8001}}]}, {0x115, 0x6, "bd3a5376a2440c64d63131d16d2a624d085a1be90b436fdedf917bc516ca66614fddca19760ef37b4272893313d629bb02bcd42142bb0469eba6b0eddd9bc3612d9b46894f145f45c8a9b5bb716f4a44dc897bd951f9775a35dd8303b774f0c02924dc414d297ae96eb8e355b82964c86c279d855a9fef3c62c08078ba1a7874a20f81788020207506488a290c662441146e6caf4c5a0f9bd39fe780c6416956f694193cfd5194633fbfd3cd176b91f81e9a303cd6ce7f9b893e641ed7d2c47bd9608499a7fa71038448cb8149d48e0d8d1c432dd9edf5367fd62d29e807d9217e1bddbfe990a31b89588af317f751300107fdc49f37fb13128dedaef09fa8e02e6b04fd63e6e465947c8a834ce4371830"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_simple={0x68, 0x2, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x5, 0x2, 0x6, 0x141, 0x7f}}, @TCA_DEF_PARMS={0x18, 0x2, {0x19, 0x2, 0x6, 0x50, 0x8}}, @TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x2e4}, 0x1, 0x0, 0x0, 0x4000810}, 0x20040800)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1.404979881s ago: executing program 2 (id=6337):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0xe22, 0x0, @loopback={0xff00000000000000}}, 0x1c)
r1 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
r3 = socket(0x2, 0x80805, 0x0)
r4 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x5013, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xb9, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x800, 0x5, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x7, 0x2}}}}}]}}]}}, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xb, "e31ab46f"}]}}, 0x0}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000)={r5, 0x7}, &(0x7f00000000c0)=0xc)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f00000004c0))

1.364238092s ago: executing program 3 (id=6338):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x34, 0x70, 0x9d, 0x40, 0x55f, 0xc230, 0xb6ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf2, 0xa7, 0xcc}}]}}]}}, 0x0)
syz_usb_ep_write(r0, 0x8, 0x93, &(0x7f0000000000)="b6de784441ffabdc831e88ba61afb782205ce9eb3a73677717cc21a896665e63d287e94ab56e4b8c7e6342b0a06d41969fbed485f20287e8d3d3a98ddf1feea60183eadb7fd4cf01696752caf02acffc7fade206ad36bddff7cdd5205b0536b24df899779c0d25416e1528a4242788dfd1a33be107384709bf3a17d588e8926b17ffe026debb088985c350e03f419aaf7196e2")
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000ac0)={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0})

354.262493ms ago: executing program 3 (id=6339):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
io_setup(0x5, &(0x7f0000000000)=<r0=>0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0xffffffff, "421ae3753785251500e9e29b00", <r2=>0xffffffffffffffff})
io_submit(r0, 0x19, &(0x7f00000003c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0, 0x0, 0x2000000}])

0s ago: executing program 3 (id=6340):
ioprio_set$pid(0x1, 0x0, 0x0)
r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000480)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x8, 0x1, 0x0, r0, 0x0, 0x0, 0x0, 0x30}])

kernel console output (not intermixed with test programs):

 1607.469726][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.476251][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.546829][T26100] fido_id[26100]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1607.548622][T26104] netlink: 'syz.0.5988': attribute type 3 has an invalid length.
[ 1607.608770][T26104] netlink: 108 bytes leftover after parsing attributes in process `syz.0.5988'.
[ 1607.835372][T21452] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 1607.985243][T21452] usb 5-1: Using ep0 maxpacket: 8
[ 1607.997226][T21452] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1608.034582][T21452] usb 5-1: config 0 has no interfaces?
[ 1608.050685][T21452] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1608.060572][T21452] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1608.075090][T21452] usb 5-1: Product: syz
[ 1608.084076][T21452] usb 5-1: Manufacturer: syz
[ 1608.113284][T21452] usb 5-1: SerialNumber: syz
[ 1608.201293][T26112] fuse: Bad value for 'fd'
[ 1608.263805][T21452] usb 5-1: config 0 descriptor??
[ 1608.819924][T18633] usbhid 2-1:0.0: can't add hid device: -71
[ 1608.826488][T18633] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1608.866323][T18633] usb 2-1: USB disconnect, device number 10
[ 1608.924955][T13026] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1609.085046][T13026] usb 3-1: Using ep0 maxpacket: 32
[ 1609.099890][T13026] usb 3-1: config index 0 descriptor too short (expected 65316, got 36)
[ 1609.108763][T13026] usb 3-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[ 1609.122985][T13026] usb 3-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[ 1609.146591][T13026] usb 3-1: config 255 has 0 interfaces, different from the descriptor's value: 255
[ 1609.199629][T13026] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1609.225238][T13026] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1609.567906][T26140] ptrace attach of "./syz-executor exec"[19549] was attempted by "./syz-executor exec"[26140]
[ 1609.646615][T26138] dns_resolver: Unsupported server list version (0)
[ 1609.671757][   T30] audit: type=1804 audit(1748755673.563:1904): pid=26141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.5997" name="file0" dev="ramfs" ino=126664 res=1 errno=0
[ 1609.846047][T26144] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1610.289482][T26147] C: renamed from team_slave_0
[ 1610.311482][T26147] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5999'.
[ 1610.555579][T18633] usb 5-1: USB disconnect, device number 77
[ 1610.928658][T26149] netlink: 'syz.3.6000': attribute type 2 has an invalid length.
[ 1611.053332][T26155] netlink: 'syz.3.6000': attribute type 11 has an invalid length.
[ 1611.311023][T26171] fuse: Unknown parameter ''
[ 1611.608815][T26177] netlink: 152 bytes leftover after parsing attributes in process `syz.3.6010'.
[ 1612.547671][T26191] ptrace attach of "./syz-executor exec"[16052] was attempted by "./syz-executor exec"[26191]
[ 1612.575105][T26191] dns_resolver: Unsupported server list version (0)
[ 1612.919020][T13026] usb 3-1: USB disconnect, device number 33
[ 1613.776842][T13026] usb 4-1: new low-speed USB device number 41 using dummy_hcd
[ 1613.955322][T18633] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[ 1613.983970][T13026] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1614.018079][T13026] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1614.045004][T13026] usb 4-1: can't read configurations, error -71
[ 1614.236630][T18633] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1614.284943][T18633] usb 2-1: config 0 has no interface number 0
[ 1614.346252][T18633] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1614.357160][T18633] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1614.415297][T18633] usb 2-1: Product: syz
[ 1614.422115][T18633] usb 2-1: Manufacturer: syz
[ 1614.440057][T18633] usb 2-1: SerialNumber: syz
[ 1614.452324][T18633] usb 2-1: config 0 descriptor??
[ 1614.471563][T26223] ptrace attach of "./syz-executor exec"[25636] was attempted by "./syz-executor exec"[26223]
[ 1614.487348][T26223] netlink: 88 bytes leftover after parsing attributes in process `syz.2.6022'.
[ 1614.509533][T26223] netlink: 'syz.2.6022': attribute type 21 has an invalid length.
[ 1614.517582][T26223] netlink: 128 bytes leftover after parsing attributes in process `syz.2.6022'.
[ 1614.545064][T26223] netlink: 'syz.2.6022': attribute type 4 has an invalid length.
[ 1614.604600][T26223] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6022'.
[ 1614.709620][T26223] batadv2: entered promiscuous mode
[ 1614.725073][T18633] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[ 1614.736288][T26223] 8021q: adding VLAN 0 to HW filter on device batadv2
[ 1614.768484][T18633] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1614.803590][T18633] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[ 1614.829124][T18633] usb 2-1: media controller created
[ 1614.846247][T26226] FAULT_INJECTION: forcing a failure.
[ 1614.846247][T26226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1614.898876][T18633] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1614.907517][T26226] CPU: 1 UID: 0 PID: 26226 Comm: syz.3.6023 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1614.907538][T26226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1614.907548][T26226] Call Trace:
[ 1614.907555][T26226]  <TASK>
[ 1614.907563][T26226]  dump_stack_lvl+0x189/0x250
[ 1614.907591][T26226]  ? __pfx____ratelimit+0x10/0x10
[ 1614.907607][T26226]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1614.907630][T26226]  ? __pfx__printk+0x10/0x10
[ 1614.907647][T26226]  ? __might_fault+0xb0/0x130
[ 1614.907675][T26226]  should_fail_ex+0x414/0x560
[ 1614.907696][T26226]  _copy_to_iter+0x3f5/0x16f0
[ 1614.907725][T26226]  ? __pfx__copy_to_iter+0x10/0x10
[ 1614.907743][T26226]  ? __skb_try_recv_from_queue+0x2b2/0x730
[ 1614.907772][T26226]  ? __skb_try_recv_datagram+0x3da/0x4e0
[ 1614.907800][T26226]  __skb_datagram_iter+0xf8/0x990
[ 1614.907824][T26226]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1614.907853][T26226]  skb_copy_datagram_iter+0xc5/0x230
[ 1614.907878][T26226]  netlink_recvmsg+0x2ab/0xa30
[ 1614.907905][T26226]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1614.907928][T26226]  ? aa_sock_msg_perm+0x94/0x160
[ 1614.907946][T26226]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1614.907961][T26226]  ? security_socket_recvmsg+0x7e/0x2e0
[ 1614.907982][T26226]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1614.908002][T26226]  sock_recvmsg+0x229/0x270
[ 1614.908021][T26226]  ____sys_recvmsg+0x1c9/0x460
[ 1614.908048][T26226]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1614.908080][T26226]  ? import_iovec+0x74/0xa0
[ 1614.908106][T26226]  ___sys_recvmsg+0x1b5/0x510
[ 1614.908132][T26226]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1614.908172][T26226]  ? __fget_files+0x3a0/0x420
[ 1614.908205][T26226]  do_recvmmsg+0x307/0x770
[ 1614.908233][T26226]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1614.908264][T26226]  ? _copy_from_user+0x94/0xb0
[ 1614.908296][T26226]  __x64_sys_recvmmsg+0x1af/0x240
[ 1614.908321][T26226]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1614.908341][T26226]  ? rcu_is_watching+0x15/0xb0
[ 1614.908371][T26226]  ? do_syscall_64+0xbe/0x3b0
[ 1614.908390][T26226]  do_syscall_64+0xfa/0x3b0
[ 1614.908405][T26226]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1614.908419][T26226]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1614.908433][T26226]  ? clear_bhb_loop+0x60/0xb0
[ 1614.908451][T26226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1614.908465][T26226] RIP: 0033:0x7f5c9818e969
[ 1614.908478][T26226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1614.908491][T26226] RSP: 002b:00007f5c990ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1614.908507][T26226] RAX: ffffffffffffffda RBX: 00007f5c983b5fa0 RCX: 00007f5c9818e969
[ 1614.908519][T26226] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[ 1614.908529][T26226] RBP: 00007f5c990ce090 R08: 0000200000003700 R09: 0000000000000000
[ 1614.908540][T26226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1614.908549][T26226] R13: 0000000000000000 R14: 00007f5c983b5fa0 R15: 00007f5c984dfa28
[ 1614.908571][T26226]  </TASK>
[ 1616.204795][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1616.226393][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1616.289118][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1616.295526][T18633] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[ 1616.325132][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1616.354329][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1616.549831][T18633] usb 2-1: USB disconnect, device number 11
[ 1617.081208][T26241] VFS: Mount too revealing
[ 1617.165093][T26241] netlink: 'syz.1.6028': attribute type 33 has an invalid length.
[ 1617.243196][T26245] netlink: 44 bytes leftover after parsing attributes in process `syz.2.6029'.
[ 1617.274957][T26241] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6028'.
[ 1617.571160][T19392] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1617.725197][T13013] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1617.808668][T19392] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1617.885014][T13013] usb 3-1: Using ep0 maxpacket: 16
[ 1617.894666][T13013] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[ 1617.914613][T13013] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1617.923429][T13013] usb 3-1: Product: syz
[ 1617.933307][T13013] usb 3-1: Manufacturer: syz
[ 1617.943438][T13013] usb 3-1: SerialNumber: syz
[ 1617.990041][T13013] usb 3-1: config 0 descriptor??
[ 1618.028447][T13013] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[ 1618.039832][T19392] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1618.101565][T26234] chnl_net:caif_netlink_parms(): no params data found
[ 1618.230330][T13013] ssu100 3-1:0.0: probe with driver ssu100 failed with error -5
[ 1618.268135][T19392] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1618.392270][T21452] usb 3-1: USB disconnect, device number 34
[ 1618.497443][ T5844] Bluetooth: hci5: command tx timeout
[ 1618.998484][T26234] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1619.015528][T26234] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1619.025246][T21452] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1619.043849][T26234] bridge_slave_0: entered allmulticast mode
[ 1619.065880][T26234] bridge_slave_0: entered promiscuous mode
[ 1619.096593][T26234] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1619.103809][T26234] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1619.112213][T26234] bridge_slave_1: entered allmulticast mode
[ 1619.121096][T26234] bridge_slave_1: entered promiscuous mode
[ 1619.197960][T21452] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1619.210407][T21452] usb 3-1: config 0 has no interface number 0
[ 1619.221009][T21452] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1619.236002][T21452] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1619.247139][T21452] usb 3-1: Product: syz
[ 1619.251451][T21452] usb 3-1: Manufacturer: syz
[ 1619.285208][T21452] usb 3-1: SerialNumber: syz
[ 1619.308943][T26234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1619.322985][T21452] usb 3-1: config 0 descriptor??
[ 1619.332768][T26286] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6040'.
[ 1619.359826][T26234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1619.482288][T19392] bridge_slave_1: left allmulticast mode
[ 1619.488358][T19392] bridge_slave_1: left promiscuous mode
[ 1619.520796][T19392] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1619.551267][T21452] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[ 1619.569240][T21452] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1619.596331][T19392] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1619.613838][T21452] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[ 1619.665359][T21452] usb 3-1: media controller created
[ 1619.759650][T21452] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1619.866903][T26295] ptrace attach of "./syz-executor exec"[19549] was attempted by "./syz-executor exec"[26295]
[ 1619.908002][T21452] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[ 1619.991124][T26298] netlink: 'syz.3.6038': attribute type 21 has an invalid length.
[ 1620.069923][T21452] usb 3-1: USB disconnect, device number 35
[ 1620.086259][T26298] netlink: 128 bytes leftover after parsing attributes in process `syz.3.6038'.
[ 1620.585096][ T5844] Bluetooth: hci5: command tx timeout
[ 1620.789021][T19392] bond1 (unregistering): (slave gretap1): Releasing active interface
[ 1621.067985][T26312] netlink: 64 bytes leftover after parsing attributes in process `syz.1.6043'.
[ 1621.251963][T19392] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1621.992079][T19392] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1622.006686][T19392] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1622.026694][T19392] bond0 (unregistering): Released all slaves
[ 1622.051590][T19392] bond1 (unregistering): Released all slaves
[ 1622.088864][T19392] bond2 (unregistering): Released all slaves
[ 1622.122098][T19392] bond3 (unregistering): Released all slaves
[ 1622.152337][T26234] team0: Port device team_slave_0 added
[ 1622.158992][T26295] netlink: 88 bytes leftover after parsing attributes in process `syz.3.6038'.
[ 1622.179077][T26298] netlink: 'syz.3.6038': attribute type 4 has an invalid length.
[ 1622.205803][T26298] netlink: 3 bytes leftover after parsing attributes in process `syz.3.6038'.
[ 1622.238121][T26299] batadv6: entered promiscuous mode
[ 1622.266800][T26299] 8021q: adding VLAN 0 to HW filter on device batadv6
[ 1622.344176][T26316] netlink: 152 bytes leftover after parsing attributes in process `syz.0.6044'.
[ 1622.419109][T26234] team0: Port device team_slave_1 added
[ 1622.655456][ T5844] Bluetooth: hci5: command tx timeout
[ 1622.830450][T26234] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1622.870723][T26234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1622.987637][T26234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1623.080965][T26332] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6049'.
[ 1623.144772][T26338] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6050'.
[ 1623.257792][T26234] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1623.265996][T26234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1623.395200][T26234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1623.539114][T19392] macvlan0: left promiscuous mode
[ 1623.591796][T19392] batadv_slave_1: left promiscuous mode
[ 1623.717212][T26349] ptrace attach of "./syz-executor exec"[19549] was attempted by "./syz-executor exec"[26349]
[ 1623.780376][T19392] hsr_slave_0: left promiscuous mode
[ 1623.812752][T26352] netlink: 'syz.3.6048': attribute type 21 has an invalid length.
[ 1623.821353][T26352] netlink: 128 bytes leftover after parsing attributes in process `syz.3.6048'.
[ 1623.866397][T19392] hsr_slave_1: left promiscuous mode
[ 1623.899500][T19392] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1623.950456][T19392] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1624.415079][ T5885] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 1624.736470][ T5844] Bluetooth: hci5: command tx timeout
[ 1624.786812][ T5885] usb 2-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1624.835049][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1624.844725][ T5885] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00
[ 1624.856072][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1624.875438][ T5885] usb 2-1: config 0 descriptor??
[ 1626.425457][T26374] ptrace attach of "./syz-executor exec"[16508] was attempted by "./syz-executor exec"[26374]
[ 1626.517187][T26375] netlink: 'syz.0.6057': attribute type 21 has an invalid length.
[ 1626.535728][T26375] netlink: 128 bytes leftover after parsing attributes in process `syz.0.6057'.
[ 1627.352405][ T5885] usbhid 2-1:0.0: can't add hid device: -71
[ 1627.358539][ T5885] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1627.381928][ T5885] usb 2-1: USB disconnect, device number 12
[ 1627.424190][T19392] team0 (unregistering): Port device team_slave_1 removed
[ 1628.190768][T26349] netlink: 88 bytes leftover after parsing attributes in process `syz.3.6048'.
[ 1628.202448][T26352] netlink: 'syz.3.6048': attribute type 4 has an invalid length.
[ 1628.212936][T26352] netlink: 3 bytes leftover after parsing attributes in process `syz.3.6048'.
[ 1628.248908][T26353] batadv7: entered promiscuous mode
[ 1628.265988][T26353] 8021q: adding VLAN 0 to HW filter on device batadv7
[ 1628.273429][T26362] C: renamed from team_slave_0 (while UP)
[ 1628.288679][T26362] netlink: 152 bytes leftover after parsing attributes in process `syz.2.6056'.
[ 1628.359860][T26374] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6057'.
[ 1628.400244][T26375] netlink: 'syz.0.6057': attribute type 4 has an invalid length.
[ 1628.430120][T26375] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6057'.
[ 1628.514723][T26376] batadv8: entered promiscuous mode
[ 1628.542976][T26376] 8021q: adding VLAN 0 to HW filter on device batadv8
[ 1628.772039][T26391] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6
[ 1628.811757][T26234] hsr_slave_0: entered promiscuous mode
[ 1628.826340][T26234] hsr_slave_1: entered promiscuous mode
[ 1628.866128][T26234] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1628.885485][T26234] Cannot create hsr debugfs directory
[ 1629.108254][T26400] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6063'.
[ 1629.410802][T19392] IPVS: stop unused estimator thread 0...
[ 1629.415014][T13013] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 1629.515754][T26409] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[ 1629.598745][T13013] usb 2-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1629.649408][T13013] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1629.669335][T13013] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00
[ 1629.695177][T13013] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1629.724529][T13013] usb 2-1: config 0 descriptor??
[ 1630.565572][T20051] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1630.649437][T26430] netlink: 164 bytes leftover after parsing attributes in process `syz.0.6070'.
[ 1630.697361][T20051] usb 4-1: device descriptor read/64, error -71
[ 1630.978094][T20051] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1631.115129][T20051] usb 4-1: device descriptor read/64, error -71
[ 1631.247008][T20051] usb usb4-port1: attempt power cycle
[ 1631.371692][T26234] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1631.613456][T26234] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1631.625065][T20051] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1631.654011][T26234] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1631.669851][T20051] usb 4-1: device descriptor read/8, error -71
[ 1631.701662][T26234] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1631.915046][T20051] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1631.946048][T20051] usb 4-1: device descriptor read/8, error -71
[ 1632.065603][T20051] usb usb4-port1: unable to enumerate USB device
[ 1632.312344][T26234] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1632.671497][T26234] 8021q: adding VLAN 0 to HW filter on device team0
[ 1632.706866][T25392] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1632.714080][T25392] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1632.785379][T13013] usbhid 2-1:0.0: can't add hid device: -71
[ 1632.796519][T13013] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1632.840053][T25392] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1632.847296][T25392] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1632.866146][T13013] usb 2-1: USB disconnect, device number 13
[ 1633.287180][T26234] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1633.477640][T26234] veth0_vlan: entered promiscuous mode
[ 1633.576099][T26234] veth1_vlan: entered promiscuous mode
[ 1633.621941][   T30] audit: type=1400 audit(1748755697.523:1905): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147C8A3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F0
[ 1633.745805][T26234] veth0_macvtap: entered promiscuous mode
[ 1634.074089][T26234] veth1_macvtap: entered promiscuous mode
[ 1634.131872][T26234] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1634.186538][T26234] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1634.204785][T26479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6080'.
[ 1634.228049][T26234] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1634.247588][T26234] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1634.258133][T26479] netlink: 312 bytes leftover after parsing attributes in process `syz.0.6080'.
[ 1634.277483][T26234] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1634.297018][T26234] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1634.326269][T26479] netlink: 'syz.0.6080': attribute type 1 has an invalid length.
[ 1634.603880][T19392] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1634.636446][T19392] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1634.736384][ T5996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1634.754780][ T5996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1635.096924][T26502] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6084'.
[ 1635.126194][T26502] hsr0: Device is already in use.
[ 1635.895883][T26458] syz.1.6076: vmalloc error: size 2363392, failed to allocated page array size 4616, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1636.007388][T26458] CPU: 0 UID: 0 PID: 26458 Comm: syz.1.6076 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1636.007429][T26458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1636.007446][T26458] Call Trace:
[ 1636.007456][T26458]  <TASK>
[ 1636.007467][T26458]  dump_stack_lvl+0x189/0x250
[ 1636.007512][T26458]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1636.007534][T26458]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1636.007569][T26458]  ? __pfx__printk+0x10/0x10
[ 1636.007593][T26458]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1636.007626][T26458]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1636.007665][T26458]  warn_alloc+0x214/0x310
[ 1636.007703][T26458]  ? __pfx_warn_alloc+0x10/0x10
[ 1636.007746][T26458]  ? __get_vm_area_node+0x28f/0x300
[ 1636.007778][T26458]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1636.007811][T26458]  __vmalloc_node_range_noprof+0x67e/0x1340
[ 1636.007875][T26458]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1636.007906][T26458]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1636.007936][T26458]  ? __get_vm_area_node+0x28f/0x300
[ 1636.007964][T26458]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1636.007993][T26458]  __vmalloc_node_range_noprof+0x56a/0x1340
[ 1636.008023][T26458]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1636.008081][T26458]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1636.008119][T26458]  ? __kasan_kmalloc+0x93/0xb0
[ 1636.008148][T26458]  vmalloc_user_noprof+0xad/0xf0
[ 1636.008178][T26458]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1636.008207][T26458]  vb2_vmalloc_alloc+0xef/0x340
[ 1636.008234][T26458]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1636.008264][T26458]  __vb2_queue_alloc+0x9bf/0x15a0
[ 1636.008323][T26458]  vb2_core_create_bufs+0x765/0xde0
[ 1636.008363][T26458]  ? __pfx_vb2_core_create_bufs+0x10/0x10
[ 1636.008386][T26458]  ? __mutex_trylock_common+0x153/0x260
[ 1636.008430][T26458]  ? vb2_set_flags_and_caps+0x309/0x5f0
[ 1636.008461][T26458]  vb2_create_bufs+0x5b9/0xae0
[ 1636.008499][T26458]  ? __pfx_vb2_create_bufs+0x10/0x10
[ 1636.008528][T26458]  ? vb2_set_flags_and_caps+0x309/0x5f0
[ 1636.008559][T26458]  vb2_ioctl_create_bufs+0x285/0x3f0
[ 1636.008590][T26458]  v4l_create_bufs+0x190/0x2a0
[ 1636.008621][T26458]  __video_do_ioctl+0xc98/0xdb0
[ 1636.008662][T26458]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1636.008707][T26458]  video_usercopy+0x871/0x14f0
[ 1636.008746][T26458]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1636.008779][T26458]  ? __pfx_video_usercopy+0x10/0x10
[ 1636.008818][T26458]  ? __fget_files+0x2a/0x420
[ 1636.008853][T26458]  ? __fget_files+0x2a/0x420
[ 1636.008880][T26458]  ? __fget_files+0x3a0/0x420
[ 1636.008913][T26458]  v4l2_ioctl+0x18d/0x1e0
[ 1636.008942][T26458]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1636.008969][T26458]  __se_sys_ioctl+0xfc/0x170
[ 1636.008997][T26458]  do_syscall_64+0xfa/0x3b0
[ 1636.009020][T26458]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1636.009041][T26458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1636.009064][T26458]  ? clear_bhb_loop+0x60/0xb0
[ 1636.009091][T26458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1636.009112][T26458] RIP: 0033:0x7f2e9bb8e969
[ 1636.009133][T26458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1636.009153][T26458] RSP: 002b:00007f2e9ca40038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1636.009177][T26458] RAX: ffffffffffffffda RBX: 00007f2e9bdb5fa0 RCX: 00007f2e9bb8e969
[ 1636.009194][T26458] RDX: 0000200000000140 RSI: 00000000c100565c RDI: 0000000000000006
[ 1636.009209][T26458] RBP: 00007f2e9bc10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1636.009222][T26458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1636.009236][T26458] R13: 0000000000000000 R14: 00007f2e9bdb5fa0 R15: 00007f2e9bedfa28
[ 1636.009283][T26458]  </TASK>
[ 1636.375850][T26458] Mem-Info:
[ 1636.378994][T26458] active_anon:8716 inactive_anon:0 isolated_anon:0
[ 1636.378994][T26458]  active_file:12165 inactive_file:4113 isolated_file:0
[ 1636.378994][T26458]  unevictable:768 dirty:184 writeback:0
[ 1636.378994][T26458]  slab_reclaimable:6260 slab_unreclaimable:119680
[ 1636.378994][T26458]  mapped:33431 shmem:3118 pagetables:1316
[ 1636.378994][T26458]  sec_pagetables:0 bounce:0
[ 1636.378994][T26458]  kernel_misc_reclaimable:0
[ 1636.378994][T26458]  free:1284325 free_pcp:5340 free_cma:0
[ 1636.511819][T26458] Node 0 active_anon:33764kB inactive_anon:0kB active_file:48604kB inactive_file:16320kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133792kB dirty:736kB writeback:0kB shmem:9836kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11856kB pagetables:5264kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1636.546592][T26458] Node 1 active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:32kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1636.578815][T26458] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1636.606282][T26458] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 1636.612102][T26458] Node 0 DMA32 free:1209844kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB active_anon:32080kB inactive_anon:0kB active_file:48468kB inactive_file:14820kB unevictable:1536kB writepending:732kB present:3129332kB managed:2561252kB mlocked:0kB bounce:0kB free_pcp:11116kB local_pcp:9900kB free_cma:0kB
[ 1636.643150][T26458] lowmem_reserve[]: 0 0 1 1 1
[ 1636.648746][T26458] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:184kB inactive_anon:0kB active_file:136kB inactive_file:1500kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:64kB local_pcp:8kB free_cma:0kB
[ 1636.676565][T26458] lowmem_reserve[]: 0 0 0 0 0
[ 1636.681343][T26458] Node 1 Normal free:3920188kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1636.710375][T26458] lowmem_reserve[]: 0 0 0 0 0
[ 1636.715699][T26458] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1636.731835][T26458] Node 0 DMA32: 26*4kB (ME) 300*8kB (ME) 1023*16kB (UME) 534*32kB (ME) 493*64kB (UME) 205*128kB (ME) 86*256kB (ME) 42*512kB (ME) 23*1024kB (UME) 14*2048kB (UM) 248*4096kB (UM) = 1205304kB
[ 1636.750987][T26458] Node 0 Normal: 4*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[ 1636.763099][T26458] Node 1 Normal: 231*4kB (UME) 82*8kB (UME) 47*16kB (UME) 183*32kB (UE) 105*64kB (UME) 34*128kB (UME) 12*256kB (UME) 9*512kB (UME) 4*1024kB (UME) 3*2048kB (UE) 948*4096kB (M) = 3920188kB
[ 1636.863654][T26458] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1636.873740][T26458] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1636.883669][T26458] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1636.903752][T26458] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1636.941050][T26458] 18371 total pagecache pages
[ 1636.979481][T26458] 0 pages in swap cache
[ 1636.983708][T26458] Free swap  = 124996kB
[ 1637.005698][T26458] Total swap = 124996kB
[ 1637.009914][T26458] 2097051 pages RAM
[ 1637.013744][T26458] 0 pages HighMem/MovableOnly
[ 1637.092099][T26522] syzkaller1: entered promiscuous mode
[ 1637.103029][T26458] 424632 pages reserved
[ 1637.126632][T26522] syzkaller1: entered allmulticast mode
[ 1637.139035][T26458] 0 pages cma reserved
[ 1637.764608][T25320] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1637.778154][T25320] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1637.787263][T25320] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1637.796393][T25320] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1637.806875][T25320] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1638.314455][T19631] syz_tun (unregistering): left promiscuous mode
[ 1639.656320][T26531] chnl_net:caif_netlink_parms(): no params data found
[ 1639.855227][T25320] Bluetooth: hci3: command tx timeout
[ 1640.321667][   T30] audit: type=1326 audit(1748755704.223:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26568 comm="syz.2.6093" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e0df8e969 code=0x7fc00000
[ 1640.566410][T26531] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1640.605466][T26531] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1640.612806][T26531] bridge_slave_0: entered allmulticast mode
[ 1640.670748][T26531] bridge_slave_0: entered promiscuous mode
[ 1640.925077][T26531] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1641.004767][T26531] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1641.076673][T26531] bridge_slave_1: entered allmulticast mode
[ 1641.154571][T26531] bridge_slave_1: entered promiscuous mode
[ 1641.244177][T26590] netlink: 'syz.2.6096': attribute type 11 has an invalid length.
[ 1641.305956][T26597] ptrace attach of "./syz-executor exec"[25324] was attempted by "./syz-executor exec"[26597]
[ 1641.422540][T26599] netlink: 'syz.1.6095': attribute type 21 has an invalid length.
[ 1641.431009][T26599] netlink: 128 bytes leftover after parsing attributes in process `syz.1.6095'.
[ 1641.608024][T26602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1641.675172][T26602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1641.715266][T26602] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1641.739253][T26597] netlink: 88 bytes leftover after parsing attributes in process `syz.1.6095'.
[ 1641.748634][T26605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1641.748862][T26605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1641.775908][T26606] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1641.945374][T25320] Bluetooth: hci3: command tx timeout
[ 1641.987354][T26599] netlink: 'syz.1.6095': attribute type 4 has an invalid length.
[ 1642.070194][T26606] GUP no longer grows the stack in syz.3.6097 (26606): 200000004000-20000000a000 (200000001000)
[ 1642.095121][T26599] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6095'.
[ 1642.114976][T26606] CPU: 1 UID: 0 PID: 26606 Comm: syz.3.6097 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1642.115008][T26606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1642.115022][T26606] Call Trace:
[ 1642.115032][T26606]  <TASK>
[ 1642.115044][T26606]  dump_stack_lvl+0x189/0x250
[ 1642.115084][T26606]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1642.115118][T26606]  ? __pfx__printk+0x10/0x10
[ 1642.115139][T26606]  ? find_vma+0xe7/0x160
[ 1642.115179][T26606]  __get_user_pages+0x2a96/0x30c0
[ 1642.115243][T26606]  ? __pfx___get_user_pages+0x10/0x10
[ 1642.115269][T26606]  ? __gup_longterm_locked+0xbf7/0x15b0
[ 1642.115295][T26606]  ? down_read_killable+0x1d1/0x350
[ 1642.115321][T26606]  ? try_get_folio+0x633/0x660
[ 1642.115353][T26606]  __gup_longterm_locked+0xd66/0x15b0
[ 1642.115385][T26606]  ? try_grab_folio_fast+0x1be/0x4f0
[ 1642.115423][T26606]  ? gup_fast_fallback+0x1afc/0x2260
[ 1642.115451][T26606]  gup_fast_fallback+0x1cd4/0x2260
[ 1642.115514][T26606]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 1642.115537][T26606]  ? trace_contention_end+0x39/0x120
[ 1642.115566][T26606]  ? __mutex_lock+0x330/0xe80
[ 1642.115593][T26606]  ? is_valid_gup_args+0x11f/0x200
[ 1642.115622][T26606]  ? get_user_pages_fast+0x4d/0xb0
[ 1642.115666][T26606]  __iov_iter_get_pages_alloc+0x39a/0xb40
[ 1642.115707][T26606]  ? __pfx_pipe_clear_nowait+0x10/0x10
[ 1642.115736][T26606]  ? wait_for_space+0x24d/0x2d0
[ 1642.115765][T26606]  iov_iter_get_pages2+0x5e/0xa0
[ 1642.115798][T26606]  __se_sys_vmsplice+0x548/0x10d0
[ 1642.115848][T26606]  ? __pfx___se_sys_vmsplice+0x10/0x10
[ 1642.115878][T26606]  ? __pfx_futex_wait+0x10/0x10
[ 1642.115962][T26606]  ? rcu_is_watching+0x15/0xb0
[ 1642.115997][T26606]  ? do_syscall_64+0xbe/0x3b0
[ 1642.116025][T26606]  do_syscall_64+0xfa/0x3b0
[ 1642.116047][T26606]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1642.116067][T26606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1642.116088][T26606]  ? clear_bhb_loop+0x60/0xb0
[ 1642.116114][T26606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1642.116135][T26606] RIP: 0033:0x7f5c9818e969
[ 1642.116156][T26606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1642.116175][T26606] RSP: 002b:00007f5c9908c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[ 1642.116200][T26606] RAX: ffffffffffffffda RBX: 00007f5c983b6160 RCX: 00007f5c9818e969
[ 1642.116216][T26606] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000008
[ 1642.116229][T26606] RBP: 00007f5c98210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1642.116243][T26606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1642.116256][T26606] R13: 0000000000000000 R14: 00007f5c983b6160 R15: 00007f5c984dfa28
[ 1642.116290][T26606]  </TASK>
[ 1642.487241][T26600] batadv1: entered promiscuous mode
[ 1642.493402][T26600] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1642.664325][T26531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1642.695448][T26531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1642.781640][T26614] netlink: 'syz.2.6098': attribute type 1 has an invalid length.
[ 1643.033830][T26616] bond1: (slave gretap1): making interface the new active one
[ 1643.042336][T26616] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1643.108214][T26531] team0: Port device team_slave_0 added
[ 1643.114621][T19394] bridge_slave_1: left promiscuous mode
[ 1643.126219][T19394] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1643.156464][T19394] bridge_slave_0: left promiscuous mode
[ 1643.162251][T19394] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1643.255139][T13026] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[ 1643.415152][T13026] usb 5-1: device descriptor read/64, error -71
[ 1643.675069][T13026] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 1643.721246][T26638] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6105'.
[ 1643.765390][T18846] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1643.805134][T13026] usb 5-1: device descriptor read/64, error -71
[ 1643.936259][T13026] usb usb5-port1: attempt power cycle
[ 1643.947133][T18846] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1644.029669][ T5844] Bluetooth: hci3: command tx timeout
[ 1644.047208][T18846] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1644.057265][T18846] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1644.066573][T18846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1644.144602][T26635] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1644.168610][T18846] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1644.365000][T13026] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 1644.398063][T13026] usb 5-1: device descriptor read/8, error -71
[ 1644.440078][T19394] bond2 (unregistering): (slave gretap1): Releasing active interface
[ 1644.685073][T13026] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 1644.716317][T13026] usb 5-1: device descriptor read/8, error -71
[ 1644.885819][T13026] usb usb5-port1: unable to enumerate USB device
[ 1644.913972][T19394] bridge0 (unregistering): left promiscuous mode
[ 1646.094974][ T5844] Bluetooth: hci3: command 0x0419 tx timeout
[ 1646.482849][T19394] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1646.492715][T19394] bond_slave_0: left promiscuous mode
[ 1646.511055][T19394] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1646.525847][T19394] bond_slave_1: left promiscuous mode
[ 1646.542898][T26649] netlink: 'syz.4.6108': attribute type 10 has an invalid length.
[ 1646.548913][T19394] bond0 (unregistering): Released all slaves
[ 1646.578239][T19394] bond1 (unregistering): Released all slaves
[ 1646.600310][T19394] bond2 (unregistering): Released all slaves
[ 1646.629337][T19394] bond3 (unregistering): Released all slaves
[ 1646.656302][T26531] team0: Port device team_slave_1 added
[ 1646.745491][T26644] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1646.771183][T26649] 8021q: adding VLAN 0 to HW filter on device team0
[ 1646.778508][T26644] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1646.802959][T26644] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1646.815037][T26644] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1646.843286][T26649] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1646.866982][T26644] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1646.956423][T26644] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1646.989128][T26644] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1647.000792][T19394] tipc: Left network mode
[ 1647.026704][T26644] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1647.036817][T26531] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1647.044999][T26531] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1647.073977][T26531] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1647.097071][T26531] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1647.104384][T26531] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1647.131053][T26531] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1647.376056][T26659] FAULT_INJECTION: forcing a failure.
[ 1647.376056][T26659] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1647.471902][T26659] CPU: 1 UID: 0 PID: 26659 Comm: syz.4.6110 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1647.471932][T26659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1647.471941][T26659] Call Trace:
[ 1647.471948][T26659]  <TASK>
[ 1647.471955][T26659]  dump_stack_lvl+0x189/0x250
[ 1647.471984][T26659]  ? __pfx____ratelimit+0x10/0x10
[ 1647.472003][T26659]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1647.472026][T26659]  ? __pfx__printk+0x10/0x10
[ 1647.472043][T26659]  ? __might_fault+0xb0/0x130
[ 1647.472071][T26659]  should_fail_ex+0x414/0x560
[ 1647.472092][T26659]  _copy_from_user+0x2d/0xb0
[ 1647.472115][T26659]  ___sys_recvmsg+0x12e/0x510
[ 1647.472142][T26659]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1647.472193][T26659]  ? __might_fault+0xb0/0x130
[ 1647.472215][T26659]  do_recvmmsg+0x307/0x770
[ 1647.472255][T26659]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1647.472299][T26659]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1647.472343][T26659]  __x64_sys_recvmmsg+0x190/0x240
[ 1647.472378][T26659]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1647.472407][T26659]  ? rcu_is_watching+0x15/0xb0
[ 1647.472440][T26659]  ? do_syscall_64+0xbe/0x3b0
[ 1647.472467][T26659]  do_syscall_64+0xfa/0x3b0
[ 1647.472489][T26659]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1647.472521][T26659]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1647.472541][T26659]  ? clear_bhb_loop+0x60/0xb0
[ 1647.472566][T26659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1647.472586][T26659] RIP: 0033:0x7fcfb758e969
[ 1647.472605][T26659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1647.472623][T26659] RSP: 002b:00007fcfb8331038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1647.472645][T26659] RAX: ffffffffffffffda RBX: 00007fcfb77b5fa0 RCX: 00007fcfb758e969
[ 1647.472661][T26659] RDX: 0000000004000210 RSI: 0000200000001740 RDI: 0000000000000004
[ 1647.472674][T26659] RBP: 00007fcfb8331090 R08: 0000000000000000 R09: 0000000000000000
[ 1647.472687][T26659] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[ 1647.472700][T26659] R13: 0000000000000000 R14: 00007fcfb77b5fa0 R15: 00007fcfb78dfa28
[ 1647.472749][T26659]  </TASK>
[ 1647.760764][T21452] usb 3-1: USB disconnect, device number 36
[ 1648.143513][T26531] hsr_slave_0: entered promiscuous mode
[ 1648.149617][T26678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6111'.
[ 1648.160499][T26531] hsr_slave_1: entered promiscuous mode
[ 1648.168691][T26531] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1648.180890][T26531] Cannot create hsr debugfs directory
[ 1648.193125][T26678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6111'.
[ 1648.227227][T26670] netlink: 72 bytes leftover after parsing attributes in process `syz.3.6113'.
[ 1648.288477][   T30] audit: type=1326 audit(1748755712.193:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1648.359875][   T30] audit: type=1326 audit(1748755712.193:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1648.474754][   T30] audit: type=1326 audit(1748755712.193:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1648.611553][   T30] audit: type=1326 audit(1748755712.193:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1648.725570][   T30] audit: type=1326 audit(1748755712.193:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1648.748638][   T30] audit: type=1326 audit(1748755712.193:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1648.815424][   T30] audit: type=1326 audit(1748755712.193:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1648.824666][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1648.838251][T25320] Bluetooth: hci0: command 0x040f tx timeout
[ 1648.850263][T25320] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1648.917566][   T30] audit: type=1326 audit(1748755712.193:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1648.975581][ T5844] Bluetooth: hci3: command 0x0419 tx timeout
[ 1649.096168][   T30] audit: type=1326 audit(1748755712.193:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1649.159954][T19394] hsr_slave_0: left promiscuous mode
[ 1649.177788][   T30] audit: type=1326 audit(1748755712.193:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26673 comm="syz.4.6111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfb758e969 code=0x7ffc0000
[ 1649.200712][T19394] hsr_slave_1: left promiscuous mode
[ 1649.216863][T19394] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1649.237607][T20050] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1649.247795][T26700] xt_l2tp: v2 doesn't support IP mode
[ 1649.255824][T19394] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1649.289256][T26702] ptrace attach of "./syz-executor exec"[25324] was attempted by "./syz-executor exec"[26702]
[ 1649.307003][T19394] hsr0: left promiscuous mode
[ 1649.395817][T26704] netlink: 'syz.1.6114': attribute type 21 has an invalid length.
[ 1649.403909][T26704] netlink: 128 bytes leftover after parsing attributes in process `syz.1.6114'.
[ 1649.425192][T20050] usb 4-1: device descriptor read/64, error -71
[ 1649.431866][T26697] netlink: 196 bytes leftover after parsing attributes in process `syz.4.6119'.
[ 1649.765067][T20050] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1649.914899][T20050] usb 4-1: device descriptor read/64, error -71
[ 1650.036218][T20050] usb usb4-port1: attempt power cycle
[ 1650.405034][T20050] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1650.451852][T20050] usb 4-1: device descriptor read/8, error -71
[ 1650.640105][T19394] team0 (unregistering): Port device team_slave_1 removed
[ 1650.710529][T20050] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 1650.723726][T19394] team0 (unregistering): Port device C removed
[ 1650.735999][T20050] usb 4-1: device descriptor read/8, error -71
[ 1650.857691][T20050] usb usb4-port1: unable to enumerate USB device
[ 1650.895766][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1651.064396][ T5844] Bluetooth: hci3: command 0x0419 tx timeout
[ 1651.534931][T26702] netlink: 88 bytes leftover after parsing attributes in process `syz.1.6114'.
[ 1651.554687][T26704] netlink: 'syz.1.6114': attribute type 4 has an invalid length.
[ 1651.562968][T26704] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6114'.
[ 1651.617386][T26705] batadv2: entered promiscuous mode
[ 1651.624626][T26705] 8021q: adding VLAN 0 to HW filter on device batadv2
[ 1652.017799][T26716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6122'.
[ 1652.044992][T18845] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 1652.275767][T18845] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1652.297955][T18845] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1652.356390][T18845] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1652.507353][T18845] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1652.558567][T26711] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1652.600684][T18845] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1652.936598][T26711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1653.010021][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1653.055488][T26711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1653.067278][T26711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1653.076805][T26711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1653.144933][ T5844] Bluetooth: hci3: command 0x0419 tx timeout
[ 1653.717667][T26735] netlink: 72 bytes leftover after parsing attributes in process `syz.1.6126'.
[ 1655.288292][T26531] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1655.468258][T26531] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1655.565429][T26531] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1655.655687][T26531] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1655.714932][T13026] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[ 1655.885258][T13026] usb 5-1: Using ep0 maxpacket: 8
[ 1655.900066][T20050] usb 3-1: USB disconnect, device number 37
[ 1655.965224][T13026] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[ 1656.017345][T13026] usb 5-1: config 0 has no interface number 0
[ 1656.023637][T13026] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1656.106597][T26765] netlink: get zone limit has 4 unknown bytes
[ 1656.126334][T13026] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1656.166242][T13026] usb 5-1: New USB device found, idVendor=0000, idProduct=1700, bcdDevice=f7.f4
[ 1656.198389][T13026] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1656.235062][T13026] usb 5-1: Product: syz
[ 1656.254744][T13026] usb 5-1: Manufacturer: syz
[ 1656.275397][T13026] usb 5-1: SerialNumber: syz
[ 1656.295280][T21452] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 1656.297956][T26531] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1656.322110][T13026] usb 5-1: config 0 descriptor??
[ 1656.354108][T26755] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[ 1656.361930][T26755] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[ 1656.427036][T26531] 8021q: adding VLAN 0 to HW filter on device team0
[ 1656.462194][T21452] usb 4-1: device descriptor read/64, error -71
[ 1656.497905][ T5996] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1656.505236][ T5996] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1656.561568][T25392] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1656.568761][T25392] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1656.715131][T13013] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 1656.761154][T21452] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 1656.885426][T13013] usb 2-1: Using ep0 maxpacket: 8
[ 1656.904013][T26531] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1656.929798][T13013] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[ 1656.965277][T21452] usb 4-1: device descriptor read/64, error -71
[ 1656.975118][T13013] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1657.008357][T13013] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76
[ 1657.033694][T13013] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1657.075852][T13013] usb 2-1: Product: syz
[ 1657.085408][T21452] usb usb4-port1: attempt power cycle
[ 1657.091315][T13013] usb 2-1: Manufacturer: syz
[ 1657.114602][T13013] usb 2-1: SerialNumber: syz
[ 1657.146246][T13013] usb 2-1: config 0 descriptor??
[ 1657.162986][T13013] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found
[ 1657.240592][T26531] veth0_vlan: entered promiscuous mode
[ 1657.256978][T26782] netlink: 72 bytes leftover after parsing attributes in process `syz.2.6137'.
[ 1657.332797][T26531] veth1_vlan: entered promiscuous mode
[ 1657.576773][T21452] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 1657.627589][T21452] usb 4-1: device descriptor read/8, error -71
[ 1657.632053][T26531] veth0_macvtap: entered promiscuous mode
[ 1657.725506][T26531] veth1_macvtap: entered promiscuous mode
[ 1657.902487][T26531] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1657.915397][T21452] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 1657.949470][T26531] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1657.960853][T26790] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6138'.
[ 1657.962313][T21452] usb 4-1: device descriptor read/8, error -71
[ 1657.994158][T26531] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1658.010345][T26531] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1658.041045][T26531] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1658.061981][T26531] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1658.117526][T21452] usb usb4-port1: unable to enumerate USB device
[ 1658.486175][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1658.499319][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1658.505390][T18633] usb 5-1: USB disconnect, device number 82
[ 1658.731331][T19392] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1658.749779][T19392] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1658.909153][T26807] netlink: 2052 bytes leftover after parsing attributes in process `syz.4.6140'.
[ 1658.932814][T18845] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1658.950478][T26807] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6140'.
[ 1659.100165][T18845] usb 3-1: config 0 has no interfaces?
[ 1659.117737][T18845] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1659.127518][T18845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1659.138871][T18845] usb 3-1: Product: syz
[ 1659.174046][T18845] usb 3-1: Manufacturer: syz
[ 1659.180359][T18845] usb 3-1: SerialNumber: syz
[ 1659.253559][T18845] usb 3-1: config 0 descriptor??
[ 1660.207357][T26825] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1660.219127][T26825] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1660.230942][T26825] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1660.253489][T26825] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1660.344987][T13013] snd_usb_toneport 2-1:0.0: set_interface failed
[ 1660.445114][T13013] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected
[ 1660.524158][T13013] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -71
[ 1660.930869][T13013] usb 2-1: USB disconnect, device number 14
[ 1661.549253][T26837] netlink: 'syz.3.6145': attribute type 20 has an invalid length.
[ 1661.955469][T13026] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[ 1662.116784][T13026] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1662.131881][T13026] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1662.178706][T13026] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1662.229504][T18633] usb 3-1: USB disconnect, device number 38
[ 1662.255342][T21315] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1662.261761][T21315] Bluetooth: hci0: command 0x040f tx timeout
[ 1662.267905][T21315] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1662.273920][ T5844] Bluetooth: hci3: command 0x0419 tx timeout
[ 1662.300952][T13026] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1662.333116][T13026] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1662.349159][T13026] usb 2-1: Product: syz
[ 1662.357360][T13026] usb 2-1: Manufacturer: syz
[ 1662.364924][T13026] usb 2-1: SerialNumber: syz
[ 1662.523017][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1662.523036][   T30] audit: type=1800 audit(1748755726.423:1918): pid=26851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6149" name="nullb0" dev="devtmpfs" ino=3798 res=0 errno=0
[ 1662.586142][T13026] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 15 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1662.692756][T26857] FAULT_INJECTION: forcing a failure.
[ 1662.692756][T26857] name failslab, interval 1, probability 0, space 0, times 0
[ 1662.742338][T26857] CPU: 0 UID: 0 PID: 26857 Comm: syz.2.6150 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1662.742369][T26857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1662.742383][T26857] Call Trace:
[ 1662.742393][T26857]  <TASK>
[ 1662.742403][T26857]  dump_stack_lvl+0x189/0x250
[ 1662.742440][T26857]  ? __pfx____ratelimit+0x10/0x10
[ 1662.742462][T26857]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1662.742493][T26857]  ? __pfx__printk+0x10/0x10
[ 1662.742518][T26857]  ? __pfx___might_resched+0x10/0x10
[ 1662.742544][T26857]  ? fs_reclaim_acquire+0x7d/0x100
[ 1662.742579][T26857]  should_fail_ex+0x414/0x560
[ 1662.742608][T26857]  should_failslab+0xa8/0x100
[ 1662.742637][T26857]  __kmalloc_noprof+0xcb/0x4f0
[ 1662.742662][T26857]  ? tomoyo_encode+0x28b/0x550
[ 1662.742692][T26857]  tomoyo_encode+0x28b/0x550
[ 1662.742722][T26857]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1662.742759][T26857]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1662.742779][T26857]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1662.742810][T26857]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1662.742868][T26857]  ? __lock_acquire+0xab9/0xd20
[ 1662.742914][T26857]  ? __fget_files+0x2a/0x420
[ 1662.742946][T26857]  ? __fget_files+0x2a/0x420
[ 1662.742973][T26857]  ? __fget_files+0x3a0/0x420
[ 1662.743000][T26857]  ? __fget_files+0x2a/0x420
[ 1662.743032][T26857]  security_file_ioctl+0xcb/0x2d0
[ 1662.743068][T26857]  __se_sys_ioctl+0x47/0x170
[ 1662.743094][T26857]  do_syscall_64+0xfa/0x3b0
[ 1662.743116][T26857]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1662.743136][T26857]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1662.743158][T26857]  ? clear_bhb_loop+0x60/0xb0
[ 1662.743184][T26857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1662.743204][T26857] RIP: 0033:0x7f3e0df8e969
[ 1662.743223][T26857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1662.743241][T26857] RSP: 002b:00007f3e0eec2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1662.743264][T26857] RAX: ffffffffffffffda RBX: 00007f3e0e1b5fa0 RCX: 00007f3e0df8e969
[ 1662.743279][T26857] RDX: 0000000000000000 RSI: 00000000c1105511 RDI: 0000000000000003
[ 1662.743292][T26857] RBP: 00007f3e0eec2090 R08: 0000000000000000 R09: 0000000000000000
[ 1662.743305][T26857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1662.743318][T26857] R13: 0000000000000000 R14: 00007f3e0e1b5fa0 R15: 00007f3e0e2dfa28
[ 1662.743350][T26857]  </TASK>
[ 1662.995115][T26857] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1663.061622][T26844] usblp0:failed reading printer status (-71)
[ 1663.065458][T18633] usb 2-1: USB disconnect, device number 15
[ 1663.088219][T18633] usblp0: removed
[ 1663.114955][T13013] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 1663.266665][T13013] usb 4-1: Using ep0 maxpacket: 8
[ 1663.282333][T13013] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[ 1663.291423][T13013] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1663.324488][T13013] usb 4-1: config 0 has no interface number 0
[ 1663.354491][T13013] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1663.373944][T13013] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1663.433928][T13013] usb 4-1: config 0 descriptor??
[ 1663.448463][T13013] ldusb 4-1:0.55: Interrupt in endpoint not found
[ 1663.660827][T18633] usb 4-1: USB disconnect, device number 55
[ 1663.833861][T26865] FAULT_INJECTION: forcing a failure.
[ 1663.833861][T26865] name failslab, interval 1, probability 0, space 0, times 0
[ 1663.835189][T26871] FAULT_INJECTION: forcing a failure.
[ 1663.835189][T26871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1663.848301][T26865] CPU: 0 UID: 0 PID: 26865 Comm: syz.2.6154 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1663.848334][T26865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1663.848349][T26865] Call Trace:
[ 1663.848360][T26865]  <TASK>
[ 1663.848370][T26865]  dump_stack_lvl+0x189/0x250
[ 1663.848413][T26865]  ? __pfx____ratelimit+0x10/0x10
[ 1663.848437][T26865]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1663.848474][T26865]  ? __pfx__printk+0x10/0x10
[ 1663.848507][T26865]  ? __pfx___might_resched+0x10/0x10
[ 1663.848536][T26865]  ? fs_reclaim_acquire+0x7d/0x100
[ 1663.848577][T26865]  should_fail_ex+0x414/0x560
[ 1663.848608][T26865]  should_failslab+0xa8/0x100
[ 1663.848641][T26865]  __kmalloc_noprof+0xcb/0x4f0
[ 1663.848667][T26865]  ? kfree+0x4d/0x440
[ 1663.848690][T26865]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1663.848725][T26865]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1663.848755][T26865]  ? tomoyo_domain+0xd9/0x130
[ 1663.848789][T26865]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1663.848812][T26865]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1663.848838][T26865]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1663.848865][T26865]  ? sb_end_write+0xe9/0x1c0
[ 1663.848899][T26865]  ? vfs_write+0x8d8/0xa90
[ 1663.848966][T26865]  ? ksys_write+0x1e1/0x250
[ 1663.849001][T26865]  security_file_ioctl+0xcb/0x2d0
[ 1663.849046][T26865]  __se_sys_ioctl+0x47/0x170
[ 1663.849074][T26865]  do_syscall_64+0xfa/0x3b0
[ 1663.849098][T26865]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1663.849121][T26865]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1663.849144][T26865]  ? clear_bhb_loop+0x60/0xb0
[ 1663.849171][T26865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1663.849193][T26865] RIP: 0033:0x7f3e0df8e969
[ 1663.849214][T26865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1663.849233][T26865] RSP: 002b:00007f3e0eec2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1663.849258][T26865] RAX: ffffffffffffffda RBX: 00007f3e0e1b5fa0 RCX: 00007f3e0df8e969
[ 1663.849275][T26865] RDX: 0000200000000000 RSI: 0000000040187542 RDI: 0000000000000005
[ 1663.849291][T26865] RBP: 00007f3e0eec2090 R08: 0000000000000000 R09: 0000000000000000
[ 1663.849305][T26865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1663.849320][T26865] R13: 0000000000000000 R14: 00007f3e0e1b5fa0 R15: 00007f3e0e2dfa28
[ 1663.849355][T26865]  </TASK>
[ 1663.849365][T26865] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1663.878455][T26871] CPU: 1 UID: 0 PID: 26871 Comm: syz.0.6155 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1663.878488][T26871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1663.878502][T26871] Call Trace:
[ 1663.878513][T26871]  <TASK>
[ 1663.878525][T26871]  dump_stack_lvl+0x189/0x250
[ 1663.878565][T26871]  ? __pfx____ratelimit+0x10/0x10
[ 1663.878590][T26871]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1663.878625][T26871]  ? __pfx__printk+0x10/0x10
[ 1663.878650][T26871]  ? __might_fault+0xb0/0x130
[ 1663.878692][T26871]  should_fail_ex+0x414/0x560
[ 1663.878724][T26871]  _copy_from_user+0x2d/0xb0
[ 1663.878771][T26871]  ___sys_sendmsg+0x158/0x2a0
[ 1663.878812][T26871]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1663.878884][T26871]  ? __fget_files+0x2a/0x420
[ 1663.878914][T26871]  ? __fget_files+0x3a0/0x420
[ 1663.878956][T26871]  __x64_sys_sendmsg+0x19b/0x260
[ 1663.878991][T26871]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1663.879034][T26871]  ? __pfx_ksys_write+0x10/0x10
[ 1663.879059][T26871]  ? rcu_is_watching+0x15/0xb0
[ 1663.879094][T26871]  ? do_syscall_64+0xbe/0x3b0
[ 1663.879122][T26871]  do_syscall_64+0xfa/0x3b0
[ 1663.879144][T26871]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1663.879166][T26871]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1663.879189][T26871]  ? clear_bhb_loop+0x60/0xb0
[ 1663.879217][T26871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1663.879239][T26871] RIP: 0033:0x7f585c38e969
[ 1663.879260][T26871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1663.879281][T26871] RSP: 002b:00007f585d28b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1663.879306][T26871] RAX: ffffffffffffffda RBX: 00007f585c5b5fa0 RCX: 00007f585c38e969
[ 1663.879325][T26871] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[ 1663.879339][T26871] RBP: 00007f585d28b090 R08: 0000000000000000 R09: 0000000000000000
[ 1663.879355][T26871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1663.879370][T26871] R13: 0000000000000000 R14: 00007f585c5b5fa0 R15: 00007f585c6dfa28
[ 1663.879405][T26871]  </TASK>
[ 1664.165068][T13013] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 1664.263069][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1664.715008][T13013] usb 3-1: device descriptor read/64, error -71
[ 1664.734691][T26884] bridge2: entered allmulticast mode
[ 1664.895168][ T5885] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[ 1664.964935][T13013] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 1665.088678][ T5885] usb 5-1: config 0 has no interfaces?
[ 1665.101051][ T5885] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1665.130670][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1665.165058][T13013] usb 3-1: device descriptor read/64, error -71
[ 1665.225891][ T5885] usb 5-1: Product: syz
[ 1665.230121][ T5885] usb 5-1: Manufacturer: syz
[ 1665.269060][ T5885] usb 5-1: SerialNumber: syz
[ 1665.275401][T13013] usb usb3-port1: attempt power cycle
[ 1665.324102][T26877] ptrace attach of "./syz-executor exec"[26531] was attempted by "./syz-executor exec"[26877]
[ 1665.339121][ T5885] usb 5-1: config 0 descriptor??
[ 1665.394473][T26877] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6159'.
[ 1665.455585][T26877] netlink: 'syz.0.6159': attribute type 21 has an invalid length.
[ 1665.515005][T26877] netlink: 128 bytes leftover after parsing attributes in process `syz.0.6159'.
[ 1665.565787][T26877] netlink: 'syz.0.6159': attribute type 4 has an invalid length.
[ 1665.616944][T26877] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6159'.
[ 1665.705006][T13013] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1665.795592][T13013] usb 3-1: device descriptor read/8, error -71
[ 1665.817651][T26888] batadv1: entered promiscuous mode
[ 1665.825135][T26888] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1666.034953][T13013] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[ 1666.065685][T13013] usb 3-1: device descriptor read/8, error -71
[ 1666.175331][T13013] usb usb3-port1: unable to enumerate USB device
[ 1667.456334][T26892] ptrace attach of "./syz-executor exec"[19549] was attempted by "./syz-executor exec"[26892]
[ 1667.718446][T26892] netlink: 88 bytes leftover after parsing attributes in process `syz.3.6164'.
[ 1667.857940][T13013] usb 5-1: USB disconnect, device number 83
[ 1667.881546][T26903] batadv8: entered promiscuous mode
[ 1667.889711][T26903] 8021q: adding VLAN 0 to HW filter on device batadv8
[ 1668.035312][ T5885] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1668.216315][ T5885] usb 2-1: Using ep0 maxpacket: 8
[ 1668.252122][ T5885] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1668.267560][ T5885] usb 2-1: config 179 has no interface number 0
[ 1668.279973][ T5885] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1668.331595][T26911] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6170'.
[ 1668.341910][ T5885] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1668.341945][T13013] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[ 1668.374624][ T5885] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1668.413015][ T5885] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1668.534145][ T5885] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1668.538376][T13013] usb 5-1: Using ep0 maxpacket: 8
[ 1668.886394][ T5885] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1668.904915][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1668.905894][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.925426][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[ 1668.930045][T26905] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1668.938755][T13013] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[ 1668.949855][T13013] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1668.960608][T13013] usb 5-1: config 0 has no interface number 0
[ 1668.967540][T13013] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1668.984577][T13013] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1668.996129][T13013] usb 5-1: config 0 descriptor??
[ 1669.003693][T13013] ldusb 5-1:0.55: Interrupt in endpoint not found
[ 1669.073006][T26917] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1669.084584][T26917] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1669.175543][T26917] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1669.188159][T26917] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1669.226695][T26922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6174'.
[ 1669.250912][T26922] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6174'.
[ 1669.266415][ T5885] usb 5-1: USB disconnect, device number 84
[ 1669.431637][T26905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6167'.
[ 1669.484093][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1669.492449][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1669.560285][ T5885] usb 2-1: USB disconnect, device number 16
[ 1670.604609][T26946] bridge3: entered promiscuous mode
[ 1670.705252][T13026] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1670.851763][T26950] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6181'.
[ 1670.927871][T13026] usb 2-1: config 0 has no interfaces?
[ 1670.950383][T13026] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1670.969223][T13026] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1670.977677][T21315] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1671.000074][T13026] usb 2-1: Product: syz
[ 1671.009869][T13026] usb 2-1: Manufacturer: syz
[ 1671.023441][T13026] usb 2-1: SerialNumber: syz
[ 1671.049241][T13026] usb 2-1: config 0 descriptor??
[ 1671.164236][T21315] Bluetooth: hci0: command 0x040f tx timeout
[ 1671.215011][T21315] Bluetooth: hci3: command 0x0419 tx timeout
[ 1671.215018][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1671.830342][T26952] netlink: 'syz.4.6182': attribute type 9 has an invalid length.
[ 1671.853929][T26952] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6182'.
[ 1671.927711][T26952] hsr0: entered promiscuous mode
[ 1671.942021][T26952] macvlan2: entered promiscuous mode
[ 1671.957876][T26952] macvlan2: entered allmulticast mode
[ 1672.076789][T26952] hsr0: entered allmulticast mode
[ 1672.082053][T26952] hsr_slave_0: entered allmulticast mode
[ 1672.089302][T26952] hsr_slave_1: entered allmulticast mode
[ 1672.284429][T26962] FAULT_INJECTION: forcing a failure.
[ 1672.284429][T26962] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1672.303001][T26962] CPU: 1 UID: 0 PID: 26962 Comm: syz.4.6184 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1672.303032][T26962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1672.303045][T26962] Call Trace:
[ 1672.303053][T26962]  <TASK>
[ 1672.303063][T26962]  dump_stack_lvl+0x189/0x250
[ 1672.303102][T26962]  ? __pfx____ratelimit+0x10/0x10
[ 1672.303124][T26962]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1672.303155][T26962]  ? __pfx__printk+0x10/0x10
[ 1672.303196][T26962]  should_fail_ex+0x414/0x560
[ 1672.303225][T26962]  _copy_to_user+0x31/0xb0
[ 1672.303258][T26962]  simple_read_from_buffer+0xe1/0x170
[ 1672.303289][T26962]  proc_fail_nth_read+0x1df/0x250
[ 1672.303333][T26962]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1672.303366][T26962]  ? rw_verify_area+0x258/0x650
[ 1672.303396][T26962]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1672.303428][T26962]  vfs_read+0x200/0x980
[ 1672.303457][T26962]  ? __pfx___mutex_lock+0x10/0x10
[ 1672.303480][T26962]  ? __pfx_vfs_read+0x10/0x10
[ 1672.303505][T26962]  ? __fget_files+0x2a/0x420
[ 1672.303537][T26962]  ? __fget_files+0x3a0/0x420
[ 1672.303563][T26962]  ? __fget_files+0x2a/0x420
[ 1672.303599][T26962]  ksys_read+0x145/0x250
[ 1672.303644][T26962]  ? __pfx_ksys_read+0x10/0x10
[ 1672.303678][T26962]  ? rcu_is_watching+0x15/0xb0
[ 1672.303710][T26962]  ? do_syscall_64+0xbe/0x3b0
[ 1672.303737][T26962]  do_syscall_64+0xfa/0x3b0
[ 1672.303757][T26962]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1672.303777][T26962]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1672.303798][T26962]  ? clear_bhb_loop+0x60/0xb0
[ 1672.303816][T26962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1672.303831][T26962] RIP: 0033:0x7fcfb758d37c
[ 1672.303845][T26962] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1672.303858][T26962] RSP: 002b:00007fcfb8331030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1672.303876][T26962] RAX: ffffffffffffffda RBX: 00007fcfb77b5fa0 RCX: 00007fcfb758d37c
[ 1672.303892][T26962] RDX: 000000000000000f RSI: 00007fcfb83310a0 RDI: 0000000000000009
[ 1672.303905][T26962] RBP: 00007fcfb8331090 R08: 0000000000000000 R09: 0000000000000000
[ 1672.303919][T26962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1672.303931][T26962] R13: 0000000000000000 R14: 00007fcfb77b5fa0 R15: 00007fcfb78dfa28
[ 1672.303964][T26962]  </TASK>
[ 1672.535462][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1672.575786][T26937] binder: 26930:26937 ioctl c018620c 200000000100 returned -22
[ 1672.665390][T13026] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[ 1672.917889][T13026] usb 3-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1672.932468][T13026] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1672.955567][T13026] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00
[ 1672.985081][T13026] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1673.050041][T13026] usb 3-1: config 0 descriptor??
[ 1673.422550][ T5885] usb 2-1: USB disconnect, device number 17
[ 1674.155010][ T5885] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1674.168486][T26980] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6190'.
[ 1674.304913][ T5885] usb 2-1: Using ep0 maxpacket: 16
[ 1674.313854][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1674.375096][ T5885] usb 2-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00
[ 1674.395712][T26982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1674.413007][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1674.427449][T26982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1674.454778][ T5885] usb 2-1: config 0 descriptor??
[ 1674.462595][T26982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1674.472137][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1674.868523][T26989] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6192'.
[ 1675.027788][T26991] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1675.235104][ T5885] usbhid 2-1:0.0: can't add hid device: -71
[ 1675.241254][ T5885] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1675.295406][ T5885] usb 2-1: USB disconnect, device number 18
[ 1675.522533][T13026] usbhid 3-1:0.0: can't add hid device: -71
[ 1675.538779][T13026] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1675.559607][T27003] ptrace attach of "./syz-executor exec"[25324] was attempted by "./syz-executor exec"[27003]
[ 1675.573913][T27003] netlink: 88 bytes leftover after parsing attributes in process `syz.1.6195'.
[ 1675.601177][T27003] netlink: 'syz.1.6195': attribute type 21 has an invalid length.
[ 1675.609888][T27003] netlink: 128 bytes leftover after parsing attributes in process `syz.1.6195'.
[ 1675.620330][T13026] usb 3-1: USB disconnect, device number 43
[ 1675.633651][T27003] netlink: 'syz.1.6195': attribute type 4 has an invalid length.
[ 1675.685387][T18846] usb 4-1: new full-speed USB device number 56 using dummy_hcd
[ 1675.713259][T27003] netlink: 3 bytes leftover after parsing attributes in process `syz.1.6195'.
[ 1675.789655][T27003] batadv3: entered promiscuous mode
[ 1675.799445][T27003] 8021q: adding VLAN 0 to HW filter on device batadv3
[ 1675.887398][T18846] usb 4-1: config 8 has an invalid interface number: 177 but max is 0
[ 1675.897716][T18846] usb 4-1: config 8 has no interface number 0
[ 1675.907753][T18846] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[ 1675.959105][T18846] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1675.994922][T18846] usb 4-1: config 8 interface 177 has no altsetting 0
[ 1676.016025][T27010] FAULT_INJECTION: forcing a failure.
[ 1676.016025][T27010] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1676.031310][T27010] CPU: 1 UID: 0 PID: 27010 Comm: syz.2.6200 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1676.031338][T27010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1676.031351][T27010] Call Trace:
[ 1676.031360][T27010]  <TASK>
[ 1676.031369][T27010]  dump_stack_lvl+0x189/0x250
[ 1676.031407][T27010]  ? __pfx____ratelimit+0x10/0x10
[ 1676.031429][T27010]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1676.031463][T27010]  ? __pfx__printk+0x10/0x10
[ 1676.031486][T27010]  ? __might_fault+0xb0/0x130
[ 1676.031523][T27010]  should_fail_ex+0x414/0x560
[ 1676.031551][T27010]  _copy_from_user+0x2d/0xb0
[ 1676.031584][T27010]  ___sys_recvmsg+0x12e/0x510
[ 1676.031623][T27010]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1676.031684][T27010]  ? __might_fault+0xb0/0x130
[ 1676.031714][T27010]  do_recvmmsg+0x307/0x770
[ 1676.031756][T27010]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1676.031801][T27010]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1676.031852][T27010]  __x64_sys_recvmmsg+0x190/0x240
[ 1676.031887][T27010]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1676.031916][T27010]  ? rcu_is_watching+0x15/0xb0
[ 1676.031948][T27010]  ? do_syscall_64+0xbe/0x3b0
[ 1676.031974][T27010]  do_syscall_64+0xfa/0x3b0
[ 1676.031993][T27010]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1676.032013][T27010]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1676.032033][T27010]  ? clear_bhb_loop+0x60/0xb0
[ 1676.032057][T27010]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1676.032078][T27010] RIP: 0033:0x7f3e0df8e969
[ 1676.032097][T27010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1676.032116][T27010] RSP: 002b:00007f3e0eec2038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1676.032139][T27010] RAX: ffffffffffffffda RBX: 00007f3e0e1b5fa0 RCX: 00007f3e0df8e969
[ 1676.032155][T27010] RDX: 0000000004000210 RSI: 0000200000001740 RDI: 0000000000000004
[ 1676.032169][T27010] RBP: 00007f3e0eec2090 R08: 0000000000000000 R09: 0000000000000000
[ 1676.032183][T27010] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[ 1676.032196][T27010] R13: 0000000000000000 R14: 00007f3e0e1b5fa0 R15: 00007f3e0e2dfa28
[ 1676.032229][T27010]  </TASK>
[ 1676.247419][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1676.276425][T18846] usb 4-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[ 1676.475644][T18846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1676.597110][T26999] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1676.797625][T27020] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6204'.
[ 1677.115002][T13013] usb 3-1: new low-speed USB device number 44 using dummy_hcd
[ 1677.370428][T13013] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1677.379024][T13013] usb 3-1: config 0 has no interface number 0
[ 1677.582083][T13013] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1677.618445][T13013] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[ 1677.713934][T13013] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1677.733646][T13013] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1677.758378][T13013] usb 3-1: config 0 descriptor??
[ 1677.773481][T27022] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1677.895173][T13013] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1678.115613][T27030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1678.136015][T13026] usb 3-1: USB disconnect, device number 44
[ 1678.140180][    C1] iowarrior 3-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[ 1678.185455][T27030] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1678.366782][T18845] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[ 1678.687598][T18845] usb 5-1: config 0 has an invalid interface number: 238 but max is 0
[ 1678.696318][T18845] usb 5-1: config 0 has no interface number 0
[ 1678.703099][T18846] usb 4-1: string descriptor 0 read error: -71
[ 1678.711299][T18845] usb 5-1: config 0 interface 238 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1678.723762][T18846] ir_toy 4-1:8.177: required endpoints not found
[ 1678.752406][T18845] usb 5-1: config 0 interface 238 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 1678.825143][T18846] usb 4-1: USB disconnect, device number 56
[ 1678.849459][T18845] usb 5-1: config 0 interface 238 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 0
[ 1679.005779][T18845] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=76.6a
[ 1679.023448][T18845] usb 5-1: New USB device strings: Mfr=7, Product=2, SerialNumber=3
[ 1679.034988][T13026] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1679.058785][T18845] usb 5-1: Product: syz
[ 1679.063065][T18845] usb 5-1: Manufacturer: syz
[ 1679.103966][T18845] usb 5-1: SerialNumber: syz
[ 1679.142508][T18845] usb 5-1: config 0 descriptor??
[ 1679.201645][T18845] ni6501 5-1:0.238: driver 'ni6501' failed to auto-configure device.
[ 1679.231981][T13026] usb 2-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1679.305342][T13026] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1679.312041][T13026] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00
[ 1679.381439][T21452] usb 5-1: USB disconnect, device number 85
[ 1679.414904][T13026] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1679.467980][T13026] usb 2-1: config 0 descriptor??
[ 1680.162983][T27054] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6215'.
[ 1680.285063][T13013] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 1680.445053][T13013] usb 4-1: Using ep0 maxpacket: 8
[ 1680.452632][T13013] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[ 1680.461333][T13013] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1680.481069][T13013] usb 4-1: config 0 has no interface number 0
[ 1680.511736][T13013] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1680.556601][T13013] usb 4-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1680.599585][T13013] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1680.618505][T13013] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1680.664451][T13013] usb 4-1: config 0 descriptor??
[ 1680.700171][T13013] ldusb 4-1:0.55: Interrupt in endpoint not found
[ 1680.909895][T18633] usb 4-1: USB disconnect, device number 57
[ 1681.025350][T13013] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[ 1681.186333][T13013] usb 3-1: Using ep0 maxpacket: 16
[ 1681.195938][T13013] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1681.223971][T13013] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1681.279255][T13013] usb 3-1: New USB device found, idVendor=1430, idProduct=474c, bcdDevice= 0.00
[ 1681.310372][T13013] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1681.341979][T13013] usb 3-1: config 0 descriptor??
[ 1681.745063][T18633] usb 5-1: new low-speed USB device number 86 using dummy_hcd
[ 1681.766021][T13013] sony 0003:1430:474C.0041: unknown main item tag 0x0
[ 1681.784958][T13013] sony 0003:1430:474C.0041: unknown main item tag 0x0
[ 1681.803790][T13013] sony 0003:1430:474C.0041: hidraw0: USB HID v0.00 Device [HID 1430:474c] on usb-dummy_hcd.2-1/input0
[ 1681.823347][T13013] sony 0003:1430:474C.0041: failed to claim input
[ 1681.949610][T18633] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1681.971149][T13013] usb 3-1: USB disconnect, device number 45
[ 1681.980407][T18633] usb 5-1: unable to read config index 0 descriptor/start: -71
[ 1682.010690][T18633] usb 5-1: can't read configurations, error -71
[ 1682.120064][T13026] usbhid 2-1:0.0: can't add hid device: -71
[ 1682.139675][T13026] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1682.165984][T13026] usb 2-1: USB disconnect, device number 19
[ 1682.173395][T27078] fido_id[27078]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[ 1682.315242][T18846] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 1682.478791][T18846] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 127, changing to 10
[ 1682.504758][T18846] usb 4-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[ 1682.525021][T18846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1682.546572][T18846] usb 4-1: config 0 descriptor??
[ 1682.829271][T27096] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6232'.
[ 1682.928066][T27096] netlink: 'syz.4.6232': attribute type 10 has an invalid length.
[ 1682.937097][T27096] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1682.945012][T27096] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1682.968333][T18846] aquacomputer_d5next 0003:0C70:F0BD.0042: hidraw0: USB HID v0.00 Device [HID 0c70:f0bd] on usb-dummy_hcd.3-1/input0
[ 1682.993031][T27096] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1683.000350][T27096] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1683.008069][T27096] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1683.015368][T27096] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1683.081298][T27096] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1683.158814][T27096] syz.4.6232 (27096) used greatest stack depth: 18232 bytes left
[ 1683.719067][T18845] usb 4-1: USB disconnect, device number 58
[ 1683.815044][T18633] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 1684.049747][T18633] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1684.067405][T18633] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1684.089157][T18633] usb 5-1: config 0 descriptor??
[ 1684.276132][T27120] netlink: 44 bytes leftover after parsing attributes in process `syz.2.6239'.
[ 1684.285351][ T5885] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1684.305019][T18845] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[ 1684.450384][ T5885] usb 2-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1684.475022][T18845] usb 4-1: Using ep0 maxpacket: 32
[ 1684.482485][ T5885] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1684.493250][T18845] usb 4-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1684.525178][ T5885] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00
[ 1684.538660][T18845] usb 4-1: config 1 interface 0 has no altsetting 0
[ 1684.552286][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1684.569106][T18845] usb 4-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.40
[ 1684.581816][T18845] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1684.597175][ T5885] usb 2-1: config 0 descriptor??
[ 1684.602200][T18845] usb 4-1: Product: syz
[ 1684.610260][T18845] usb 4-1: Manufacturer: syz
[ 1684.629232][T18845] usb 4-1: SerialNumber: syz
[ 1684.985167][T27125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1684.996129][T27125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1685.020632][T27125] [U] .��h��0F�wZ,��i�qg���ҏV2��sO��
[ 1685.027787][T27125] [U] ���`w*��B�BOLhU�
[ 1685.032426][T27125] [U] w$�n�|��#��%o.z\��̧mР��w
[ 1685.071755][ T5885] usbhid 2-1:0.0: can't add hid device: -71
[ 1685.087742][ T5885] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1685.110377][ T5885] usb 2-1: USB disconnect, device number 20
[ 1685.325122][T21452] usb 3-1: new low-speed USB device number 46 using dummy_hcd
[ 1685.506479][T21452] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1685.553948][T21452] usb 3-1: unable to read config index 0 descriptor/start: -71
[ 1685.596525][T21452] usb 3-1: can't read configurations, error -71
[ 1686.345519][T18633] pegasus 5-1:0.0: setup Pegasus II specific registers
[ 1686.875114][T18846] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[ 1686.915865][T27143] tap0: tun_chr_ioctl cmd 2147767507
[ 1687.037568][T18846] usb 2-1: config 8 has an invalid interface number: 177 but max is 0
[ 1687.055507][T18846] usb 2-1: config 8 has no interface number 0
[ 1687.075341][T18846] usb 2-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[ 1687.097711][T18846] usb 2-1: config 8 interface 177 altsetting 9 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1687.108062][T18846] usb 2-1: config 8 interface 177 has no altsetting 0
[ 1687.115180][T18846] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[ 1687.124549][T18846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1687.150595][T27139] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1687.224999][T13026] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[ 1687.380947][T27108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1687.405020][T13026] usb 3-1: device descriptor read/64, error -71
[ 1687.417431][T27108] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1687.512369][T18633] pegasus 5-1:0.0: can't locate MII phy, using default
[ 1687.645132][T13026] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[ 1687.715318][T18633] pegasus 5-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, f2:9d:6c:86:b9:a7
[ 1687.780449][T13026] usb 3-1: device descriptor read/64, error -71
[ 1687.789242][T18633] usb 5-1: USB disconnect, device number 88
[ 1687.895468][T13026] usb usb3-port1: attempt power cycle
[ 1687.959439][T27124] [U] ���R{ꫢ� S
[ 1687.999472][T18845] usbhid 4-1:1.0: can't add hid device: -71
[ 1688.171799][T18845] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[ 1688.242914][T18845] usb 4-1: USB disconnect, device number 59
[ 1688.257083][T13026] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[ 1688.320610][T13026] usb 3-1: device descriptor read/8, error -71
[ 1688.435057][T18633] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 1688.586874][T13026] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[ 1688.595943][T18633] usb 5-1: device descriptor read/64, error -71
[ 1688.647404][T13026] usb 3-1: device descriptor read/8, error -71
[ 1688.786366][T13026] usb usb3-port1: unable to enumerate USB device
[ 1688.859653][T18633] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[ 1689.002792][T27169] ptrace attach of "./syz-executor exec"[26531] was attempted by "./syz-executor exec"[27169]
[ 1689.017751][T18633] usb 5-1: device descriptor read/64, error -71
[ 1689.074211][T27169] dns_resolver: Unsupported server list version (0)
[ 1689.145681][T18633] usb usb5-port1: attempt power cycle
[ 1689.495071][T18633] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[ 1689.555748][T18633] usb 5-1: device descriptor read/8, error -71
[ 1689.732627][T18846] usb 2-1: string descriptor 0 read error: -71
[ 1689.757254][T18846] ir_toy 2-1:8.177: required endpoints not found
[ 1689.778696][T18846] usb 2-1: USB disconnect, device number 21
[ 1689.805832][T18633] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[ 1689.837156][T18633] usb 5-1: device descriptor read/8, error -71
[ 1689.966608][T21452] usb 4-1: new low-speed USB device number 60 using dummy_hcd
[ 1689.976358][T18633] usb usb5-port1: unable to enumerate USB device
[ 1690.182379][T21452] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1690.205973][T21452] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1690.213686][T21452] usb 4-1: can't read configurations, error -71
[ 1690.242412][T27199] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1690.495375][T18846] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[ 1690.665032][T18846] usb 3-1: Using ep0 maxpacket: 8
[ 1690.672849][T18846] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1690.683879][T18846] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1690.695083][T18846] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1690.705010][T18846] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1690.718501][T18846] usb 3-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
[ 1690.744865][T18846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1690.774953][T18846] usb 3-1: config 0 descriptor??
[ 1690.872267][T27210] batadv9: entered promiscuous mode
[ 1690.881580][T27210] 8021q: adding VLAN 0 to HW filter on device batadv9
[ 1691.161825][T18633] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[ 1691.163869][T27199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1691.191545][T27199] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1691.374913][T18633] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1691.381641][T18633] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[ 1691.400048][T18633] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1691.445419][T18633] usb 2-1: config 0 descriptor??
[ 1691.465994][T18846] hid-u2fzero 0003:10C4:8ACF.0043: item fetching failed at offset 3/5
[ 1691.485479][T18846] hid-u2fzero 0003:10C4:8ACF.0043: probe with driver hid-u2fzero failed with error -22
[ 1691.668304][T27199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1691.695566][T27199] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1691.915463][T27212] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1691.924672][T27212] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1692.260090][T18633] video4linux radio48: keene_cmd_set failed (-71)
[ 1692.275215][T18633] radio-keene 2-1:0.0: V4L2 device registered as radio48
[ 1692.309681][T18633] usb 2-1: USB disconnect, device number 22
[ 1692.355218][T27225] ptrace attach of "./syz-executor exec"[26234] was attempted by "./syz-executor exec"[27225]
[ 1692.370827][T27225] dns_resolver: Unsupported server list version (0)
[ 1693.315514][T21452] usb 3-1: USB disconnect, device number 52
[ 1693.331797][T27240] ptrace attach of "./syz-executor exec"[26234] was attempted by "./syz-executor exec"[27240]
[ 1693.404279][T27240] netlink: 88 bytes leftover after parsing attributes in process `syz.4.6267'.
[ 1693.846267][T18633] usb 4-1: new full-speed USB device number 62 using dummy_hcd
[ 1693.912752][T27240] netlink: 'syz.4.6267': attribute type 21 has an invalid length.
[ 1694.107297][T18633] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1694.115904][T18633] usb 4-1: not running at top speed; connect to a high speed hub
[ 1694.126765][T18633] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1694.144936][T18633] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 22619, setting to 1023
[ 1694.227082][T27240] netlink: 128 bytes leftover after parsing attributes in process `syz.4.6267'.
[ 1694.228088][T27247] batadv1: entered promiscuous mode
[ 1694.262305][T27247] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1694.310335][T27240] netlink: 'syz.4.6267': attribute type 4 has an invalid length.
[ 1694.320719][T27240] netlink: 3 bytes leftover after parsing attributes in process `syz.4.6267'.
[ 1694.365633][T18633] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1694.383982][T18633] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1694.404129][T18633] usb 4-1: Product: syz
[ 1694.412530][T18633] usb 4-1: Manufacturer: syz
[ 1694.422658][T18633] usb 4-1: SerialNumber: syz
[ 1694.645033][T18846] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[ 1694.668925][T27236] openvswitch: netlink: Key 6 has unexpected len 8 expected 2
[ 1694.696726][T27236] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6269'.
[ 1694.815709][T18846] usb 2-1: Using ep0 maxpacket: 32
[ 1694.885459][T18846] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 1694.907965][T18846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1694.970251][T18846] usb 2-1: config 0 descriptor??
[ 1694.992031][T18846] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 1695.583459][T20051] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[ 1695.635034][T18846] gspca_sq930x: reg_w 0305 fd00 failed -71
[ 1695.641031][T18846] sq930x 2-1:0.0: probe with driver sq930x failed with error -71
[ 1695.665213][T18846] usb 2-1: USB disconnect, device number 23
[ 1695.734980][T20051] usb 3-1: device descriptor read/64, error -71
[ 1695.861045][T27257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1695.869955][T27257] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1695.957495][T27257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1696.005233][T20051] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1696.046625][T27257] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1696.168938][T20051] usb 3-1: device descriptor read/64, error -71
[ 1696.285057][T21452] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[ 1696.296914][T20051] usb usb3-port1: attempt power cycle
[ 1696.451994][T21452] usb 5-1: config 0 has no interfaces?
[ 1696.465939][T21452] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1696.475462][T21452] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1696.483550][T21452] usb 5-1: Product: syz
[ 1696.501885][T21452] usb 5-1: Manufacturer: syz
[ 1696.517481][T21452] usb 5-1: SerialNumber: syz
[ 1696.546243][T21452] usb 5-1: config 0 descriptor??
[ 1696.645011][T20051] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1696.677366][T20051] usb 3-1: device descriptor read/8, error -71
[ 1696.722680][T27269] x_tables: ip_tables: policy.0 match: invalid size 312 (kernel) != (user) 8
[ 1696.850808][T27272] ptrace attach of "./syz-executor exec"[26531] was attempted by "./syz-executor exec"[27272]
[ 1696.878305][T27272] dns_resolver: Unsupported server list version (0)
[ 1697.165611][T20051] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1697.208214][T20051] usb 3-1: device descriptor read/8, error -71
[ 1697.325475][T20051] usb usb3-port1: unable to enumerate USB device
[ 1697.480392][T27276] netlink: 'syz.3.6280': attribute type 13 has an invalid length.
[ 1697.559901][T27276] gretap0: refused to change device tx_queue_len
[ 1697.615474][T27276] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1698.185065][T20051] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1698.276822][T27290] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1698.316374][T27290] openvswitch: netlink: IP tunnel dst address not specified
[ 1698.356935][T20051] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1698.367719][T20051] usb 2-1: config 0 has no interfaces?
[ 1698.380369][T20051] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1698.415407][T20051] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1698.459328][T20051] usb 2-1: config 0 descriptor??
[ 1698.903507][T27295] program syz.2.6288 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1698.968667][T27295] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6288'.
[ 1699.551045][T18633] usb 4-1: 2:1: cannot set freq 4656509 to ep 0x82
[ 1699.564045][T18846] usb 5-1: USB disconnect, device number 93
[ 1699.765896][T27307] C: renamed from team_slave_0 (while UP)
[ 1699.787340][T27307] netlink: 152 bytes leftover after parsing attributes in process `syz.4.6291'.
[ 1700.455912][T27317] ptrace attach of "./syz-executor exec"[25636] was attempted by "./syz-executor exec"[27317]
[ 1700.512130][T27317] dns_resolver: Unsupported server list version (0)
[ 1700.901674][T21452] usb 2-1: USB disconnect, device number 24
[ 1701.156905][T27323] netlink: 2048 bytes leftover after parsing attributes in process `syz.1.6294'.
[ 1701.173436][T27323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6294'.
[ 1701.214312][T27323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6294'.
[ 1701.318339][T27327] ptrace attach of "./syz-executor exec"[25636] was attempted by "./syz-executor exec"[27327]
[ 1701.336839][T27327] netlink: 88 bytes leftover after parsing attributes in process `syz.2.6295'.
[ 1701.360780][T27328] input: syz1 as /devices/virtual/input/input112
[ 1701.382523][T27327] netlink: 'syz.2.6295': attribute type 21 has an invalid length.
[ 1701.398707][T27327] netlink: 128 bytes leftover after parsing attributes in process `syz.2.6295'.
[ 1701.445974][T27327] netlink: 'syz.2.6295': attribute type 4 has an invalid length.
[ 1701.454002][T27327] netlink: 3 bytes leftover after parsing attributes in process `syz.2.6295'.
[ 1701.652366][T27327] batadv3: entered promiscuous mode
[ 1701.661365][T27327] 8021q: adding VLAN 0 to HW filter on device batadv3
[ 1702.415082][T20050] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[ 1702.567647][T27340] FAULT_INJECTION: forcing a failure.
[ 1702.567647][T27340] name failslab, interval 1, probability 0, space 0, times 0
[ 1702.595631][T20050] usb 5-1: no configurations
[ 1702.602154][T27340] CPU: 1 UID: 0 PID: 27340 Comm: syz.3.6299 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1702.602175][T27340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1702.602186][T27340] Call Trace:
[ 1702.602193][T27340]  <TASK>
[ 1702.602200][T27340]  dump_stack_lvl+0x189/0x250
[ 1702.602229][T27340]  ? __pfx____ratelimit+0x10/0x10
[ 1702.602244][T27340]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1702.602267][T27340]  ? __pfx__printk+0x10/0x10
[ 1702.602293][T27340]  should_fail_ex+0x414/0x560
[ 1702.602315][T27340]  should_failslab+0xa8/0x100
[ 1702.602337][T27340]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1702.602357][T27340]  ? sctp_add_bind_addr+0x8c/0x370
[ 1702.602378][T27340]  sctp_add_bind_addr+0x8c/0x370
[ 1702.602398][T27340]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 1702.602418][T27340]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 1702.602435][T27340]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1702.602463][T27340]  ? sctp_v6_is_any+0x64/0x80
[ 1702.602483][T27340]  ? sctp_copy_one_addr+0x93/0x360
[ 1702.602503][T27340]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1702.602521][T27340]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1702.602548][T27340]  sctp_connect_new_asoc+0x2e0/0x690
[ 1702.602572][T27340]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1702.602592][T27340]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1702.602616][T27340]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1702.602633][T27340]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1702.602671][T27340]  sctp_sendmsg+0x155c/0x2810
[ 1702.602699][T27340]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1702.602721][T27340]  ? aa_sk_perm+0x81e/0x950
[ 1702.602739][T27340]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1702.602755][T27340]  ? sock_rps_record_flow+0x19/0x410
[ 1702.602773][T27340]  ? inet_sendmsg+0x2f4/0x370
[ 1702.602792][T27340]  __sock_sendmsg+0x19c/0x270
[ 1702.602810][T27340]  ____sys_sendmsg+0x52d/0x830
[ 1702.602834][T27340]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1702.602860][T27340]  ? import_iovec+0x74/0xa0
[ 1702.602884][T27340]  ___sys_sendmsg+0x21f/0x2a0
[ 1702.602905][T27340]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1702.602952][T27340]  ? __fget_files+0x2a/0x420
[ 1702.602970][T27340]  ? __fget_files+0x3a0/0x420
[ 1702.602997][T27340]  __sys_sendmmsg+0x227/0x430
[ 1702.603020][T27340]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1702.603038][T27340]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1702.603073][T27340]  ? ksys_write+0x22a/0x250
[ 1702.603092][T27340]  ? __pfx_ksys_write+0x10/0x10
[ 1702.603107][T27340]  ? rcu_is_watching+0x15/0xb0
[ 1702.603130][T27340]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1702.603151][T27340]  do_syscall_64+0xfa/0x3b0
[ 1702.603166][T27340]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1702.603180][T27340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1702.603194][T27340]  ? clear_bhb_loop+0x60/0xb0
[ 1702.603211][T27340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1702.603225][T27340] RIP: 0033:0x7f5c9818e969
[ 1702.603238][T27340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1702.603250][T27340] RSP: 002b:00007f5c990ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1702.603265][T27340] RAX: ffffffffffffffda RBX: 00007f5c983b5fa0 RCX: 00007f5c9818e969
[ 1702.603276][T27340] RDX: 0000000000000001 RSI: 0000200000000a80 RDI: 0000000000000003
[ 1702.603286][T27340] RBP: 00007f5c990ce090 R08: 0000000000000000 R09: 0000000000000000
[ 1702.603295][T27340] R10: 000000000004c040 R11: 0000000000000246 R12: 0000000000000002
[ 1702.603304][T27340] R13: 0000000000000000 R14: 00007f5c983b5fa0 R15: 00007f5c984dfa28
[ 1702.603326][T27340]  </TASK>
[ 1702.948320][T20050] usb 5-1: can't read configurations, error -22
[ 1703.014455][T27337] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1703.021642][T27337] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1703.027865][T27337] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1703.137902][T27337] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1703.328247][T27342] netlink: 'syz.3.6300': attribute type 1 has an invalid length.
[ 1703.367703][T20050] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[ 1703.525689][T20050] usb 5-1: no configurations
[ 1703.571355][T27344] bond3: (slave gretap1): making interface the new active one
[ 1703.580776][T20050] usb 5-1: can't read configurations, error -22
[ 1704.086488][T27344] bond3: (slave gretap1): Enslaving as an active interface with an up link
[ 1704.110077][T20050] usb usb5-port1: attempt power cycle
[ 1704.164564][T27350] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6302'.
[ 1704.455523][T20050] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[ 1704.507337][T20050] usb 5-1: no configurations
[ 1704.512016][T20050] usb 5-1: can't read configurations, error -22
[ 1704.575819][T21315] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1704.655073][T20050] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[ 1704.713711][T20050] usb 5-1: no configurations
[ 1704.743572][T27360] netlink: 168 bytes leftover after parsing attributes in process `syz.3.6304'.
[ 1704.745185][T20050] usb 5-1: can't read configurations, error -22
[ 1704.760793][T20050] usb usb5-port1: unable to enumerate USB device
[ 1705.065155][T21315] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1705.065234][T26849] Bluetooth: hci0: command 0x040f tx timeout
[ 1705.218038][T26849] Bluetooth: hci3: command 0x0419 tx timeout
[ 1705.694920][T18845] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1705.720972][T27375] bridge0: entered promiscuous mode
[ 1705.765872][T27375] vlan2: entered promiscuous mode
[ 1705.795271][T27379] ptrace attach of "./syz-executor exec"[19549] was attempted by "./syz-executor exec"[27379]
[ 1705.835786][T27379] dns_resolver: Unsupported server list version (0)
[ 1705.845272][T18845] usb 2-1: Using ep0 maxpacket: 8
[ 1705.922627][T18845] usb 2-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48
[ 1705.942331][T18845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1705.994342][T27381] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6311'.
[ 1706.006415][T18845] usb 2-1: config 0 descriptor??
[ 1706.215732][T27384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1706.299449][T27372] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1706.365676][T27372] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1706.369037][T27389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1706.387322][T27384] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1706.518265][T27389] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1706.745330][T27398] ptrace attach of "./syz-executor exec"[26234] was attempted by "./syz-executor exec"[27398]
[ 1706.955654][T27398] netlink: 88 bytes leftover after parsing attributes in process `syz.4.6316'.
[ 1707.044616][T27398] netlink: 'syz.4.6316': attribute type 21 has an invalid length.
[ 1707.065141][T27398] netlink: 128 bytes leftover after parsing attributes in process `syz.4.6316'.
[ 1707.090768][T27398] netlink: 'syz.4.6316': attribute type 4 has an invalid length.
[ 1707.160514][T27398] netlink: 3 bytes leftover after parsing attributes in process `syz.4.6316'.
[ 1707.387417][T27400] batadv2: entered promiscuous mode
[ 1707.409047][T27400] 8021q: adding VLAN 0 to HW filter on device batadv2
[ 1707.659676][T27403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1707.708530][T27403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1707.876532][T27407] FAULT_INJECTION: forcing a failure.
[ 1707.876532][T27407] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1707.895839][T20050] usb 2-1: USB disconnect, device number 25
[ 1707.944589][T27407] CPU: 1 UID: 0 PID: 27407 Comm: syz.2.6319 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1707.944611][T27407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1707.944622][T27407] Call Trace:
[ 1707.944629][T27407]  <TASK>
[ 1707.944636][T27407]  dump_stack_lvl+0x189/0x250
[ 1707.944665][T27407]  ? __pfx____ratelimit+0x10/0x10
[ 1707.944688][T27407]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1707.944712][T27407]  ? __pfx__printk+0x10/0x10
[ 1707.944738][T27407]  should_fail_ex+0x414/0x560
[ 1707.944760][T27407]  _copy_to_user+0x31/0xb0
[ 1707.944791][T27407]  video_usercopy+0xeb2/0x14f0
[ 1707.944830][T27407]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1707.944859][T27407]  ? __pfx_video_usercopy+0x10/0x10
[ 1707.944886][T27407]  ? __fget_files+0x2a/0x420
[ 1707.944908][T27407]  ? __fget_files+0x2a/0x420
[ 1707.944943][T27407]  ? __fget_files+0x3a0/0x420
[ 1707.944966][T27407]  v4l2_ioctl+0x18d/0x1e0
[ 1707.944984][T27407]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1707.945002][T27407]  __se_sys_ioctl+0xfc/0x170
[ 1707.945020][T27407]  do_syscall_64+0xfa/0x3b0
[ 1707.945034][T27407]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1707.945048][T27407]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1707.945063][T27407]  ? clear_bhb_loop+0x60/0xb0
[ 1707.945080][T27407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1707.945093][T27407] RIP: 0033:0x7f3e0df8e969
[ 1707.945106][T27407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1707.945120][T27407] RSP: 002b:00007f3e0eec2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1707.945135][T27407] RAX: ffffffffffffffda RBX: 00007f3e0e1b5fa0 RCX: 00007f3e0df8e969
[ 1707.945146][T27407] RDX: 00002000000000c0 RSI: 00000000c0905664 RDI: 0000000000000003
[ 1707.945156][T27407] RBP: 00007f3e0eec2090 R08: 0000000000000000 R09: 0000000000000000
[ 1707.945165][T27407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1707.945174][T27407] R13: 0000000000000000 R14: 00007f3e0e1b5fa0 R15: 00007f3e0e2dfa28
[ 1707.945195][T27407]  </TASK>
[ 1708.823745][T27421] batadv_slave_1: entered promiscuous mode
[ 1708.831793][T27421] batadv_slave_1: left promiscuous mode
[ 1709.651842][T27428] FAULT_INJECTION: forcing a failure.
[ 1709.651842][T27428] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1709.753072][T27428] CPU: 1 UID: 0 PID: 27428 Comm: syz.2.6326 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1709.753104][T27428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1709.753119][T27428] Call Trace:
[ 1709.753127][T27428]  <TASK>
[ 1709.753137][T27428]  dump_stack_lvl+0x189/0x250
[ 1709.753175][T27428]  ? __pfx____ratelimit+0x10/0x10
[ 1709.753198][T27428]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1709.753231][T27428]  ? __pfx__printk+0x10/0x10
[ 1709.753256][T27428]  ? fs_reclaim_acquire+0x7d/0x100
[ 1709.753298][T27428]  should_fail_ex+0x414/0x560
[ 1709.753327][T27428]  prepare_alloc_pages+0x213/0x610
[ 1709.753369][T27428]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1709.753406][T27428]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1709.753450][T27428]  ? policy_nodemask+0x27c/0x720
[ 1709.753481][T27428]  alloc_pages_mpol+0x232/0x4a0
[ 1709.753514][T27428]  vma_alloc_folio_noprof+0xe4/0x200
[ 1709.753544][T27428]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1709.753584][T27428]  folio_prealloc+0x30/0x180
[ 1709.753620][T27428]  do_wp_page+0x125e/0x57e0
[ 1709.753643][T27428]  ? __lock_acquire+0xab9/0xd20
[ 1709.753686][T27428]  ? __pfx_do_wp_page+0x10/0x10
[ 1709.753705][T27428]  ? do_raw_spin_lock+0x121/0x290
[ 1709.753738][T27428]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1709.753780][T27428]  __handle_mm_fault+0x1144/0x55e0
[ 1709.753825][T27428]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1709.753870][T27428]  ? find_vma+0xe7/0x160
[ 1709.753895][T27428]  ? __pfx_find_vma+0x10/0x10
[ 1709.753923][T27428]  handle_mm_fault+0x40a/0x8e0
[ 1709.753960][T27428]  do_user_addr_fault+0x764/0x1390
[ 1709.754003][T27428]  exc_page_fault+0x76/0xf0
[ 1709.754027][T27428]  asm_exc_page_fault+0x26/0x30
[ 1709.754046][T27428] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 1709.754075][T27428] Code: f7 03 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 1709.754093][T27428] RSP: 0018:ffffc900044b7658 EFLAGS: 00050202
[ 1709.754113][T27428] RAX: ffffffff84bd2301 RBX: ffff8880499aa000 RCX: 0000000000000e5c
[ 1709.754129][T27428] RDX: 0000000000000000 RSI: ffff8880499aa000 RDI: 0000200000004700
[ 1709.754144][T27428] RBP: ffffc900044b77b0 R08: ffff8880499aae5b R09: 1ffff110093355cb
[ 1709.754160][T27428] R10: dffffc0000000000 R11: ffffed10093355cc R12: dffffc0000000000
[ 1709.754175][T27428] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000000e5c
[ 1709.754198][T27428]  ? _copy_to_iter+0x3d1/0x16f0
[ 1709.754233][T27428]  _copy_to_iter+0x484/0x16f0
[ 1709.754273][T27428]  ? __pfx__copy_to_iter+0x10/0x10
[ 1709.754298][T27428]  ? __skb_try_recv_from_queue+0x2b2/0x730
[ 1709.754337][T27428]  ? __skb_try_recv_datagram+0x3da/0x4e0
[ 1709.754376][T27428]  __skb_datagram_iter+0xf8/0x990
[ 1709.754410][T27428]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1709.754451][T27428]  skb_copy_datagram_iter+0xc5/0x230
[ 1709.754488][T27428]  netlink_recvmsg+0x2ab/0xa30
[ 1709.754526][T27428]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1709.754558][T27428]  ? aa_sock_msg_perm+0x94/0x160
[ 1709.754583][T27428]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1709.754612][T27428]  ? security_socket_recvmsg+0x7e/0x2e0
[ 1709.754641][T27428]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1709.754669][T27428]  sock_recvmsg+0x229/0x270
[ 1709.754698][T27428]  ____sys_recvmsg+0x1c9/0x460
[ 1709.754739][T27428]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1709.754792][T27428]  ? import_iovec+0x74/0xa0
[ 1709.754826][T27428]  ___sys_recvmsg+0x1b5/0x510
[ 1709.754862][T27428]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1709.754919][T27428]  ? __fget_files+0x3a0/0x420
[ 1709.754959][T27428]  __x64_sys_recvmsg+0x198/0x260
[ 1709.754994][T27428]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1709.755035][T27428]  ? __pfx_ksys_write+0x10/0x10
[ 1709.755057][T27428]  ? rcu_is_watching+0x15/0xb0
[ 1709.755090][T27428]  ? do_syscall_64+0xbe/0x3b0
[ 1709.755116][T27428]  do_syscall_64+0xfa/0x3b0
[ 1709.755136][T27428]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1709.755156][T27428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1709.755177][T27428]  ? clear_bhb_loop+0x60/0xb0
[ 1709.755201][T27428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1709.755221][T27428] RIP: 0033:0x7f3e0df8e969
[ 1709.755241][T27428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1709.755258][T27428] RSP: 002b:00007f3e0eec2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1709.755280][T27428] RAX: ffffffffffffffda RBX: 00007f3e0e1b5fa0 RCX: 00007f3e0df8e969
[ 1709.755296][T27428] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1709.755310][T27428] RBP: 00007f3e0eec2090 R08: 0000000000000000 R09: 0000000000000000
[ 1709.755323][T27428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1709.755336][T27428] R13: 0000000000000000 R14: 00007f3e0e1b5fa0 R15: 00007f3e0e2dfa28
[ 1709.755369][T27428]  </TASK>
[ 1710.630827][T27438] ptrace attach of "./syz-executor exec"[19549] was attempted by "./syz-executor exec"[27438]
[ 1710.642957][T27438] dns_resolver: Unsupported server list version (0)
[ 1710.860871][T27444] netlink: 2052 bytes leftover after parsing attributes in process `syz.0.6331'.
[ 1710.885037][T27444] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6331'.
[ 1711.032616][T18633] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[ 1711.221394][T18633] usb 5-1: config 0 has no interfaces?
[ 1711.260211][T18633] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1711.290690][T18633] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1711.315711][T18633] usb 5-1: Product: syz
[ 1711.340764][T18633] usb 5-1: Manufacturer: syz
[ 1711.388241][T18633] usb 5-1: SerialNumber: syz
[ 1711.433352][T27451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1711.443897][T18633] usb 5-1: config 0 descriptor??
[ 1711.476931][T27451] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1711.517766][T27451] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1711.545163][T13026] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[ 1711.707018][T13026] usb 2-1: no configurations
[ 1711.729381][T13026] usb 2-1: can't read configurations, error -22
[ 1711.825158][T27455] ptrace attach of "./syz-executor exec"[26531] was attempted by "./syz-executor exec"[27455]
[ 1711.849580][T27455] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6335'.
[ 1711.888403][T13026] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1711.971919][T27455] netlink: 'syz.0.6335': attribute type 21 has an invalid length.
[ 1711.989743][T27455] netlink: 128 bytes leftover after parsing attributes in process `syz.0.6335'.
[ 1712.082158][T13026] usb 2-1: no configurations
[ 1712.095029][T13026] usb 2-1: can't read configurations, error -22
[ 1712.120759][T13026] usb usb2-port1: attempt power cycle
[ 1712.268658][T27462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1712.295760][T27456] batadv2: entered promiscuous mode
[ 1712.315185][T27462] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1712.324460][T27456] 8021q: adding VLAN 0 to HW filter on device batadv2
[ 1712.374042][T27455] netlink: 'syz.0.6335': attribute type 4 has an invalid length.
[ 1712.394536][T27455] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6335'.
[ 1712.476933][T18846] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1712.485114][T13026] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[ 1712.516553][T13026] usb 2-1: no configurations
[ 1712.521668][T13026] usb 2-1: can't read configurations, error -22
[ 1712.647103][T18846] usb 3-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1712.657612][T13026] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[ 1712.665349][T18846] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1712.698080][T18846] usb 3-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[ 1712.716207][T13026] usb 2-1: no configurations
[ 1712.721132][T13026] usb 2-1: can't read configurations, error -22
[ 1712.749773][T13026] usb usb2-port1: unable to enumerate USB device
[ 1712.759367][T18846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1712.810503][T18846] usb 3-1: config 0 descriptor??
[ 1713.279502][T18846] kye 0003:0458:5013.0044: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[ 1713.393446][T18846] kye 0003:0458:5013.0044: hidraw0: USB HID v8.00 Device [HID 0458:5013] on usb-dummy_hcd.2-1/input0
[ 1713.459267][T18846] kye 0003:0458:5013.0044: tablet-enabling feature report not found
[ 1713.537614][T18846] kye 0003:0458:5013.0044: tablet enabling failed
[ 1713.576313][T27465] ==================================================================
[ 1713.584520][T27465] BUG: KASAN: slab-use-after-free in report_descriptor_read+0xb5/0x100
[ 1713.592772][T27465] Read of size 5 at addr ffff888026e416c0 by task fido_id/27465
[ 1713.600406][T27465] 
[ 1713.602729][T27465] CPU: 1 UID: 0 PID: 27465 Comm: fido_id Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1713.602748][T27465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1713.602758][T27465] Call Trace:
[ 1713.602765][T27465]  <TASK>
[ 1713.602771][T27465]  dump_stack_lvl+0x189/0x250
[ 1713.602799][T27465]  ? rcu_is_watching+0x15/0xb0
[ 1713.602817][T27465]  ? __kasan_check_byte+0x12/0x40
[ 1713.602837][T27465]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1713.602858][T27465]  ? rcu_is_watching+0x15/0xb0
[ 1713.602876][T27465]  ? lock_release+0x4b/0x3e0
[ 1713.602892][T27465]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 1713.602916][T27465]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1713.602938][T27465]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1713.602959][T27465]  print_report+0xd2/0x2b0
[ 1713.602978][T27465]  ? report_descriptor_read+0xb5/0x100
[ 1713.602998][T27465]  kasan_report+0x118/0x150
[ 1713.603017][T27465]  ? report_descriptor_read+0xb5/0x100
[ 1713.603040][T27465]  kasan_check_range+0x2b0/0x2c0
[ 1713.603059][T27465]  ? report_descriptor_read+0xb5/0x100
[ 1713.603079][T27465]  __asan_memcpy+0x29/0x70
[ 1713.603094][T27465]  report_descriptor_read+0xb5/0x100
[ 1713.603115][T27465]  ? __pfx_sysfs_kf_bin_read+0x10/0x10
[ 1713.603134][T27465]  kernfs_fop_read_iter+0x3fe/0x640
[ 1713.603173][T27465]  vfs_read+0x4cd/0x980
[ 1713.603194][T27465]  ? __pfx_vfs_read+0x10/0x10
[ 1713.603212][T27465]  ? do_sys_openat2+0x154/0x1c0
[ 1713.603229][T27465]  ? kmem_cache_free+0x18f/0x400
[ 1713.603253][T27465]  ksys_read+0x145/0x250
[ 1713.603271][T27465]  ? __pfx_ksys_read+0x10/0x10
[ 1713.603286][T27465]  ? rcu_is_watching+0x15/0xb0
[ 1713.603305][T27465]  ? do_syscall_64+0xbe/0x3b0
[ 1713.603323][T27465]  do_syscall_64+0xfa/0x3b0
[ 1713.603337][T27465]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1713.603352][T27465]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1713.603366][T27465]  ? clear_bhb_loop+0x60/0xb0
[ 1713.603383][T27465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1713.603397][T27465] RIP: 0033:0x7f224e8a7407
[ 1713.603412][T27465] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1713.603424][T27465] RSP: 002b:00007ffc73a5c610 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[ 1713.603440][T27465] RAX: ffffffffffffffda RBX: 00007f224f08e880 RCX: 00007f224e8a7407
[ 1713.603452][T27465] RDX: 0000000000001000 RSI: 00007ffc73a5c660 RDI: 0000000000000004
[ 1713.603462][T27465] RBP: 000055657526e730 R08: 0000000000000000 R09: 0000000000000000
[ 1713.603471][T27465] R10: 0000000000000000 R11: 0000000000000202 R12: 000055657526d930
[ 1713.603481][T27465] R13: 00007ffc73a5c660 R14: 0000000000000004 R15: 00005565389794d8
[ 1713.603498][T27465]  </TASK>
[ 1713.603503][T27465] 
[ 1713.867919][T27465] Allocated by task 18846:
[ 1713.872349][T27465]  kasan_save_track+0x3e/0x80
[ 1713.877040][T27465]  __kasan_kmalloc+0x93/0xb0
[ 1713.881641][T27465]  __kmalloc_node_track_caller_noprof+0x271/0x4e0
[ 1713.888070][T27465]  kmemdup_noprof+0x2b/0x70
[ 1713.892581][T27465]  hid_open_report+0x208/0xee0
[ 1713.897354][T27465]  kye_probe+0x21/0x5f0
[ 1713.901515][T27465]  hid_device_probe+0x39a/0x710
[ 1713.906373][T27465]  really_probe+0x26a/0x9a0
[ 1713.910878][T27465]  __driver_probe_device+0x18c/0x2f0
[ 1713.916164][T27465]  driver_probe_device+0x4f/0x430
[ 1713.921306][T27465]  __device_attach_driver+0x2ce/0x530
[ 1713.926681][T27465]  bus_for_each_drv+0x251/0x2e0
[ 1713.931540][T27465]  __device_attach+0x2b8/0x400
[ 1713.936316][T27465]  bus_probe_device+0x185/0x260
[ 1713.941175][T27465]  device_add+0x7b6/0xb50
[ 1713.945520][T27465]  hid_add_device+0x398/0x540
[ 1713.950218][T27465]  usbhid_probe+0xe13/0x12a0
[ 1713.954846][T27465]  usb_probe_interface+0x641/0xbc0
[ 1713.959970][T27465]  really_probe+0x26a/0x9a0
[ 1713.964485][T27465]  __driver_probe_device+0x18c/0x2f0
[ 1713.969780][T27465]  driver_probe_device+0x4f/0x430
[ 1713.974813][T27465]  __device_attach_driver+0x2ce/0x530
[ 1713.980197][T27465]  bus_for_each_drv+0x251/0x2e0
[ 1713.985075][T27465]  __device_attach+0x2b8/0x400
[ 1713.989859][T27465]  bus_probe_device+0x185/0x260
[ 1713.994737][T27465]  device_add+0x7b6/0xb50
[ 1713.999079][T27465]  usb_set_configuration+0x1a87/0x20e0
[ 1714.004650][T27465]  usb_generic_driver_probe+0x8d/0x150
[ 1714.010128][T27465]  usb_probe_device+0x1c4/0x390
[ 1714.014984][T27465]  really_probe+0x26a/0x9a0
[ 1714.019488][T27465]  __driver_probe_device+0x18c/0x2f0
[ 1714.024782][T27465]  driver_probe_device+0x4f/0x430
[ 1714.029814][T27465]  __device_attach_driver+0x2ce/0x530
[ 1714.035194][T27465]  bus_for_each_drv+0x251/0x2e0
[ 1714.040051][T27465]  __device_attach+0x2b8/0x400
[ 1714.044830][T27465]  bus_probe_device+0x185/0x260
[ 1714.049685][T27465]  device_add+0x7b6/0xb50
[ 1714.054025][T27465]  usb_new_device+0xa39/0x16c0
[ 1714.058793][T27465]  hub_event+0x2941/0x4a00
[ 1714.063241][T27465]  process_scheduled_works+0xade/0x17b0
[ 1714.068796][T27465]  worker_thread+0x8a0/0xda0
[ 1714.073401][T27465]  kthread+0x711/0x8a0
[ 1714.077479][T27465]  ret_from_fork+0x3fc/0x770
[ 1714.082074][T27465]  ret_from_fork_asm+0x1a/0x30
[ 1714.086842][T27465] 
[ 1714.089173][T27465] The buggy address belongs to the object at ffff888026e416c0
[ 1714.089173][T27465]  which belongs to the cache kmalloc-8 of size 8
[ 1714.102883][T27465] The buggy address is located 0 bytes inside of
[ 1714.102883][T27465]  freed 8-byte region [ffff888026e416c0, ffff888026e416c8)
[ 1714.116336][T27465] 
[ 1714.118663][T27465] The buggy address belongs to the physical page:
[ 1714.125071][T27465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26e41
[ 1714.133851][T27465] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1714.140962][T27465] page_type: f5(slab)
[ 1714.144961][T27465] raw: 00fff00000000000 ffff88801a441500 ffffea0001708440 dead000000000002
[ 1714.153563][T27465] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 1714.162170][T27465] page dumped because: kasan: bad access detected
[ 1714.168610][T27465] page_owner tracks the page as allocated
[ 1714.174339][T27465] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 13013, tgid 13013 (kworker/1:4), ts 789791775609, free_ts 789326491888
[ 1714.193713][T27465]  post_alloc_hook+0x240/0x2a0
[ 1714.198491][T27465]  get_page_from_freelist+0x21e0/0x22c0
[ 1714.204043][T27465]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1714.209862][T27465]  alloc_pages_mpol+0x232/0x4a0
[ 1714.214721][T27465]  allocate_slab+0x8a/0x3b0
[ 1714.219222][T27465]  ___slab_alloc+0xbfc/0x1480
[ 1714.223907][T27465]  __kmalloc_cache_noprof+0x296/0x3d0
[ 1714.229285][T27465]  usb_control_msg+0x73/0x3e0
[ 1714.233965][T27465]  usb_set_configuration+0x127a/0x20e0
[ 1714.239430][T27465]  usb_generic_driver_probe+0x8d/0x150
[ 1714.244903][T27465]  usb_probe_device+0x1c4/0x390
[ 1714.249762][T27465]  really_probe+0x26a/0x9a0
[ 1714.254266][T27465]  __driver_probe_device+0x18c/0x2f0
[ 1714.259551][T27465]  driver_probe_device+0x4f/0x430
[ 1714.264575][T27465]  __device_attach_driver+0x2ce/0x530
[ 1714.269948][T27465]  bus_for_each_drv+0x251/0x2e0
[ 1714.274840][T27465] page last free pid 23 tgid 23 stack trace:
[ 1714.280835][T27465]  __free_frozen_pages+0xc6e/0xe50
[ 1714.285975][T27465]  __tlb_remove_table+0x2d2/0x3b0
[ 1714.291032][T27465]  tlb_remove_table_rcu+0x85/0x100
[ 1714.296160][T27465]  rcu_core+0xca5/0x1710
[ 1714.300423][T27465]  handle_softirqs+0x283/0x870
[ 1714.305206][T27465]  run_ksoftirqd+0x9b/0x100
[ 1714.309719][T27465]  smpboot_thread_fn+0x542/0xa60
[ 1714.314665][T27465]  kthread+0x711/0x8a0
[ 1714.318743][T27465]  ret_from_fork+0x3fc/0x770
[ 1714.323333][T27465]  ret_from_fork_asm+0x1a/0x30
[ 1714.328104][T27465] 
[ 1714.330426][T27465] Memory state around the buggy address:
[ 1714.336083][T27465]  ffff888026e41580: 05 fc fc fc 00 fc fc fc 04 fc fc fc 06 fc fc fc
[ 1714.344174][T27465]  ffff888026e41600: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 1714.352266][T27465] >ffff888026e41680: 05 fc fc fc 06 fc fc fc fa fc fc fc fa fc fc fc
[ 1714.360359][T27465]                                            ^
[ 1714.366527][T27465]  ffff888026e41700: 03 fc fc fc 04 fc fc fc fa fc fc fc 04 fc fc fc
[ 1714.374596][T27465]  ffff888026e41780: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 1714.382670][T27465] ==================================================================
[ 1714.566201][T18846] usb 3-1: USB disconnect, device number 57
[ 1714.618575][T13026] usb 5-1: USB disconnect, device number 98
[ 1714.818896][T27465] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1714.826158][T27465] CPU: 0 UID: 0 PID: 27465 Comm: fido_id Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) 
[ 1714.837641][T27465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1714.847721][T27465] Call Trace:
[ 1714.851025][T27465]  <TASK>
[ 1714.853985][T27465]  dump_stack_lvl+0x99/0x250
[ 1714.858805][T27465]  ? __asan_memcpy+0x40/0x70
[ 1714.863418][T27465]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1714.868740][T27465]  ? __pfx__printk+0x10/0x10
[ 1714.873344][T27465]  panic+0x2db/0x790
[ 1714.877251][T27465]  ? __pfx_preempt_schedule+0x10/0x10
[ 1714.882637][T27465]  ? __pfx_panic+0x10/0x10
[ 1714.887073][T27465]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1714.892981][T27465]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1714.899332][T27465]  ? report_descriptor_read+0xb5/0x100
[ 1714.904807][T27465]  check_panic_on_warn+0x89/0xb0
[ 1714.909762][T27465]  ? report_descriptor_read+0xb5/0x100
[ 1714.915234][T27465]  end_report+0x78/0x160
[ 1714.919487][T27465]  kasan_report+0x129/0x150
[ 1714.924000][T27465]  ? report_descriptor_read+0xb5/0x100
[ 1714.929494][T27465]  kasan_check_range+0x2b0/0x2c0
[ 1714.934446][T27465]  ? report_descriptor_read+0xb5/0x100
[ 1714.940005][T27465]  __asan_memcpy+0x29/0x70
[ 1714.944429][T27465]  report_descriptor_read+0xb5/0x100
[ 1714.949730][T27465]  ? __pfx_sysfs_kf_bin_read+0x10/0x10
[ 1714.955201][T27465]  kernfs_fop_read_iter+0x3fe/0x640
[ 1714.960585][T27465]  vfs_read+0x4cd/0x980
[ 1714.964769][T27465]  ? __pfx_vfs_read+0x10/0x10
[ 1714.969461][T27465]  ? do_sys_openat2+0x154/0x1c0
[ 1714.974319][T27465]  ? kmem_cache_free+0x18f/0x400
[ 1714.979285][T27465]  ksys_read+0x145/0x250
[ 1714.983563][T27465]  ? __pfx_ksys_read+0x10/0x10
[ 1714.988340][T27465]  ? rcu_is_watching+0x15/0xb0
[ 1714.993119][T27465]  ? do_syscall_64+0xbe/0x3b0
[ 1714.997806][T27465]  do_syscall_64+0xfa/0x3b0
[ 1715.002321][T27465]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1715.007543][T27465]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1715.013631][T27465]  ? clear_bhb_loop+0x60/0xb0
[ 1715.018328][T27465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1715.024223][T27465] RIP: 0033:0x7f224e8a7407
[ 1715.028646][T27465] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1715.048268][T27465] RSP: 002b:00007ffc73a5c610 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[ 1715.056728][T27465] RAX: ffffffffffffffda RBX: 00007f224f08e880 RCX: 00007f224e8a7407
[ 1715.064707][T27465] RDX: 0000000000001000 RSI: 00007ffc73a5c660 RDI: 0000000000000004
[ 1715.072681][T27465] RBP: 000055657526e730 R08: 0000000000000000 R09: 0000000000000000
[ 1715.080660][T27465] R10: 0000000000000000 R11: 0000000000000202 R12: 000055657526d930
[ 1715.088638][T27465] R13: 00007ffc73a5c660 R14: 0000000000000004 R15: 00005565389794d8
[ 1715.096624][T27465]  </TASK>
[ 1715.099899][T27465] Kernel Offset: disabled
[ 1715.104231][T27465] Rebooting in 86400 seconds..